Play interactive tour

Edit tour

Analysis Report http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0

Overview

General Information

Sample URL:	http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0
Analysis ID:	348120
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Classification

Startup

System is w10x64

iexplore.exe (PID: 7008 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 7052 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7008 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49775 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 1141 WEB-MISC handler access 192.168.2.4:49755 -> 52.235.47.121:80

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Tue, 06 Aug 2019 19:41:54 GMTAccept-Ranges: bytesETag: "0adebff8e4cd51:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5ServerNo: 1Date: Wed, 03 Feb 2021 17:00:54 GMTContent-Length: 23052Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b b3 e3 b8 91 20 fa 7d 22 e6 3f 68 aa c3 d1 55 6e 49 ad b7 8e 8e a3 6b 67 ae 77 63 c7 11 eb f9 b2 fe b0 11 ed be 1b 14 49 1d d1 45 89 32 49 d5 a3 e7 7a 7f fb 05 40 e2 9d 99 00 25 9d ea f6 86 ab ec ae 73 88 cc 44 22 91 48 64 e2 91 f8 fe b7 ff f2 cf ff 34 fa ed e8 ff a9 aa b6 69 eb e4 32 fa b8 9c 2e a7 9b d1 db 63 db 5e 9e bf ff fe 25 6f f7 b2 6c 9a 56 a7 77 02 fc f7 d5 e5 4b 5d bc 1c db d1 62 36 9f 4f d8 7f d6 a3 3f 7d 2a da 36 af c7 a3 3f 9c d3 a9 80 fa 1f 45 9a 9f 9b 3c 1b 5d cf 59 5e 8f fe f8 87 3f 75 64 1b 4e b7 68 8f d7 3d a7 f8 7d fb 69 df 7c af 2a f9 7e 5f 56 fb ef 4f 49 c3 68 7d ff 3f fe f0 fb ff f6 1f ff f3 bf 89 4a bf ff e7 7f 62 dc 8e ce 55 7d 4a ca e2 e7 7c 9a 36 0d e7 76 36 5d 8e fe 3f 41 bc af 8f fd 66 50 3f e7 69 55 26 cd f7 36 1e a7 76 6c 4f e5 e8 3f 19 69 f6 e7 50 9d db c9 21 39 15 e5 97 e7 51 93 9c 9b 49 93 d7 c5 e1 77 5d e9 e4 53 be ff 50 b4 93 36 ff dc 4e 1a 46 63 92 64 7f b9 36 ed f3 68 3e 9b fd 46 02 9d 1a 1c e0 6f ff fc 4f ff fc 4f fb 2a fb 22 2b 3c 25 f5 4b 71 7e 1e cd 64 61 52 b7 45 5a e6 63 f6 53 53 64 fc df 2c 6f 93 a2 6c d8 4f 87 e2 25 4d 2e 6d 51 9d bb 5f ae 35 2f 3f 30 91 31 79 b3 86 e4 49 d6 fd f0 52 57 d7 0b fb e1 94 14 1c f4 94 9f af ec 9f 73 f2 91 fd b7 c9 d3 9e 42 73 3d b1 ea 15 2b 59 d1 5c ca 84 b5 9b 49 3e fd a0 f8 b9 66 45 c5 80 d3 e4 fc 31 e1 4c 5c ea ea a5 ce 1b fe e3 47 c6 60 e5 a1 17 e7 b2 38 e7 13 49 85 97 7d cc 79 ab 92 72 c2 24 ff c2 5a bb 4f 9a 9c 03 c9 4a 38 8c a8 e8 f9 5c b5 6f 7f 4c 59 2f d4 55 d9 fc f4 4e 12 b7 2a 38 57 02 53 7e 3f e6 5c 03 3b 11 f2 df 05 c5 1f 8f 45 96 e5 e7 9f 18 97 6d 7e 62 78 6d ee 31 da d3 e9 9a 29 4b f7 49 fa 81 8b ef 9c 4d 98 c2 54 f5 f3 88 69 e3 b9 b9 24 75 7e 6e 2d 7e 9f 13 26 c8 8f bc 07 ba 5f 8f 15 6b a6 c9 70 75 6d 79 23 1d ce 92 fd be fe b1 2d da 32 ff 49 d5 59 d5 ac e3 26 fb aa 6d ab 13 d3 95 cb e7 51 c6 7e ce 33 a5 31 bc b7 98 48 ce 2f 96 a2 7e ea 5b be af 4a 05 9a 1d ce 16 4c d3 7e 29 19 0b 45 cb 44 9f 4a a0 e3 dc d5 bf e9 66 9b 9f 14 a3 1d 26 d3 df e7 d1 22 3f 49 2c 06 fb 41 e2 f5 b2 f9 66 36 93 38 5a 70 ec f3 e1 a0 14 ba 61 c3 cd 1e 5f 1d e1 27 3d 20 9a ab 68 e0 f5 22 c1 2e 55 53 70 25 7d 1e d5 39 eb 3a 26 65 9f b1 ed 5a 8e 38 a1 6e ae 16 84 54 ce a8 ad ad 2e cf a3 c9 74 ad 5b ca 18 d2 7d d3 75 ca 64 ba 30 00 8a d3 8b dd 79 c6 08 6e 3e be 08 35 7e ae d9 c0 54 1a cc 95 e3 50 56 9f 9e 47 9d 66 4a e8 6e 18 bb dd 31 67 9d b1 9a 5d 3e ab 0e 53 8a e5 b6 53 da a4 7d f5 99 0b a6 38 bf 3c 8f f8 f8 61 da ca bf 29 a3 54 fd 1c 00 c1 4b 05 07 17 cd a4 6e 4a 72 6d 2b 09 90 56 c2 5a 7d d8 67 c2 48 f0 9f 9b e4 74 01 2d eb a9 3a 57 6c 48 a5 f9 58 ff e8 f7 f0 5c cb 7b 7f 65 bd c0 6d 56 71 be 5c 5b f6 6f 75 69 a5 91 63 fd ca 4c 9a 18 e8 9f 5b 36 4c 13 c8 b6 4a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Wed, 31 Jul 2019 13:26:12 GMTAccept-Ranges: bytesETag: "0f25c85a347d51:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5ServerNo: 1Date: Wed, 03 Feb 2021 17:00:54 GMTContent-Length: 2399Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cc 5a dd 6e e3 b8 15 be 0f 90 77 20 76 10 6c 32 b0 1c fd 58 8e ad a0 17 fb 73 d3 9b 5e 74 b6 40 7b 15 c8 36 13 0b 91 45 55 a6 c7 99 59 cc a3 f4 a6 e8 93 6c 5f ac fc 17 29 91 12 35 e3 2e 76 06 4e 62 e9 88 3c e7 e3 77 7e 78 a8 fb f7 d7 57 bf ec e1 01 82 bf e4 07 98 81 9f 3e 7c 00 3f 9e 36 9b 12 1e 41 5e ed c0 2f 08 95 b8 a8 8f 52 ea 6f 7f fd 73 06 f6 18 d7 d9 fd fd 0e 96 c5 b6 40 a7 23 a6 b7 e6 5b 74 20 97 0e 28 88 d2 fb a2 da c1 b7 f9 1e 1f ca eb ab 9f e1 71 db 14 35 2e 50 95 81 1f c0 06 e6 27 5c 3c 9f ca 81 b9 7e 38 e1 3d 6a 32 70 7a 6d 50 1d 1c f1 69 57 20 79 d5 50 e1 7c 3e cf fb 6a 5c 5f bd bf 07 00 5c 5f b5 3f ee df 83 3f 5d ec 1f 1d f3 03 fe 54 42 f2 c7 e5 46 05 ef ef 85 b2 d7 57 f3 a6 7e c2 79 f9 fa b4 61 f8 80 5f af af 0e 79 f3 52 54 59 14 d6 6f 8f d7 57 bb e2 58 97 f9 a7 0c 14 55 59 54 30 d8 94 68 fb 4a ae d7 e8 58 70 a4 1b 58 e6 b8 f8 08 c9 c5 73 b1 c3 fb 2c 8e f9 a3 7b 58 bc ec 71 06 c8 32 20 f2 75 93 6f 5f 5f 1a 74 aa 76 c1 16 95 04 f5 92 de fe 04 cb 12 9d c9 ed 2f ba 3a 18 be 61 aa 4b 9d ef 76 45 f5 92 45 f3 14 1e 88 10 bd 1e e4 e4 c1 2a db c2 0a c3 86 5c 63 6a 89 b9 a2 f9 8a c9 f5 07 ab e9 70 cf a8 c2 64 95 09 a0 59 41 ee 14 db 47 8a 42 70 86 9b d7 02 07 dc f0 60 03 9f 51 43 18 1a b2 91 3a 37 f3 67 32 a9 bc d7 ce d2 14 79 f5 52 c2 a7 86 6a 41 af 94 f0 19 3f 61 54 67 ec 01 32 f5 96 4c 4d 34 ce c0 f7 e0 7b 03 be 7c 73 44 e5 09 b7 f0 81 50 c3 8e fe 4d c7 ca 40 20 50 6d 0c 50 e9 14 80 df d8 20 8c d1 a1 85 1b 35 3b aa 6a 1c d7 6f 80 4c 51 ec d4 45 81 3f d0 16 00 e0 26 af 8e 75 de 10 1d 5d 7f fb 59 4c a8 f3 3b d8 fc 30 68 73 e4 67 b3 87 fd ba cd 8c bb 94 46 62 c4 26 df 15 a7 63 06 12 ae 8b 64 8a e3 ee 01 7d 76 dc 1a 00 75 83 0f 0c d8 cb 41 ea 24 91 82 90 23 2a a1 f7 a0 91 07 75 80 c3 d7 f9 40 bf b6 d3 2c e5 2c e0 a5 81 b0 1a 41 87 3d a4 e3 f4 44 d8 c7 fd 17 5c 02 ac a5 37 5a 8b 0e 5a a1 13 2d 66 97 13 27 1f ab 89 ad ec cb 85 8d 15 26 09 63 13 d3 c1 26 1b 38 68 e6 b0 81 ca b8 8b 91 de 34 4d 52 9b 2e e4 f2 12 71 64 22 e9 b5 7c 1b ff ae 09 b7 a3 90 b2 52 f9 dc bb 5d b8 7d de c5 8f 6d e2 05 51 2a 00 7a 0b 8e fb 7c 87 ce 2c 84 b0 0f 05 e7 5d 18 86 2d 36 22 b0 25 9d b0 a6 d9 cb d7 d4 e4 ab 73 4d fb 0a 36 2f 9b fc 36 8d 66 40 7e c2 79 b4 be 73 4e 66 f3 8e 09 b3 bd 4b 92 c4 8c 56 8c 25 ca 04 2f 46 b4 e8 08 8a 32 52 45 09 05 91 fd d2 bd 8c de 53 ac 5d a4 37 96 d9 5b 9b cc e9 df ad d7 eb e1 79 a3 81 79 13 f7 bc aa 8a f9 7a 93 f9 84 ad e5 32 8a 0e da 4b 25 be da 58 39 63 d4 9b 71 c0 52 1e 1f 1c b6 ba 1d bb 03 73 8b 30 10 e6 b1 99 13 36 97 0c 41 e2 4e 67 6a 97 b9 fa dc d4 f4 e1 49 23 e7 a4 1d c7 6c 2b 8b 6f 34 57 a3 b4 39 b3 28 e3 ba d6 b2 cb df 66 ac c6 66 fb 94 ee 20 74 ac 21 dc ee d9 f6 c2 16 53 cd 70 ac 47 58 a0 42 ac 91 27 54 3d 37
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Wed, 31 Jul 2019 13:26:12 GMTAccept-Ranges: bytesETag: "0f25c85a347d51:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5ServerNo: 1Date: Wed, 03 Feb 2021 17:00:54 GMTContent-Length: 7882Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ac 7d e9 72 eb 38 ce e8 ff a9 9a 77 f0 d7 5d a7 ab cf 24 4e 6c 79 4f ea dc 5b 71 12 2f d9 9c 38 89 b7 3f 53 b2 44 d9 8a b5 59 8b 97 a4 ce bb 5f 8a a4 24 52 a2 68 a7 bf eb 54 cf 48 24 00 02 20 00 82 9b ce f9 7f fe a7 f0 f1 12 00 77 5f 78 ef 17 8a 85 4d f9 ac 2c 9d 95 e0 93 54 2a d7 8b a5 46 b1 d4 fc f7 bf fe 53 58 fa be 73 71 7e fe b1 0e 41 03 fd 4c b1 cd b0 b8 6f 29 46 a0 02 ef a2 a0 d8 2e 38 53 3c ef b4 20 2b f0 59 d5 6d 8b bc 06 be 0d a1 1d 03 f8 04 c0 04 56 80 9f e6 81 ef 47 70 8a 6d f9 ae 6d 2c 5c 3b 70 48 c9 12 28 ab b9 bd 73 65 48 0d 17 a9 b2 0f 1c 5d 59 01 97 bc eb b2 61 2f c8 b3 2b 2f 16 f2 dc 20 ad b8 c0 d3 3f 93 57 c7 b5 17 b0 c8 9b cb 04 d5 03 06 50 fc 04 00 bf 27 bc 79 86 ae 46 cd 78 b6 4b 43 3a ba 65 45 55 b0 dc 23 4f b6 6d f8 3a e1 dd 5f 02 13 81 87 5a 7a b3 0b 1b 1d 6c 0b b2 a5 16 4c 5b d5 b5 3d ac d7 3d 0c 74 0a eb 3c dd e7 69 f8 1c 01 40 a5 18 c0 3d ff bf f3 c5 eb 52 56 ed ed e4 d9 f6 7e fd 35 5f 0c 36 c0 35 e4 7d f4 7a eb ba b6 1b bd f4 f4 c5 d2 80 ff f9 51 c1 35 d4 2e b0 e2 d7 1e 90 a1 70 d1 db 95 e2 eb 1b 10 d7 d9 9b a4 ea 06 68 72 60 c4 78 98 83 29 cb c1 94 e6 60 9a e6 60 ca 72 30 65 38 98 32 1c 4c 69 0e a6 2c 07 53 86 83 21 70 80 ec 53 3c 24 05 88 8b e4 35 e6 23 29 22 9c 50 30 88 97 e4 1d 73 43 d5 87 fc 24 af 84 a3 a8 40 87 96 eb 21 90 5f 81 6b fc fd 43 92 74 53 5e 00 ef 87 d4 09 f4 22 aa fd 6f 0d fd fe 2b d5 ea 3b a9 5a 3a 73 ac 05 04 fb 49 50 23 0e f3 d1 1b 8d 46 5d 2a e5 a0 23 e6 f3 71 ab e8 c7 c7 45 ba ca 47 55 94 12 fc f1 51 89 12 84 3c c3 1f 1f 99 f4 c0 3f 63 1a f7 4e 3e ae 86 7e 19 dc f9 a2 6f 2e de 5d 03 1b d0 af f8 9d 18 50 52 80 bb 32 79 8d bb 27 29 c2 2a 8f df b1 1a e3 d7 48 35 71 41 24 6e 5c 40 44 f8 cb 76 64 45 f7 f7 1d dd f0 81 4b 18 bb 32 9c a5 fc f7 00 d7 fc a8 dc 54 4a 3f 59 b8 88 61 01 20 26 f5 0c 5c e5 57 a5 14 15 12 bc a8 34 54 d6 b5 6d d8 2e 96 f7 87 54 c1 46 4a 55 c4 92 c3 4a 6c 82 54 25 d6 01 ac c1 7d 95 d4 60 6d c0 0a 6c 3e 49 45 a4 17 4c 0d fe 92 aa 48 43 1c 72 44 57 b0 06 77 2c 56 e2 80 16 f4 57 89 29 8c 14 c4 96 62 b6 5a 35 a6 30 11 b1 c6 56 44 0c 35 52 f0 58 ea 54 29 61 b1 9e 82 45 7a 4d 81 46 3a 40 c5 6f 60 e7 07 2e 20 42 68 86 ec 27 85 91 10 6c 29 16 82 2d 4b 64 60 cb 23 11 52 d0 58 02 b6 90 08 90 82 44 fc b3 65 11 fb a8 14 0e f3 70 18 1c c2 d1 39 f0 7e 55 9c dd 5f da 36 aa b7 6c d7 94 8d bf 34 2d 2a b8 72 e1 48 fd 43 ba ee 01 63 03 7c 5d 91 e1 b3 27 5b 5e d1 03 ae ae fd a5 c5 f1 a4 0c 4c 86 30 51 4e 13 92 87 63 a6 b2 b2 e0 18 4e ca 6a b0 cc d6 34 0f f8 0f 40 f3 23 53 88 0b df 6c 87 2e 63 0c e6 ac 82 c6 01 68 5e a4 00 9a 57 1d fd 52 de 42 41 46 25 10 54 46 bf bf 34 25 b6 f5 9a 56 81 7f 7f cd 61 e6 03 5c d6 0d b4 b2 dc 6c b5 22 2a 49 b1 aa 6a 2a 94 5c e1 b9 19 45 87 a9 56 65 b5 56
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Wed, 31 Jul 2019 13:26:12 GMTAccept-Ranges: bytesETag: "0f25c85a347d51:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5ServerNo: 1Date: Wed, 03 Feb 2021 17:00:54 GMTContent-Length: 2328Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ac 5a 4b 6f e3 ba 15 de 0f 30 ff 41 bd d9 cc 0c a2 44 7e c7 0e ba b8 28 50 f4 02 2d 8a 02 ed fa 82 a6 28 8b 63 5a d4 25 a9 3c 26 98 ff 5e 52 92 6d 91 3a 3c 4a d0 da 1b 5b fa be 43 9e c7 47 1e 3d ee bf fd 29 f9 fe af 86 a9 d7 e4 3f bf 25 69 f2 34 bb 9b cd ef 32 fb 6b 9e cd d6 69 b6 49 b3 87 cf 9f be 25 a5 31 f5 ee fe fe fb 1f 0e da f0 3b 2a 4f ee f0 5f 64 fd aa f8 a1 34 67 23 7f 95 4d 95 13 c3 65 95 90 2a 4f a4 29 99 4a a8 ac 8c e2 fb c6 48 a5 1f 93 bf 73 ca 2a cd f2 e4 1f bf fd 3b f9 76 ff f9 d3 e7 4f 77 0d 4f 9f 79 7e 60 e6 ad b0 d8 b4 20 27 2e 5e 77 bf 2a 4e c4 ed df 98 78 62 86 53 72 ab 49 a5 53 cd 14 2f 1e 5b 98 e6 3f d8 6e c6 4e 3f af fc 24 34 05 61 78 55 37 e6 76 70 40 33 c1 a8 77 c4 b0 17 43 14 23 c3 63 d6 01 23 ab ff 75 86 d7 5f a9 8b 0b ab cc db 5e aa 9c a9 dd ac 7e 49 b4 14 3c 4f 6e e8 ca 7d 7f be 0b 9b e7 f9 e3 9e d0 e3 41 b9 d8 ef 6e 8a a2 78 a4 52 48 b5 bb 59 2c 16 80 8d 84 bc c1 e7 4b 46 ac ed 77 0c c1 b6 ee 3b 18 a5 f3 f6 99 b9 52 d8 ed a5 c8 c7 66 c7 a3 6a 43 0c 4b 73 56 90 46 0c 83 7f 99 27 0a ea ad c2 98 2e 55 b7 a5 39 89 e4 fa 7f 80 e5 9a ec 05 cb 77 a5 7c 62 ea 1d 38 42 0d 7f 62 d1 4c f9 09 58 bb af 17 92 4a aa 13 11 e7 80 2d 57 ee 3b 8e 41 d2 95 5b 70 6c 27 78 75 04 4f 3c 71 cd 0d cb 6f c9 c0 e5 0e ee 1d e8 61 83 63 d7 9f 6f de 94 1e 5d d9 db 01 a8 54 ad 86 ed bc 2b 36 98 67 17 2d 34 53 23 c8 28 4f 57 44 f7 bf 90 b4 d1 b8 d1 11 64 64 f4 8a e8 fc da 5d 47 e9 0f b4 08 28 81 94 fa b5 9d bb 2f 92 bd f9 de 7d c3 a8 78 b9 eb 8f ec 42 57 cf c7 83 8c 9e 0f 9f f3 19 b8 e5 99 ee 8f ec c0 28 8e 4d 9f 0f 03 a5 d2 9b 20 a3 18 79 7e c6 4b c2 9a 6c 88 48 cf 71 7d 49 75 49 72 f9 bc cb 92 2c 59 d8 f8 ba 18 ab c3 fe cb 76 79 3b 5b 3d dc ce 67 cb af 83 a0 75 82 c2 d3 3e c6 8c f2 de 43 86 4e 0c 58 b1 23 21 bf 0b 05 50 1c 59 b6 60 76 39 1d d6 47 96 6d dc 0a 1b af 0f 7b b6 f5 93 5b 87 d2 2b f3 36 1c 34 01 40 e7 29 8c 07 4e 03 eb 9e 25 32 36 3e aa 84 cb f1 be 14 de ae 06 27 65 6f bd 14 ce d3 09 e9 43 b0 b1 fc cf 28 68 9f 21 f9 6a c5 c2 dd 8c 6c b3 73 6c 37 9b cd 7a 9e 0d a6 46 4b 46 8f ec 12 b7 f7 d8 82 1c 4b 86 1b 3d e6 9a 0f 8c 3b 77 dd ed 46 53 66 4a c9 89 45 74 04 19 0d d4 22 00 af 8b 19 79 d8 6e 7d af f3 bc c8 2f 2d c1 aa 58 d8 6f 38 9d 29 ff 01 10 3c a5 ab df f0 40 a9 2b b5 77 8c 35 c2 c1 c3 b5 30 60 c4 5a 71 a9 b8 79 75 3f 4e 44 bd c6 46 c4 70 83 11 43 d8 1b d8 ee 5c 50 da 2a c9 76 c1 ef 18 16 44 42 03 5f 80 6f b2 26 d4 1e d9 dd 6d 1e 0b 2e 8c 4d ff af a2 2e c9 97 7f 76 c7 ff bc c9 be 02 8b d3 b0 d9 e8 7b 9a 89 8e 0b 40 8d 5b ae 1e 74 9d d4 62 05 cf 6a b1 fa 3a 5c cc 6c 14 0f 2c 5c 66 ce d6 2e 0b e3 5b cc d4 65 7d 7d b3 33 33 e5 6e b6 ae 5f 1e cb ce 5f f7 fb 72 3e e6 63 cb 1d cd a7 51 e2 cb 2f ed 4f 7d df 83 f4 ef cb f6 f3 fb
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Wed, 31 Jul 2019 13:26:12 GMTAccept-Ranges: bytesETag: "0f25c85a347d51:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5ServerNo: 1Date: Wed, 03 Feb 2021 17:00:54 GMTContent-Length: 4962Data Raw: 1f 8b 08 00 00 00 00 00 04 00 a4 3b d9 92 e2 b8 b2 ef 27 62 fe 81 33 37 26 62 66 68 aa c0 60 b6 8a b9 11 40 b1 17 50 40 81 81 37 61 cb d8 20 ef 36 6b f4 bf 5f c9 fb 06 45 cf 9d 89 ee b6 65 29 95 ca 5d 99 c9 eb df ff cd ec a7 16 d4 2f 99 45 3f 93 cb 1c 0b 2f 05 ea 25 8f 9f a8 7c a1 9c cb 57 72 f9 ea 6f ff f9 3b 23 98 a6 5a 7f 7d dd 6b 64 aa 25 be b0 8a 44 86 5b 8a 7a d1 c5 9d 60 7a 40 3a 8a 25 73 c0 14 15 39 03 64 2e a3 98 02 d4 33 ac 22 9b ba b8 b5 4c 45 37 de 32 1f 22 0b 65 03 72 99 51 ff 2b f3 f7 eb 6f ff f9 ed 3f 2f 96 98 13 20 52 a1 9e 13 44 8e 83 f2 8d 13 0d 15 81 4b 5d 56 64 f8 33 f1 39 07 58 16 1a 86 b8 45 f0 b6 55 74 0e ea f5 fc 1b 8b 44 b5 ae 43 d6 fc 33 9f b1 ff ff eb 4d 80 04 b7 7a 41 3d bf 49 40 df 89 72 3d 47 9e 95 23 d4 79 a4 9c ea 0e b4 37 15 70 9c 28 ef 30 0c 55 31 44 82 7c 1d 6c 0d 05 59 26 7c 3b 89 9c 29 10 08 61 2c 74 68 40 f3 e6 82 cc 87 d6 fb c8 28 96 89 44 19 e2 27 f2 4f ce 43 e4 a5 f8 66 c2 b3 99 e3 20 ab e8 36 99 ec 13 be f1 98 42 39 43 bc c2 7a 21 9f ff 03 af 31 f0 ab 79 41 30 41 00 16 41 a0 f3 e2 b9 be 85 bc a2 c3 1f 69 9f 00 6f 42 fd 46 a8 0e 65 b3 fe fb ef 6f 1e 35 4d 80 29 e6 22 99 63 15 84 80 6a c0 ba f7 f0 f3 01 2c f2 5a df 62 76 86 27 5d f1 84 9b 4b 20 82 b6 77 4a f2 6c 2a 2a 39 3c e4 cd 54 b2 2a 2a 60 45 f3 82 bf f1 22 c2 3b d4 1b 48 15 c0 9f 13 67 f8 9f fc 5f f6 3e bc 8e cf 70 bb e6 44 99 83 67 02 d7 1e 35 4c 60 c2 1c 3e 13 39 0d 77 63 2d dd 50 f4 3a 07 79 60 21 f3 bf a2 a4 2a ba 09 64 13 ef 2a 62 0a e8 39 78 c4 64 30 02 4a 8a 98 32 be 80 89 b2 cd a0 2d 52 d8 c3 1b 96 0b 53 64 01 ca 01 24 ee e4 ba 84 c5 03 d3 cb e1 73 8e 9c 28 f7 42 d1 50 0a ce a3 43 84 b9 78 84 0e 57 09 9a 98 e0 b9 1a f9 2f 45 ce b6 80 3d ec 74 a2 21 58 82 54 08 4c 8c 93 fb 64 23 86 49 b9 83 a6 8d 9f 83 d0 cd a6 1f 8d c9 e9 e2 60 bf e7 aa 18 b6 87 bf 3d 2f bc 9a 6c 8a 3f dc 7c 1c 31 93 20 17 e5 47 3a cf 6c 28 58 b3 b0 78 10 fd 8d bc 61 96 03 2c 34 b7 c8 b6 6f 2e e9 5d 42 a7 90 c5 55 11 4a 3d 3b 2a e9 ab ca 0b 26 63 26 f4 57 05 53 35 aa 04 0f b1 71 65 fb e6 81 2b 60 18 d4 0b 85 81 b8 c2 ed 1c d7 67 00 c0 b6 c7 01 88 1f b0 ed 52 11 34 e1 2d 29 96 11 2a 45 05 cb 5e 2e 41 d9 ba c5 b4 33 a4 fe be 45 88 92 c9 37 06 3e 8c 8c 0f 2c 81 43 72 4e 4e 34 a1 14 58 9b 18 d1 03 6c 72 a2 04 76 b0 6e e9 e8 cf df b1 0d 06 75 fb fd 75 27 f2 58 f2 0c 58 2e fd 98 e5 51 77 f2 8e 84 c6 b4 d1 6c f4 1b ce 7f 9f af af af 97 1e dd 6c b4 ed d7 0f 67 b4 d9 b0 df fb cd 59 a3 51 f9 fd af 3b 58 e5 4e 3a 50 b1 29 b8 25 59 ef 51 a5 88 79 4f d8 43 fe 7d 29 41 29 05 12 27 1e 45 22 5c ee 11 69 22 2d 9e 60 e6 43 62 11 35 a6 9e b5 cd f9 26 da 91 b1 e8 06 8e b1 e0 15 d6 32 7e a4 7c 00 2c 41 f6 16 f2 0e 3f 83 03 62 29 33 92 27 8b 4d b8 47 10 e7 f8 8e c6 52 f1 63 db 26 e8 9e f8 61 33 6b 2a 92 27 87 b6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Tue, 06 Aug 2019 19:41:54 GMTAccept-Ranges: bytesETag: "0adebff8e4cd51:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.5ServerNo: 1Date: Wed, 03 Feb 2021 17:00:54 GMTContent-Length: 2514Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 5a dd 6f dc b8 11 7f 37 e0 ff 81 b8 c2 80 9d 5a b2 b4 df ab e0 1e d2 bb 97 7b 68 0b 34 29 70 87 43 11 70 25 ee 2e 1b ad 28 48 da 38 4e 91 ff bd a4 48 49 1c 7e 68 77 9b 35 70 40 7d 97 c4 20 47 c3 19 ce 6f 3e 38 e4 d3 9b db 9b 0f 7b 72 20 e8 6f f8 40 12 f4 d3 fb f7 e8 2f c7 cd 26 27 35 c2 45 86 3e 30 96 37 b4 ac 3b aa 7f fe e3 97 04 ed 9b a6 4c 9e 9e 32 92 d3 94 b2 63 dd 88 a9 30 65 07 3e 74 60 41 3c 7f a2 45 46 be 84 fb e6 90 df de fc 4c ea b4 a2 65 43 59 91 a0 77 68 43 f0 b1 a1 db 63 3e b2 d6 bb 63 b3 67 55 82 8e 9f 2a 56 06 75 73 cc 28 eb 46 81 08 cf cf cf a1 2d c6 ed cd 9b a7 db 9b db 9b a7 37 e8 c7 ab fd dc de 20 f4 be 79 c9 09 ff e5 7a 5c 91 94 34 ac ca 8f 29 2b 1a 4c 0b 52 7d 6c 58 89 fe 23 d6 43 e8 80 ab 1d 2d 02 3e 92 a0 65 54 7e 79 0b 86 37 ac 69 d8 21 41 73 39 f3 4d b0 12 d3 36 bb 12 d5 25 2e 3a ae e2 67 cb e7 83 9a 7e e5 46 9f cc 7a c6 e2 a7 21 5f 9a a0 a9 70 51 6f 59 c5 b9 1f cb 92 54 29 ae 89 46 93 b2 5c 18 68 93 e3 f4 93 36 5c e2 2c a3 c5 2e a8 e8 6e df 24 28 9e f7 8c bf 75 6a 16 1c 67 5c 24 69 ea 4e 20 f5 9d fc 02 c5 83 a2 1b ce 7f 57 b1 63 91 25 28 17 4c 5f 48 9e b3 67 35 eb 90 42 ee 4c 82 22 c4 61 c6 d4 60 ab 11 e6 df f3 89 94 14 0d a9 ba dd 82 3b 25 f7 f3 9a 7b af 38 fe 71 b6 7f 10 2d 27 db e6 9a aa b6 fc be 47 d1 82 15 27 74 74 68 d1 aa 7a 4d 35 24 c3 d7 d5 e3 62 5b e1 82 1e 70 43 b2 6b 2a da f3 fc e3 80 53 84 05 4b d7 f4 58 d5 82 df 81 7d ee 56 29 59 4d 65 3e a9 48 8e 1b da 4e 00 35 01 a7 24 d9 10 2e 2e 79 f4 ce e3 2d 8f 09 fa 0e 0c 2b e0 4d cd f2 63 a3 2b 28 90 2e 76 f7 4e 1b 63 25 4e 69 f3 c2 03 8f 36 f8 35 68 13 61 82 82 38 8a 74 65 dd 62 ec b9 86 d5 49 61 b7 2c 3d d6 27 a9 14 af 56 b1 53 ac 2c ed 7b 65 62 97 32 83 2e 2d 22 06 30 d4 29 ce c9 7d fc 20 c7 b8 61 c8 6f f7 d1 c3 69 bd 95 2e ba 04 1b 56 65 a4 e2 a9 9f 27 5c ce 98 e5 34 7b 6b cd 3e d3 ac d9 73 79 c8 01 85 cb 39 ff 3b 92 ff da 94 0a 92 7f 8a a2 48 0a 57 e2 8a e7 01 df ef 80 81 f4 25 ae b4 6e 6e e5 69 12 09 41 08 17 15 3e c6 b9 24 e8 87 1f c6 36 2a 5c 80 9d 0a d6 d1 dd 83 49 df 81 30 cf 51 b8 98 d7 dc 19 36 34 0d 36 e4 2b 25 d5 7d b8 9a 3f a2 20 0a e3 d5 23 9a c6 8f 28 0e 27 8b 87 c7 ce 7a f2 83 70 5e bf 0a f0 74 63 0d 92 06 bc 18 c3 1c 37 e1 e4 8c 55 6d dc e9 d9 5e d8 ca 36 64 85 33 ca 85 e0 0b 98 76 56 66 5a 01 33 75 76 df 6e b7 da 68 87 1b c8 a2 af 41 e6 20 e2 41 4b 2f dd 86 c6 4d 53 dd 67 b8 c1 01 af 6a 1e 46 8d 3e 07 46 9f 5f 6e f3 19 b7 79 6b f2 b0 b7 f9 79 fb fd 5d 21 c1 b6 71 04 96 fc 5d 6a 2f eb ba 7f 71 f6 a1 fa bd 2f f1 5c 31 db 11 df 7b 05 20 47 08 4e 63 0e a8 a4 46 0d 34 77 a3 97 45 fa cf b4 a6 1b 9a b7 b1 70 4f b3 8c 14 da 64 70 a8 83 2d cd 39 3f ee e9 65 c5 76 34 4b 7e fe f5 97 03 de 91 0f 9d d9 c3 bf d2 b4 62 35 db 36 e1 bb bc dc e3

Source: global traffic	HTTP traffic detected: GET /l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /common/bootstrap/css/bootstrap.css HTTP/1.1Accept: text/css, /Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /common/jqueryui/jquery-ui.min.css HTTP/1.1Accept: text/css, /Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /common/jqueryui/jquery-ui.theme.min.css HTTP/1.1Accept: text/css, /Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /common/jqueryui/jquery-ui.structure.min.css HTTP/1.1Accept: text/css, /Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /common/css/rp_bubbles.css HTTP/1.1Accept: text/css, /Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /common/css/rp_tooltips.css HTTP/1.1Accept: text/css, /Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /common/js/jquery-3.4.1.min.js?tn=2111313818 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /common/bootstrap/js/bootstrap.min.js?tn=2111313818 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /common/jqueryui/jquery-ui.min.js?tn=2111313818 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /Media/tgmedia_81B98B7BC7F64F6D9E29F9AAD2018618/TN_PHI_L30F_EN_Shareddocumentinthecloud_v1b1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /Media/public/button.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /Media/public/Learning_Page_icon_Beware_blue.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /Media/public/TN_Learning_Activity_Page_BG.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /Media/public/Learning_Page_icon_links_blue.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /Media/public/Learning_Page_icon_attachment_blue.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cloud-drive.servicesConnection: Keep-AliveCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Source: global traffic	HTTP traffic detected: GET /blank.html HTTP/1.1Accept: /X-Requested-With: XMLHttpRequestReferer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cloud-drive.servicesConnection: Keep-AliveCache-Control: no-cacheCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=Jo8lOp0VNtvah0Xq94RJGGwwW6G_4mvm4l-OjsI3G0YZVNc9mcNvFa12GgVnysbC_4sU1QqYTdgYbQ_5FbnG2GJruMKYlvAkWvgmkZVofRc1&CurrentCampaignRecipientEventLogID=_eJ6mojxYhVKIabT5y7RDfG1wuhIPNSFQcchqpm086_J2uspzdFcY0kxxVml1LIUpZbprydZscZdl4GfA3SXXQ2&TotalLearningTime=tGYquRaXMtkh773jJ_APJSZ62tclpPoUX2s9DYttGteHOB8XSRY-Q0NMeIqr2tjvS6-FgD6O2QRijxfS8rDcdA2
Source: global traffic	HTTP traffic detected: GET /blank.html HTTP/1.1Accept: /X-Requested-With: XMLHttpRequestReferer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cloud-drive.servicesConnection: Keep-AliveCache-Control: no-cacheCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=lurAIRPGygeAHDb6YSPJTO_Lmj7rceAuhmJ3gBmlZuhsKllVyHNxd3gxfQiymBgK0Wbfg4KPjXjLMoACQa0IlGq7MGwskpEePnWMTJnSO-o1&CurrentCampaignRecipientEventLogID=xaxFdhXHpblRxxuwx9Q6kZbrQO2A2s6jJSaChp3Tkv73OIQKl3pQm_YHX4qSEXlsIcS1eD1iHTxJiC6XzEJR0g2&TotalLearningTime=z6KjafVUzsAQiYxXLzVta58TrhTBz48zCnb6ZYAJ7cSlgu4Uvgr-s9ORAFfMiLeoJDHSFbK_nBBDfmfJJvK7DA2

Source: unknown

DNS traffic detected: queries for: cloud-drive.services

Source: unknown

HTTP traffic detected: POST /Handler/CountLearningTime.ashx?time=1612371656841&f=-1&s=0&crc=5c23f8900acd4e33a8e21c381949e1f0 HTTP/1.1Accept: */*X-Requested-With: XMLHttpRequestReferer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cloud-drive.servicesContent-Length: 0Connection: Keep-AliveCache-Control: no-cacheCookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5ServerNo: 1Date: Wed, 03 Feb 2021 17:00:56 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 4

Source: ~DF950719B2CF711C8C.TMP.1.dr	String found in binary or memory: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0
Source: ~DF950719B2CF711C8C.TMP.1.dr	String found in binary or memory: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0(YOU
Source: {5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Root
Source: ~DF950719B2CF711C8C.TMP.1.dr	String found in binary or memory: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0WdtRWdtR
Source: {5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: http://cloud-drivvasite.com/portal/Service/Course/Index/66091c381949e1f0Root
Source: rp_tooltips[1].css.2.dr	String found in binary or memory: http://delicioustheme.com/demo-15/index.html
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: bootstrap[1].css.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: jquery-ui.min[1].js.2.dr	String found in binary or memory: http://jqueryui.com
Source: jquery-ui.min[1].css.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgConten
Source: rp_tooltips[1].css.2.dr	String found in binary or memory: http://www.delicioustheme.com
Source: insights[1].js.2.dr	String found in binary or memory: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap[1].css.2.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: bootstrap[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: {5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://secure.terrano
Source: index[1].htm.2.dr	String found in binary or memory: https://secure.terranovasite.com/portal/CourseURL/1F6A85D78E03464593FDCA98D929B742/6609
Source: ~DF950719B2CF711C8C.TMP.1.dr	String found in binary or memory: https://secure.terranovasite.com/portal/Service/Course/Index/6609
Source: ~DF950719B2CF711C8C.TMP.1.dr	String found in binary or memory: https://secure.terranovasite.com/portal/Service/Course/Index/66091c381949e1f0
Source: ~DF950719B2CF711C8C.TMP.1.dr	String found in binary or memory: https://secure.terranovasite.com/portal/Service/Course/Index/66091c381949e1f0User
Source: ~DF950719B2CF711C8C.TMP.1.dr	String found in binary or memory: https://secure.terranovasite.com/portal/Service/Course/Index/66094Phishing
Source: imagestore.dat.2.dr	String found in binary or memory: https://secure.terranovasite.com/portal/favicon.ico~
Source: {5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://secure.terranovices/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.4:49775 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@3/43@4/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5F2E4143-6641-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4AE67E7C46965483.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7008 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7008 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol5	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol6	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer4	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
sni1gl.wpc.gammacdn.net	0%	Virustotal	Browse
secure.terranovasite.com	0%	Virustotal	Browse
cloud-drive.services	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://cloud-drive.services/common/css/rp_tooltips.css	0%	Avira URL Cloud	safe
http://cloud-drive.services/Handler/CountLearningTime.ashx?time=1612371677779&f=-1&s=18&crc=5c23f8900acd4e33a8e21c381949e1f0	0%	Avira URL Cloud	safe
http://cloud-drive.services/common/bootstrap/css/bootstrap.css	0%	Avira URL Cloud	safe
http://cloud-drive.services/common/bootstrap/js/bootstrap.min.js?tn=2111313818	0%	Avira URL Cloud	safe
http://cloud-drivvasite.com/portal/Service/Course/Index/66091c381949e1f0Root	0%	Avira URL Cloud	safe
http://cloud-drive.services/Handler/CountLearningTime.ashx?time=1612371656841&f=-1&s=0&crc=5c23f8900acd4e33a8e21c381949e1f0	0%	Avira URL Cloud	safe
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	0%	Avira URL Cloud	safe
http://cloud-drive.services/Media/public/TN_Learning_Activity_Page_BG.jpg	0%	Avira URL Cloud	safe
http://cloud-drive.services/Media/tgmedia_81B98B7BC7F64F6D9E29F9AAD2018618/TN_PHI_L30F_EN_Shareddocumentinthecloud_v1b1.png	0%	Avira URL Cloud	safe
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Root	0%	Avira URL Cloud	safe
https://secure.terranovasite.com/portal/favicon.ico~	0%	Avira URL Cloud	safe
http://delicioustheme.com/demo-15/index.html	0%	Avira URL Cloud	safe
https://secure.terranovasite.com/portal/CourseURL/1F6A85D78E03464593FDCA98D929B742/6609	0%	Avira URL Cloud	safe
http://cloud-drive.services/Media/public/Learning_Page_icon_links_blue.png	0%	Avira URL Cloud	safe
http://cloud-drive.services/Media/public/Learning_Page_icon_attachment_blue.png	0%	Avira URL Cloud	safe
https://secure.terrano	0%	Avira URL Cloud	safe
http://cloud-drive.services/common/jqueryui/jquery-ui.min.css	0%	Avira URL Cloud	safe
https://secure.terranovices/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0	0%	Avira URL Cloud	safe
http://www.delicioustheme.com	0%	Avira URL Cloud	safe
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0(YOU	0%	Avira URL Cloud	safe
http://cloud-drive.services/common/jqueryui/jquery-ui.theme.min.css	0%	Avira URL Cloud	safe
http://cloud-drive.services/common/css/rp_bubbles.css	0%	Avira URL Cloud	safe
http://cloud-drive.services/blank.html	0%	Avira URL Cloud	safe
http://cloud-drive.services/common/jqueryui/jquery-ui.min.js?tn=2111313818	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
https://secure.terranovasite.com/portal/Service/Course/Index/66091c381949e1f0User	0%	Avira URL Cloud	safe
http://cloud-drive.services/common/js/jquery-3.4.1.min.js?tn=2111313818	0%	Avira URL Cloud	safe
http://cloud-drive.services/Media/public/Learning_Page_icon_Beware_blue.png	0%	Avira URL Cloud	safe
https://secure.terranovasite.com/portal/Service/Course/Index/66094Phishing	0%	Avira URL Cloud	safe
http://cloud-drive.services/common/jqueryui/jquery-ui.structure.min.css	0%	Avira URL Cloud	safe
http://cloud-drive.services/Media/public/button.png	0%	Avira URL Cloud	safe
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0WdtRWdtR	0%	Avira URL Cloud	safe
http://cloud-drive.services/favicon.ico	0%	Avira URL Cloud	safe
https://secure.terranovasite.com/portal/Service/Course/Index/66091c381949e1f0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
sni1gl.wpc.gammacdn.net	152.199.21.175	true	false	0%, Virustotal, Browse	unknown
secure.terranovasite.com	40.86.224.87	true	false	0%, Virustotal, Browse	unknown
cloud-drive.services	52.235.47.121	true	true	0%, Virustotal, Browse	unknown
dc.services.visualstudio.com	unknown	unknown	false		high
favicon.ico	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://cloud-drive.services/common/css/rp_tooltips.css	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/Handler/CountLearningTime.ashx?time=1612371677779&f=-1&s=18&crc=5c23f8900acd4e33a8e21c381949e1f0	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/common/bootstrap/css/bootstrap.css	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/common/bootstrap/js/bootstrap.min.js?tn=2111313818	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0	true		unknown
http://cloud-drive.services/Handler/CountLearningTime.ashx?time=1612371656841&f=-1&s=0&crc=5c23f8900acd4e33a8e21c381949e1f0	true	Avira URL Cloud: safe	unknown
https://secure.terranovasite.com/portal/Service/Course/Index/6609	true		unknown
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0	true		unknown
http://cloud-drive.services/Media/public/TN_Learning_Activity_Page_BG.jpg	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/Media/tgmedia_81B98B7BC7F64F6D9E29F9AAD2018618/TN_PHI_L30F_EN_Shareddocumentinthecloud_v1b1.png	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/Media/public/Learning_Page_icon_links_blue.png	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/Media/public/Learning_Page_icon_attachment_blue.png	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/common/jqueryui/jquery-ui.min.css	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/common/jqueryui/jquery-ui.theme.min.css	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/common/css/rp_bubbles.css	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/blank.html	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/common/jqueryui/jquery-ui.min.js?tn=2111313818	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/common/js/jquery-3.4.1.min.js?tn=2111313818	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/Media/public/Learning_Page_icon_Beware_blue.png	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/common/jqueryui/jquery-ui.structure.min.css	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/Media/public/button.png	true	Avira URL Cloud: safe	unknown
http://cloud-drive.services/favicon.ico	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	fontawesome-webfont[1].eot.2.dr	false		high
http://cloud-drivvasite.com/portal/Service/Course/Index/66091c381949e1f0Root	{5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	fontawesome-webfont[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0Root	{5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://jqueryui.com	jquery-ui.min[1].js.2.dr	false		high
https://secure.terranovasite.com/portal/favicon.ico~	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	bootstrap.min[1].js.2.dr	false		high
http://delicioustheme.com/demo-15/index.html	rp_tooltips[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://secure.terranovasite.com/portal/CourseURL/1F6A85D78E03464593FDCA98D929B742/6609	index[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://secure.terrano	{5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://fontawesome.io/license/	fontawesome-webfont[1].eot.2.dr	false		high
https://secure.terranovasite.com/portal/Service/Course/Index/6609	~DF950719B2CF711C8C.TMP.1.dr	false		unknown
https://secure.terranovices/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0	{5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://www.delicioustheme.com	rp_tooltips[1].css.2.dr	false	Avira URL Cloud: safe	unknown
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0(YOU	~DF950719B2CF711C8C.TMP.1.dr	false	Avira URL Cloud: safe	unknown
http://getbootstrap.com)	bootstrap[1].css.2.dr	false	Avira URL Cloud: safe	low
https://secure.terranovasite.com/portal/Service/Course/Index/66091c381949e1f0User	~DF950719B2CF711C8C.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap[1].css.2.dr	false		high
https://secure.terranovasite.com/portal/Service/Course/Index/66094Phishing	~DF950719B2CF711C8C.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	bootstrap[1].css.2.dr	false		high
http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0WdtRWdtR	~DF950719B2CF711C8C.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://secure.terranovasite.com/portal/Service/Course/Index/66091c381949e1f0	~DF950719B2CF711C8C.TMP.1.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
152.199.21.175	unknown	United States	15133	EDGECASTUS	false
52.235.47.121	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
40.86.224.87	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	348120
Start date:	03.02.2021
Start time:	17:59:56
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 50s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@3/43@4/3
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://secure.terranovasite.com/portal/CourseURL/1F6A85D78E03464593FDCA98D929B742/6609
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe HTTP Packets have been reduced TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.43.193.48, 40.88.32.150, 88.221.62.148, 13.64.90.137, 168.61.161.212, 51.104.139.180, 51.107.59.180, 152.199.19.161 Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, swn-breeziest-in.cloudapp.net, arc.msn.com, skypedataprdcolcus15.cloudapp.net, az416426.vo.msecnd.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, dc.trafficmanager.net, dc.applicationinsights.microsoft.com, watson.telemetry.microsoft.com, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\secure.terranovasite[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	52
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aK1r0aK1r0aK1r0aKb:JFK1rFK1rFK1rFKb
MD5:	770DA68A4DE2539B5002B44767396AF9
SHA1:	E3A118B288CF426DE3027EFCE38AE7241560EC4C
SHA-256:	908FB85A6D01001B303E1030664D87BA5D193B56CA17FB2116D8696196D4DA4A
SHA-512:	B4AA2726B958DDA17F5D1E5A2EB109825D9CDBDBA1E1CFDDBE55BA94D5B6ED5EE7DBB0F15538099C44F0CC80DB2AF445EA4F60D11FE767943FFF99AA495D8922
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root></root><root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5F2E4143-6641-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8494091819860887
Encrypted:	false
SSDEEP:	192:rJZOZY259W8tJhifW0CozMqwBp2DPsfwCljX:r/aP5UIscjqaZ
MD5:	9453F8EBD3414EE8A96DDABFE1DC0D1F
SHA1:	053CD837FA42A0EAA4B492D3E13FBC0ED56912BF
SHA-256:	C04DACA1E61BC497B08277358CC1B8FFB063F988B3D6B11A66D8B6738D91E418
SHA-512:	2C6DD60ECCE31023284BE2CB342601011C5B1726B528D32084D66567BADA7648E97486DD3A04DCCCC5758BEB6A1FAFED60D1ED404E85ADD54BD930A0CE305188
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F2E4145-6641-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	87570
Entropy (8bit):	3.476700401299209
Encrypted:	false
SSDEEP:	768:6c/ib1BlO+fzHVUED7NR/ib1BlO+fzHVUED7Nt/ib1BlO+fzHVUED7N1:6sibbl7VJibbl7VFibbl7Vl
MD5:	CD35900AC48FDF1B26551FC5A9C76C0F
SHA1:	D039923AC4EE6EE8FEED76013FE62B6841D1BF05
SHA-256:	58F7525CFDE2928713DD2739CD606C84E25F7F1DD3805AF0524442A6EF7D11D9
SHA-512:	6565CCDC56EAD1287D518932681C2D4794D7A8B0E65FFD4ECC5E16741BA9243A077D2263203363354BC4E97DC197D32D31B03565D094C83E170C7BDB381A8C7B
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F2E4146-6641-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5641697390802676
Encrypted:	false
SSDEEP:	48:Iw8Gcpr5GwpaVG4pQ9GrapbSTrGQpKhG7HpRzsTGIpG:rgZzQH6dBSTFAQTz4A
MD5:	02CC4436997C70B391AEAB0353CB9920
SHA1:	0002E663289897670E86A532104AB530A858BE7A
SHA-256:	32FA684B00D9C6AEE2072470956F6A4917F9C95BA90218650331D6B82D5CBC06
SHA-512:	507A8723CB4C18521B30A5CE81E20B283AC4D572A3230F169E0705D6E63341D0095AC0655591AFD081393F78FC0B628EAC03428D4E33B272C45E982EDF12A944
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1290
Entropy (8bit):	3.872275562804785
Encrypted:	false
SSDEEP:	24:oaiyjOAssswsssHBwF7so1hg7MFyZpagRAWMFbuH4SIjhdPeb/xsX:oaTOAssswsssHmvjdbFdQsX
MD5:	404AEC637F307013119949B7C0FF3623
SHA1:	517F02500FDF81448B010F3B08C51C8D8584B28C
SHA-256:	3E8D0B9F19912D292B48F54E32E3F1094BBFCA5033983B484225FE8D22624A34
SHA-512:	7C7DB3469050B540411DC460EE4F5F3D57A3F61503500A705F41FAB5CF4130F76423E4025B4F434C7BC4ED9EFA462170ABAF9C5F8CE3C26F5707AC64EA3A3DE1
Malicious:	false
Reputation:	low
Preview:	3.h.t.t.p.s.:././.s.e.c.u.r.e...t.e.r.r.a.n.o.v.a.s.i.t.e...c.o.m./.p.o.r.t.a.l./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... .....@.........................c...c...c...c...c...c...........c...c...c...c...c...c......\.._..a..a..a..a..`k.........`k.a..a..a..a..`..\......`}.a..a..`..`..`..........`..`..`..a..a..`}.........`'.`..a..`..`;.]..........]..a3.`..a..`..`'.............`..a..`..`I.................`;.`..a..`..................a3.`..a..`...c..............`..a..`..`;..................c..`..a..`..a3.........`'.`..a..`...c......................`I.`..a.._..........`}.a..`..`I..........................c..a..a..`..]..]..`..a..a..\..............................`W.`..a..`k.`W.a..a..`k.................................\..`..a..`..`..a..`..]......................................`k.a..a..a..a..`}.........................................]..`..a..a..`..`'..................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\6609[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	10883
Entropy (8bit):	4.631475777465854
Encrypted:	false
SSDEEP:	96:i6UONGK8JqYzm8v8pR+sGk9r2ZeSYKogSTSTmkqD/YiK0vYid1J+zRpiehj3QWTU:/dzYiospr2ZbYtZeqNOPYv+zlnTti
MD5:	C181E8076A552055EFE503AE34BDD6A7
SHA1:	9C244BF3DCE9608C5577FC10DE8FE026E1C17378
SHA-256:	93E065719E90C5C0BC70DBA81775FD53B3CDCDA9DE7462D5AC811BA62380A089
SHA-512:	AD3BC5BDEA65F375F18413EF960C94F27CE8D867D567C2E185A5CD4A323B289A69FA51EBF56F0B85BEDC92B8F94813612CFA253979C9B1D9B0B339B93A462B00
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/Service/Course/Index/6609
Preview:	......<!DOCTYPE html>....<html lang="en">..<head>.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.... <title>Phishing Awareness courses </title>.. <link rel="shortcut icon" href="/portal/favicon.ico" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0">....<link href="/portal/Content/clientcss?v=bvkmLj9gWfTPkJAk6Yb6m4PyrUi7b8Lzuqlzx5yygjw1" rel="stylesheet"/>....<link href="/portal/Images/LmsIcons/sprite?v=A4kIisfEft2R15NsmruunJsOcSUZIZr75gHf0pUXmqs1" rel="stylesheet"/>....<link href="/portal/Images/AdminIcons/sprite?v=y2SZQEW8TrEDqR1aoaEzJK4wpAKYiII6PgivO20amL41" rel="stylesheet"/>.... <link href="/portal/Service/Shared/DynamicCSS?envId=226&token=212233509&envUID=00000000-0000-0000-0000-000000000000" rel="stylesheet" />.. <script src="/portal/insights.js?token=2122105617"></script>..</head>..<body>.... <div style="height:100%;">.... <div class="tn-top-menu hidden-sm hidden-xs">......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ActivityList[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2606
Entropy (8bit):	4.397101543363974
Encrypted:	false
SSDEEP:	48:uOBCb18DMRxY8DMbTg18DBR91iY8DBbTg5:uUCGQRBQbTtFRyFbTY
MD5:	89101F95F748C3C58760BFA719CD60FB
SHA1:	97D56B3E5F0314E8DBE234612B5D72D2F0DE0758
SHA-256:	6586AF499A89AF94906937D84393A74AFDFCB77B8F35857DE145D9F073D2C6C3
SHA-512:	C0E15C9127DBCA8C79CD8B83DCC0496AC741FF30FAFE614638E0936A44A9767849E675269102F3AB5AA7EC8FC8B6BA2A10DC3498791883D06D4FF227F7A32A63
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/Service/Course/ActivityList?envCourseId=6609&envCourseUserId=0&cultureId=1&persistResult=True&isPreviewMode=False&isIntegrationMode=False&showElapsedTime=True&_=1612371680510
Preview:	<div class="activity-list table">.... <div class="table-header">.. <div class="table-cell mandatory"> </div>.. <div class="table-cell title">Activity</div>.. <div class="table-cell elapsed-time">Elapsed Time</div>.. <div class="table-cell score">Score</div>.. <div class="table-cell status">Status</div>.. <div class="table-cell start"> </div>.. </div>.... <div class="table-row ">.... <div class="table-cell mandatory">.. <i class="material-icons" title="Mandatory" aria-hidden="true">star</i>.. <span class="screen-reader">Mandatory</span>.. </div>.. <div class="table-cell title">.. <a href="/portal/Service/SCORMPlayer/Index/34060?cultureId=1&persistResult=True&useFrameset=False" tabindex="-1">.. Phishing - Six Clues That Should Raise Your Suspicions.. </a>.. </div>.. <div c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Learning_Page_icon_attachment_blue[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 411 x 411, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	8835
Entropy (8bit):	7.8760801506535305
Encrypted:	false
SSDEEP:	192:peDZbWOWTa9wGc5xL8WYo5Rl0IImmhS+5VUbi5SLelc0SkV8Ee:IFWaK7L0o5MIIqzWX8Ee
MD5:	67F6D88DBE91BAA6AE84A19A0DD2A860
SHA1:	EB75B38CCC91882ABE47529407465084F3443D1D
SHA-256:	BF55EEA201BB018CE7B1C110835619619B89C9A7AF31199E5BBF5ACE079D338D
SHA-512:	513554B7FF6E930F195A103AA7844F52D9F4028E194FC590977ADAAAABFFD3A4E7FC7F4C45999735EE82A8B5D2B1A5A805C7F5C8B669022949997F79266E397D
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/Media/public/Learning_Page_icon_attachment_blue.png
Preview:	.PNG........IHDR...............=.....tEXtSoftware.Adobe ImageReadyq.e<.."%IDATx.........33....L...5....G31.....,hZJ1..Rq..`.].L..X..Z.lS...Qt.f.m..%......YH.:n......k..L4...v....f2?...<.9..~.0.&s.=.z?.{....M.....t.o.......#."p.6.......V1.Xm.O.Z~n.3..Z~..-?..!U.Y.a...&R.H5..\|o.s..2.o...S1.F l.......Z~..q.>#-A4..h.W... z.Tg.J.Q..B...P.a.a..ez..j..Z.j%...Q...AY...6.Q....F..> l@....a....]&T.4.+.Jp..3.~!.6.)`$Pv.....n....a........aQ.<$p.....6.6p.0....0".........b..1.,.</1....q...%`...b.7.3Hs.....2Uum...e.U..._CL...!`$Tz.W.b......i..CA.\!.m...............b.....^..%lP.....~.2.F.....1.........T....t.I...CA. ...X.A...!t...2@&.........!..&A3H..6 d..BG..........Z]..C..i.4[..0.@#tvs.'a..A.nc....^M.O..A.C1.+6c...R.H@. v.t...2.@d..5.8.1.......&.5.~F.HL...s....4...a].....v1.F.@}..\|@1e.....a..eF+3.......5.l!#U.L.u3.@......}C..=dh...WW.k9T9.Ma..Y..0..U.a..A..j...!l.d.M5....y...g7.@..4R..g$.`..g.. lB..i.8..7......6A.M......a.6U.....3..F...4@!..o.uWP.x.2]&dxQ...i5.&

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bootstrap[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	173497
Entropy (8bit):	4.799383232083985
Encrypted:	false
SSDEEP:	768:yER2n1QySUVLqqkXZTMegYFoUDquiMRNTHU44DMIMETn5VBKCkcuZGB2Vcx/cXi+:Wn1QyALZGB2VKcXihoiL3yeITMK4fWH
MD5:	F160715CE9B20896F5AF6816BB854C2D
SHA1:	61276D1C85F3C27E83DA1E5DF8B20D9AA271D08C
SHA-256:	09DF14A2AD16F4033D8CD8B04BE8F52D06BB05AF14E3567EBCE4BA855FB38237
SHA-512:	5BD32087E55A0C8EBE12EAFFE54B3789BECE20CCF54EA839ED5A6D46D78615BF0CA50DC365481FA515C62985A1C692CD8D57504A218FC820D23BA880871BDE36
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/bootstrap/css/bootstrap.css
Preview:	/!.. Bootstrap v3.3.6 (http://getbootstrap.com).. * Copyright 2011-2015 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. /../! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */..html {.. font-family: sans-serif;.. -webkit-text-size-adjust: 100%;.. -ms-text-size-adjust: 100%;..}....body {.. margin: 0;..}....article,..aside,..details,..figcaption,..figure,..footer,..header,..hgroup,..main,..menu,..nav,..section,..summary {.. display: block;..}....audio,..canvas,..progress,..video {.. display: inline-block;.. vertical-align: baseline;..}.... audio:not([controls]) {.. display: none;.. height: 0;.. }....[hidden],..template {.. display: none;..}....a {.. background-color: transparent;..}.... a:active,.. a:hover {.. outline: 0;.. }....abbr[title] {.. border-bottom: 1px dotted;..}....b,..strong {.. font-weight: bold;..}....dfn {.. font-style: italic;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clientcss[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	321404
Entropy (8bit):	5.159200640048768
Encrypted:	false
SSDEEP:	1536:CbNQygLFHiHIYExx8NrTY6vvaiHy+4E6kqbsCr/YRZ5Pto9l/aHG3nHt10IK7Tcb:+m+naiS+96kqbsCe3WTkOE39Locg3
MD5:	DEFDD367873232CC7EE244ACCEA5A420
SHA1:	50C905F1075602A735BB72CBF6449D617D695131
SHA-256:	526864564AAB3A11CAAA17230B2FE1E52D36C6CCC4F22AB04668A2EA96410B0C
SHA-512:	08A547DFA1DF42F04795BEC3B217112A72FA54D10A2C360C25D769D7578870C5B8627971E2BC9609D42E2A7679B92B2DC161DCEF6327BDD4748AF3F1CD47744C
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/Content/clientcss?v=bvkmLj9gWfTPkJAk6Yb6m4PyrUi7b8Lzuqlzx5yygjw1
Preview:	html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{height:0;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{margin:0;font:inherit;color:inhe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\clientjs[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	243291
Entropy (8bit):	5.259138851015579
Encrypted:	false
SSDEEP:	3072:dSy3xjHTh6qsow6K5npLDAzYswDxD8c7Ex0:NRBlw6K5ndDceDp8cQS
MD5:	F1740E3B902042A14A0872965F956066
SHA1:	1363D363993C603E644613D2C02929495654352B
SHA-256:	6CDC101A6B356214C791C2B213C0B50B521BAA66E219A826EEA7FE78AADFCCE9
SHA-512:	3139BD119E12230D6BCA5561949F8102C6E9F2594D77D8526F96C4EC085302AE809E842B163EC4C3F380D119FD1E7A2F80B7B5D0F4FAFF5F854D6E0EFB9A81E7
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/bundles/clientjs?v=LVeKriyyEtWgPDhcS3cEr_8i36hX75QuoT9334KnfL01
Preview:	if(typeof Object.assign!="function"&&Object.defineProperty(Object,"assign",{value:function(n){"use strict";var u,i,t,r;if(n==null)throw new TypeError("Cannot convert undefined or null to object");for(u=Object(n),i=1;i<arguments.length;i++)if(t=arguments[i],t!=null)for(r in t)Object.prototype.hasOwnProperty.call(t,r)&&(u[r]=t[r]);return u},writable:!0,configurable:!0}),String.prototype.startsWith\|\|(String.prototype.startsWith=function(n,t){return this.substr(!t\|\|t<0?0:+t,n.length)===n}),String.prototype.repeat\|\|(String.prototype.repeat=function(n){"use strict";var t,i;if(this==null)throw new TypeError("can't convert "+this+" to object");if(t=""+this,n=+n,n!=n&&(n=0),n<0)throw new RangeError("repeat count must be non-negative");if(n==Infinity)throw new RangeError("repeat count must be less than infinity");if(n=Math.floor(n),t.length==0\|\|n==0)return"";if(t.lengthn>=268435456)throw new RangeError("repeat count must not overflow maximum string size");for(i=t.lengthn,n=Math.floor(Math.log(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fontawesome-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), FontAwesome family
Category:	downloaded
Size (bytes):	165742
Entropy (8bit):	6.705073372195656
Encrypted:	false
SSDEEP:	3072:qbhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:qenD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
MD5:	674F50D287A8C48DC19BA404D20FE713
SHA1:	D980C2CE873DC43AF460D4D572D441304499F400
SHA-256:	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
SHA-512:	C160D3D77E67EFF986043461693B2A831E1175F579490D7F0B411005EA81BD4F5850FF534F6721B727C002973F3F9027EA960FAC4317D37DB1D4CB53EC9D343A
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/fonts/fontawesome-webfont.eot?
Preview:	n.................................LP........................Yx.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...7...0. .2.0.1.6.....F.o.n.t.A.w.e.s.o.m.e................PFFTMk.G.........GDEF.......p... OS/2.2z@...X...`cmap..:.........gasp.......h....glyf...M......L.head...-.......6hhea...........$hmtxEy..........loca...\........maxp.,.....8... name....gh....post......k....u.........xY_.<..........3.2.....3.2.................................................................'...............@.........i.........3.......3...s................................pyrs.@. ........................... .....p.....U.............................................]...............................................y...n.......................................2.......................................@...................................................................................................................................................z..............................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\index[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	16434
Entropy (8bit):	5.966088655897514
Encrypted:	false
SSDEEP:	384:TH+63kZj9HPB3kZvuUculGkP/leqgQgS/zJW5cWYenMxzGnO:TH+63kZBHPB3kZWUNckXvZrUcwMX
MD5:	73F577DF0B175781BD1BD0689087A45F
SHA1:	C0E24C4A80837C0110524F5DAC172B2A9D348578
SHA-256:	058D4CE931B713AD7815A544209650AF84C974A3423D4B404564E66722AABE22
SHA-512:	AAC6646E50501A743834615E9CD6FCF84AB3CF1771937D9B4E1418EEE2D60C088197FCC26FCD776CA82249BD768405B95B2B20F8BAC18E3A796871A6D9DF9668
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0
Preview:	....<!DOCTYPE html>....<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">..<head><title>...YOU'VE BEEN PHISHED!..</title><meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link href="/common/bootstrap/css/bootstrap.css" rel="stylesheet" /><link href="/common/jqueryui/jquery-ui.min.css" rel="stylesheet" /><link href="/common/jqueryui/jquery-ui.structure.min.css" rel="stylesheet" /><link href="/common/jqueryui/jquery-ui.theme.min.css" rel="stylesheet" /><link href="/common/css/rp_bubbles.css" rel="stylesheet" /><link href="/common/css/rp_tooltips.css" rel="stylesheet" /><style>body, html, .container-fluid, .row-fluid{.. padding:0px;.. margin:0px;..}....img {.. padding-bottom: 10px;..}...img-icons {.. height: 75px; .. width: 65px;..}.......col-lg-3, .col-md-3, .col-sm-12, .col-xs-12{.. padding:0px;.. margin:0px;..}.....centerBlock {.. display: inline-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sprite[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	3257
Entropy (8bit):	4.9796040043486824
Encrypted:	false
SSDEEP:	96:0UgPwP3+PXPn57UnMD6OOZ3OVnIV0+Nex60kdeY:oPwPuPXP0ZeVw
MD5:	4BA66A941F2A235E91407F998322312B
SHA1:	0781D745D679062DA70D18852E26D809FA8567D7
SHA-256:	1520B9801546FDC5D199FF2E19E9469B14AB12B98DC7C585278BE0CE0DE9FE3F
SHA-512:	09220926EDA3FB0542CB39357384AF9F967237B285CBECE934765373A9B2F747448E46ABCEDA0078B2F3822D476173CBA852D4B70AF5D5039B5A165D0B5C0E73
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/Images/AdminIcons/sprite?v=y2SZQEW8TrEDqR1aoaEzJK4wpAKYiII6PgivO20amL41
Preview:	.admin{background-image:url('admin.sprite.png');background-repeat:no-repeat;display:inline-block}.admin.admin_icon_grey{width:99px;height:99px;background-position:-10px -10px}.admin.admin_icon_grey_small{width:36px;height:36px;background-position:-10px -119px}.admin.admin_icon_w{width:99px;height:99px;background-position:-10px -165px}.admin.admin_icon_w_small{width:36px;height:36px;background-position:-10px -274px}.admin.api_integrator_icon_grey{width:99px;height:99px;background-position:-10px -320px}.admin.api_integrator_icon_grey_small{width:36px;height:36px;background-position:-10px -429px}.admin.api_integrator_icon_w{width:99px;height:99px;background-position:-10px -475px}.admin.api_integrator_icon_w_small{width:36px;height:36px;background-position:-10px -584px}.admin.campaignbuilder_icon_grey{width:99px;height:99px;background-position:-10px -630px}.admin.campaignbuilder_icon_grey_small{width:36px;height:36px;background-position:-10px -739px}.admin.campaignbuilder_icon_w{width:99px

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\226[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 177x55, frames 3
Category:	downloaded
Size (bytes):	4204
Entropy (8bit):	7.776343875455314
Encrypted:	false
SSDEEP:	96:mo7FbdSKm4lmN1Mm6kQRI5PHqRW+qaZpGgo9qC8wmG:n7FNl2akZpHqolJaC4G
MD5:	ADFDF9D81DF3A3ED6445FF70424A0E5B
SHA1:	FA7E3FC9DE7DA578A9091B275AF50D4E24E33115
SHA-256:	7B8BDFCFF24800EF629489A88E4EB3C595F2CC91D626A631062521268DD33A62
SHA-512:	149DB87130F424E0A2B553878D9CC283F44343109671C44F064EA5EC724257B801AE60FFDE28F5DE96484748027F6622ED67CCA91A2DA0228D9CE70C89DB5C6F
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/Image/Index/226?fileName=62f76864941b14623dc02bb10f717e6ddd4ad45a.jpg&imageTag=Thumbnails
Preview:	......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C2B55A6765C511E89EB0A15758EA175D" xmpMM:InstanceID="xmp.iid:C2B55A6665C511E89EB0A15758EA175D" xmp:CreatorTool="Adobe Photoshop CC 2018 Windows"> <xmpMM:DerivedFrom stRef:instanceID="EF2A8E5215781074AB83DAD15E7F7ECC" stRef:documentID="EF2A8E5215781074AB83DAD15E7F7ECC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...............................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Learning_Page_icon_links_blue[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 411 x 411, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	7655
Entropy (8bit):	7.8987126461698125
Encrypted:	false
SSDEEP:	192:5Vl9kd9RCpA2OhQHfmI/KWkB8QmOYnzpJUO/mo5iiUFh29/Z:5n9kduAg+I/2B8Q9Uzgo5ii2h2RZ
MD5:	63FEEA511DE8A22A249069034FFE54E4
SHA1:	834CE37878BC94C93AB063B6F80845EF179B52C5
SHA-256:	DA4D27942342F7C3C24CB0B1FC577DE8D209A873FE8AD23AF061B995B062D547
SHA-512:	33A6DFDBCB45FC4255D263B032871E20756D9AA557E625C10FCFC8E74C71D96F05E73B7A3215A8A97667F1B5B81FD990EC07A7E4E488ADF596C08F1038A1EDDF
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/Media/public/Learning_Page_icon_links_blue.png
Preview:	.PNG........IHDR...............=.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..._.\.}......I.#.$U!. .........RU.n.P...#..Sm....U..Em....T.....Jd#5JC...Jl.....Te.m. bu!..L......^..s..=.~>.h....g...9.s.u....mw...f..\.u...)n.Y.o.[.Y...6..j..K/?.....3.4(Hz..><...5.7.S.w....YF...Ben]...Bi.^E....Z..@...2S..l....Z...."."..........ba4...h.T....K..\~.Hq.b._..\....aCS..pq.j...u..A.\.D..Y...t..\.>.d#l.s...=.aM...E.z.6L,`"\>YT1..f.dkSnO..s.p l.:`....k/..n.<..J....;.`.&x....a.0.3..`f..}...s......L..,B."?......6...B.4.UZ.L.!lT1.....N.v......"`.U1LH....aC.Bf...T...b.:..B.v..g...N.:..B.^.\|9.Lz..]l..u.....X.9QT2.cH.j.:....A..A....:..F.....Q!C.C'...........O.u2.k.JBf..d.0..s.>.a..!...l...."l.tEQa..!.k11]v.h@.Nek.k..jh.!.]...w.U.....?.s...\\Y2.*.6..X.yT.@)bJ.A.9...)3..B.:..M...HQ.....L.Mt..3..m!3S..#.a\|........ 0....'2{f`..C....M...{f@.....j.v......e......6...aC%As...'3C..X.6IV3..@..2.r.M.A3[T3:. ]..v....2....\|~..A...o...=.lj.21m..4..4N...3.&l&.4...:.i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\TN_Learning_Activity_Page_BG[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 521x1364, frames 3
Category:	downloaded
Size (bytes):	95744
Entropy (8bit):	7.961908290559063
Encrypted:	false
SSDEEP:	1536:tedec6aAQtq5UyOUbpXyrjFgRGlv5QAsgKXHGiIPfwA8ZRnk1dtc:twga5qSyOWXySRGlv5QxXXJIXwlnnAO
MD5:	F7CC950B35E865F1B4D8AF50EB955E9B
SHA1:	70B120D28474B5B27158E09EABFEC107F141C70E
SHA-256:	454633DF39045E26EA25E5CB2B97A47A5F34B92B39162C757770D5E672DF9B3D
SHA-512:	8E2226DD7B36C7970D6ED59AD06BD18696E4E6A256C619D8CB7371A272D6A9ED58FC33EE0403BA772C10A36BA0A6668276CF6695BB620E8D91A2DD8C673085E5
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/Media/public/TN_Learning_Activity_Page_BG.jpg
Preview:	......JFIF.....d.d......Ducky.......d.....&Adobe.d...............Tj..kn...y..u.............................................................................................................................................T......................................................................................... 0.2.@P`!1..56".A#&.3.%....................!...1AQ...u 0@Pa"`q.....2..R...Bb...r...#$..U..................`!.. 0.a@Pp1.Aq.......................!.1AQa 0.q.@......P.`.................?.q.. .........b.6b1..8:q.2M.Q0YA+%.....;.UR..k7..C=..l..<vlgw...9..VZ....Je$.D.N7.(...M.I....]5nq....y5.-.H..&,j..Ll.)d..j..x.y.......gO.<..}.J.....%sl.~...n.@..z.>....4.gX.R.sF.Z.>...T(.b.5..-.Le.VIZ.Su...#S.c...........bVZ...(.%e.#.S...JHQ.Y.7e....LVj&..;..b.2.Q.6.d.f..jP..4..k).:...V.K1..=p\a.~s..@....c6.L.B.8.Q..^..v.-BP..$.f.i.F..X..(...].`..LI.u.-.Zkfo<.yf.f .s..O/^...W;......X.....t.$.SY..$...cL...[5Y.g>.j.%A ...nk!..&2..[...U.-..g.L..,..s..&.<my.V1ga...Ym%....N..NYWn

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\clienttnjs[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	23957
Entropy (8bit):	5.260317724917107
Encrypted:	false
SSDEEP:	384:s4pm4zU+menKYCe+dDgCeo5MCqqyzyolwHTrjtxD/PJlVa0yppaYwd1l1E8i1ByM:sQmRFenKLe+5eDhwHT/txpFLG1syj
MD5:	F124BD518B38FF572159C30B6F69D60E
SHA1:	C0C824C7975B121F954E9531CAA6A4761A3110B5
SHA-256:	3AF73DCDBE7A9D2AE87404AED447B3871471D3AE1E600DF1EE440EDB6B44222C
SHA-512:	E6B9553DC90855B5B635E437F0F541C8B51D36BE93A252C5A00348234F7BA10D7EE762379E64614400E511C2CF79D0F30C346E7EBAB270DF2798A0D9DA03CC42
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/bundles/clienttnjs?v=E1AOA5V_NR3TcUl1b6sfwaMJdZCmd_SCVmicLXoEuIk1
Preview:	function setupDatePickers(){Modernizr.touch&&Modernizr.inputtypes.date\|\|$("input[type=date]").attr("type","text").each(function(){setupDatePicker($(this)[0])})}function setupDatePicker(n){var r,t,e,u,i,o,f;n=$(n);r=n.closest("form")[0].id;$(n).datepicker({dateFormat:"yy-mm-dd",onSelect:function(){$(this).valid();tn.validation.displaySaveButtonState()}});t=null;e=null;n.data("mindate")!==undefined&&(u=n.data("mindate").split("-"),t=new Date(u[0],u[1]-1,u[2]),n.datepicker("option","minDate",t),e=n.data("minerr"));i=null;o=null;n.data("maxdate")!==undefined&&(f=n.data("maxdate").split("-"),i=new Date(f[0],f[1]-1,f[2]),n.datepicker("option","maxDate",i),o=n.data("maxerr"));n.on("change",function(){$(this).valid();$.validator.unobtrusive.parse("#"+r)});n.on("changeDate",function(){$(this).valid();$.validator.unobtrusive.parse("#"+r)});$.validator.methods.date=function(r,u){var c=!1;if(moment(r,"YYYY-MM-DD",!0).isValid()\|\|moment(r,"YYYY-MM-DD HH:mm",!0).isValid()){var f=new Date(r),s=!0,h=!0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\dynamic[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	18304
Entropy (8bit):	5.055867041255326
Encrypted:	false
SSDEEP:	384:HnNw9+B82Gmi5nqtkxVAXHiRWoSGaOmKQ:18aW07USGan
MD5:	E32AD6212AABA7E82C5FEB3AAA78E488
SHA1:	235F05BAE340D75A1CFC9B3BFBA21FB9EDF5C22D
SHA-256:	8A293BB5F9E50227F768FC005B70198E8D63B8ED24DBF0F07AA78D5E91D84EDF
SHA-512:	EA3EF00D1D6F74B8B9CC95FC5BFBBF462C6B04306166B71E40C0181C7ADBD1129535DBA066411CB7CB5FFA38C620B367EEBF967721681F65B65E59BC55850BAA
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/dynamic.js?token=2122105617
Preview:	var tnUrls={rootPath:"/portal",constant:{columnCount:50,notificationDismissTime:4e3,ajaxErrorMessage:"L'application a rencontré une erreur inattendue. Cela ne semble pas avoir affecté vos données, notre personnel technique a été automatiquement averti et examinera cette question de toute urgence.",sessionExpired:"La session a expiré. Veuillez vous connecter pour continuer.",reload:"Recharger",login:"Connexion",userAdded:"Cet utilisateur a déjà été ajouté",successChanged:"Les modifications ont été appliquées avec succès",fieldIsRequired:"Ce champ est obligatoire","null":"Nulle",systemFilterColumnCount:"4",coursePackageStatus:{newStatusId:37},courseActivityType:{activity:2,evaluation:3},environment:{terraNova:1},customer:{terraNova:2},culture:{english:1,french:2,espanol:3,arabic:4,czech:5,german:6,greek:7,spanishSpain:8,estonian:9,finnish:10,frenchFrance:11,hindou:12,hungarian:13,italian:14,japanese:15,korean:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\rp_tooltips[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	13532
Entropy (8bit):	4.74930061264459
Encrypted:	false
SSDEEP:	384:yxiQ952UOM7FEOBO57QNZhgfR6H9CWXkOX:s52UOM7FEOBO57QNZhgfR6H9CWXkOX
MD5:	4B2F2BCE67A3C4AB9B0F17372F010918
SHA1:	EB379F291A848680DDD5D3ECB4E59818F9A602E3
SHA-256:	9BDDCF9A5FC7BAF7E7BDFE849437591EE53DCA4206B1B8AF6A705ADA50FBADBA
SHA-512:	0C6DDFCDB4EE038C98C1EB9FAA6AF8DF0D55BD5F74704F2AB51B20E6C107B8757BE11640FD5753C4A955A64E451FFF661357C2C61C769ED9B6209416BF9BCB27
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/css/rp_tooltips.css
Preview:	/..Theme Name: CSS Bubbles and Tooltips..Theme URI: http://delicioustheme.com/demo-15/index.html..Description: A beautiful CSS Bubbles and Tooltips..Author: ukrop-studio..Author URI: http://www.delicioustheme.com../..../* ==========================================================================.. Style.. ========================================================================== */.....rp_container_top {.. margin-top: 70px;.. margin-bottom: 50px;..}.... .rp_container_top p span {.. font-size: 24px;.. text-transform: uppercase;.. color: black;.. padding-right: 15px;.. }.....rp_name_tooltips {.. padding: 15px 10px;.. background: lightyellow;.. color: black;.. margin: 0 auto;.. text-align: center;..}.....rp_container_bottom {.. margin-top: 70px;.. margin-bottom: 50px;..}.... .rp_container_bottom p span {.. font-size: 24px;.. text-transform: uppercase;.. color: black;.. padding-right: 15px;..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\selawksl[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Selawik Semilight family
Category:	downloaded
Size (bytes):	16883
Entropy (8bit):	7.953273854875156
Encrypted:	false
SSDEEP:	384:HGR4uwFD7kFOdzZKBsEGiqwUpOywqsDtbu4VrbrnrBQ44Ysf7:24pD7kFkF/EGiqTpOyOu8rtQp7
MD5:	F325F4EBCE783662A07B5262D9A6C581
SHA1:	92C119EDFBC9DE93A71937B7BE26711C4B6B5E3C
SHA-256:	5A15D74DA0757D4D5F861EAFC660A64A3208B2EBD6DC04311F9A39D591CC4799
SHA-512:	53D7EEA476FB56F18DBCD7473FEA08D7F97957B27B2507DC89A0DA85B31A5C16F9625F584D8DAB2A4721EB367254D6A2083BB94BAFE7CA23CC0CAEAFFB0CA270
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/fonts/selawksl.eot
Preview:	.A..%A......................,.....LP................... ..........................".S.e.l.a.w.i.k. .S.e.m.i.l.i.g.h.t.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.1...".S.e.l.a.w.i.k. .S.e.m.i.l.i.g.h.t........8.A..A!.=.......U.D.-...Wu...,...oO...#?.....[......_..Q.....M..AD.%.2.C$..0d.....{..aV.biXj.\....}.0.F...ct;Zz.$o.9.JE.....S..`y.BA.!P7.3. 7..W]&.b.H..Eg...x-.U...1fqs."uN.6.8M.g.4.`.........J.V.F..U..5.>.<...MI.........R&7...p.... w.kf..W.}.3`.a..S>@f`.c..#g....r..,.-.fLp....H..!....?..I.A...........0...&X.x..I...@...)....&..!>......xQ.Ue..<...q[..u]RkK.D.b6M..Y[.?Q,..J.L.5...0;M...{c.X.\|Q......l..K.n..4.0....G.E...(b.Q.I..".M.Y..U...X...f[..6....2).=..T.s.i.3.Y ?H...'.WA...... ..c.....E.....3d........I..<.m..?.l.9..M!../.........=...[H.....rM..!.pL.i..=...i.5(.Y..N..t.....#..a]bJ..2..x.=..#.....Z......KP..R;.`1@&j+l;.A>.e...P....."S..F=.z.e.j..p..j.D.....@.H.w...@.&...9.eu.........B..R.C.......].....r'2Dh.D.e..}.<.(X`..).sH=@.".....A....D^2.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\sprite[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1669
Entropy (8bit):	4.970955874562742
Encrypted:	false
SSDEEP:	48:+5tMMyORC2glRTYvI9RqDHv49RBDUphROPe9F:0tMMy8C2gbTYvITqDHv4TBDUpXOPen
MD5:	02115BFF89D00A4E5EF697163882A97B
SHA1:	9964D8CB837C795FD536DEE5CEEE80027599662D
SHA-256:	0C7BF63ACD222FAED6D9F8759E1E6EB42B142D03911B54079A95AF22509EC84E
SHA-512:	52742C1EB7657F72A047007625F4B0AAD3EFC5B605F1E9638551CDC48623DC67405332D2ABBD4408F8E6B4B24CB6EF16777756F81E1F719B26ADA01279AF6214
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/Images/LmsIcons/sprite?v=A4kIisfEft2R15NsmruunJsOcSUZIZr75gHf0pUXmqs1
Preview:	.lms{background-image:url('lms.sprite.png');background-repeat:no-repeat;display:inline-block}.lms.verify_integration_icon_w{width:36px;height:37px;background-position:-10px -10px}.lms.package_ready_icon_gp{width:36px;height:36px;background-position:-10px -57px}.lms.package_ready_icon_grey{width:36px;height:36px;background-position:-10px -103px}.lms.package_ready_icon_w{width:36px;height:36px;background-position:-10px -149px}.lms.upload_client_icon_gp{width:36px;height:36px;background-position:-10px -195px}.lms.upload_client_icon_grey{width:36px;height:36px;background-position:-10px -241px}.lms.upload_client_icon_w{width:36px;height:36px;background-position:-10px -287px}.lms.upload_integration_icon_gp{width:36px;height:36px;background-position:-10px -333px}.lms.upload_integration_icon_grey{width:36px;height:36px;background-position:-10px -379px}.lms.upload_integration_icon_w{width:36px;height:36px;background-position:-10px -425px}.lms.validate_integration_icon_gp{width:36px;height:36px;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Learning_Page_icon_Beware_blue[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 411 x 436, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	7173
Entropy (8bit):	7.851503673995496
Encrypted:	false
SSDEEP:	192:4svgRERMjcyqRIZhAfYgcE1TypvaV5+3LBe:54REujvq0hUV1WvaGI
MD5:	9D78C404CBA12BBF774009879ED69963
SHA1:	254F972FA7CDFD5B7F366C59C833FE600C741DFA
SHA-256:	2B7B44A38BE5159466174C09ED7C735689DEF630B2C4F641E540B451A63DDA07
SHA-512:	F4C888E1D199C108163101ECA4895B64FF0599D414A2979FD073B0C7D913F690D794549D9505A718D8CC4BEE8DA652E054451772EDE79C6C4AD691B123EADD96
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/Media/public/Learning_Page_icon_Beware_blue.png
Preview:	.PNG........IHDR..............b......tEXtSoftware.Adobe ImageReadyq.e<....IDATx...O.].a....\..D..H..U.aQ.d.......U..E.H...E..{.H..Ru..fS).z..J...UE..,l....v..<#...+......{..g?....s.}..}.h.`<o.{3...?...[.9pp!..8.......U....a.H84:..N...uh...?S....{.....[...g.a..Ih!..<R...sS.f.V.......a....P.<2.q..Bh.hG... Z.JA............!..P.........X..!.Ry..h@......"\....R.."x..$\|.6......6..."T.Q.......s.....6D.0!P........'....aC.....S..E.vX.j=.M.!l.:`B.....;-x.6..0."\..0..rf..a...P..`..F.V4..m.@.U.t...d.(3.^...zL.!l.L....4..Z..^p!QaC.Bf...%....................6..0a..h....1"Df..`.P....2...T...b.Z....64'd.g.ch.^.1.&t..B.j......B.j.V..I.#l.2PG..3.&l.2P.^fMG.Pi...0.7....#.L.....g..m.0.B..s.Oa.t!....\.0&lg9sE.a..!.X.L.h...;...y.P....2a.,...5.0..n..........X..r...3.&l.nle>..2..Z.6...le...-g.P..6.L.h3....:.m.Zs..a.t.......l .6.........r..NCPi../.o...D).2.4.w...W/....A...sF..c.h9..&l..2.E....h..~..qN..a.s..S...@..Z....&...Sf6.@:z....M,!..6.....$.i5a3...Ac...fZmJs.`.y6.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\MaterialIcons-Regular[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 56792, version 1.524
Category:	downloaded
Size (bytes):	56792
Entropy (8bit):	7.9929402569822185
Encrypted:	true
SSDEEP:	1536:y+y37fwpfj3kusrr3Phls2oat8VUTV2dZPYnNyk6PoCPP7SL23bOuaeje:yWqrDPjs2oatEUT2BYnD6PTPPmLIbObb
MD5:	E2F35F2D8BB12D4D3407EBE3683ADAA1
SHA1:	448AC5FA421C0E61FADA3FF4C63DC2BB72199698
SHA-256:	CF7881FD4D4C4C30E4A730B34CEE417DF72504228DD55FF767949579B0CC50E4
SHA-512:	FE47F836D91BDA29025BAD161F1ECD4EDFD079D1A3168F4093ABFEF03540830F6AA3B717A506757DCF5EE8DC4DDD827D6A31CC241D625399A7BC6EF0A52318F3
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/fonts/MaterialIcons-Regular.woff
Preview:	wOFF........................................GDEF...X...$...$...SGPOS...\|.......6...GSUB......'...dhWt..OS/2..)....@...`.s".cmap..)....6.....!s.cvt ..-............Dgasp..-.............glyf..-.......b.N...head.......2...6...hhea...........$....hmtx...(...`...Nf.d.loca......J...J..qmaxp....... ... ....name...........~.O6.post........... ...2...................'...(............x.c`d``.b.c0a`.I,.c.``..0.....a,.J..-`.........x..]...U...y...3......3.,..2#2S$3#2%"$2$E23"#"222##2"#32"3#"33#23#332#323""3333....s..5...........{....J..5^MRz.9...J.D......oz.9.S.Fe)..^...85'.Pa.a#.5./<\|..;...h.../.rB.....8....g..V...9[..\|.......J.K..j...W.......uN..W.mz...S.Rs...<j..4...[.]..TgjR.........}i...>>=7.4}y...m.=.'2...S2.3.2k3.d.gve.e....g.egg..^..<.9{S....#..Bn\|..........e..s...j.p..L+._.pn._.q. %.;..+.a.VQ>L.MU6..9..JO......J..G...uT..mY..:=....h.F(FJ..>J...xe5..uU0...9Z..#...V=.....b......).i.O.R.."j....6z..AZ.........o......C.!.Q.9.R.e....ib....Q..U.F.....F..m.[.{h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\TN_PHI_L30F_EN_Shareddocumentinthecloud_v1b1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1727 x 1474, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	64600
Entropy (8bit):	7.481638516702503
Encrypted:	false
SSDEEP:	1536:tYBftwNeo7KnDIZR9VVVVVVVVVVVVVVVmPtOwwp4VVVVVVVVVVVVVVVVVVVVVVVy:F3eUZsPtOTpRunE0iP
MD5:	96603547E42493CF53C451D994420EEC
SHA1:	FEC0B8E4A0A2A54BF45EA40BD77ED10D99048217
SHA-256:	601E36D63EC6F0A7E08D6E2083742FB149B90ED2D3AF30159C5A64104F8C7079
SHA-512:	1A90F47C42CE8855CAB21C272CD8C3CE752A4BE28117DF70CEFD36461F2A7F94FBF23B1D7BF8344CB2B6234B6EDED3B5D412157C95FE146411FB1E6134BB1B5D
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/Media/tgmedia_81B98B7BC7F64F6D9E29F9AAD2018618/TN_PHI_L30F_EN_Shareddocumentinthecloud_v1b1.png
Preview:	.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..._.T...s.OU.GU.cY.m...;...kK.M...#..$p.... b..@4~.@..F....&...f.a..7.E.d.x.g,. ......0.d.,UI@Q..w..f..../...2......<y.7oQ.W..c........................................d.......'...............z2................../.............`..hYG..............i...Q.........z.jj............a..........04...........04...........04...........04T..........`..0X..w. ...!..........@.v.....\|....1./..........s...z.8=.......TX..68.X_.a._.............W.'L.Z-...M}....w........?.?../.9.}../..../lH....aX.\!.................<......h.z...W....?..LO.3........;.Z../\|._._...._.......WO(.X.............`..wV.oK}O.i4...z..Ft.......n.eff...o~g.....r.d../..\|....LL..E.F..........0`>..K.+.&l......[._+.JA.R..-.Z...afdd.FK.Z...K=.fgg5.b......7....W...`...C%.AX...A..v..~............V._a......J..z...Z..(..}.v..).T.j......5.W.v..U.V.k....]z...5...}3H....W..E..F..........0`j.z...5.f...k.h.7..!Y.6.r.Y.zz.5.c##.R..z..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	39685
Entropy (8bit):	5.135776519349501
Encrypted:	false
SSDEEP:	768:np/wtev6UwUx0eWN3MebE9rQuFfU8Vt0azWcsi1m3K0rmq5YW:OorXfURXiUrmq5YW
MD5:	105A4995B8777AEAF68BFF64BF7D2AE0
SHA1:	E21390F730EB97D3D26B908AAACECD0A00A433E0
SHA-256:	A915D483B99AF421F4813E6B60599B4E39FAFF120E54B5E9838386D4AE1A4C60
SHA-512:	6BEED488F5BC341194DF23CC5A1133EFFF442C30E0E80811FF7DAB1BBB73E809D1CA2A7A4FD02160364E8CE781BAA788C0F47C291946A32B06AF8E64435E74D8
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/bootstrap/js/bootstrap.min.js?tn=2111313818
Preview:	/!.. Bootstrap v3.4.1 (https://getbootstrap.com/).. * Copyright 2011-2019 Twitter, Inc... * Licensed under the MIT license.. */..if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");!function(t){"use strict";var e=jQuery.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9\|\|1==e[0]&&9==e[1]&&e[2]<1\|\|3<e[0])throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(),function(n){"use strict";n.fn.emulateTransitionEnd=function(t){var e=!1,i=this;n(this).one("bsTransitionEnd",function(){e=!0});return setTimeout(function(){e\|\|n(i).trigger(n.support.transition.end)},t),this},n(function(){n.support.transition=function o(){var t=document.createElement("bootstrap"),e={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var i in e)if(t.style[i]!==undefined)return{end:e[i]};return!1}(),n.support.transition&&(n.event.s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\button[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2744
Entropy (8bit):	7.671735298779055
Encrypted:	false
SSDEEP:	48:j1kNn2yqNrtJ3mGjy/D2yhucV1SKADmuXIQ1HiW2mvCJo52uu9gMUOEOSGQFW:C2LNrSGjy/FTV12NttjAU9TGQU
MD5:	27A3DE89DE3D9604D375CAB92D05C683
SHA1:	4D4C2B57264C7F7011F071D1E57EF42C113F8671
SHA-256:	634506D6F67DF53BD8BB6F1E5807173788D722E0F0D0DB99E637294DED822743
SHA-512:	043E1D02D6BCB09BACB5592A5E3C61DF49419B67C589E440BA329B1AE781F1741B5D3ECC1890159D5156F48A0338DF9E2F06A6742C91C47284EACFEC26A6CD70
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/Media/public/button.png
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:883BB05C8BCA11E6899FBAF4395C6D0F" xmpMM:DocumentID="xmp.did:883BB05D8BCA11E6899FBAF4395C6D0F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:883BB05A8BCA11E6899FBAF4395C6D0F" stRef:documentID="xmp.did:883BB05B8BCA11E6899FBAF4395C6D0F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..@....(IDATx..WYl[E....N.M..!4).@C...R...\|..P.\|.@B.E.... .B..$......T@ !..T~.Z.K.B[..M..4qb.........?...s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	3.6015158016665287
Encrypted:	false
SSDEEP:	24:NssswsssHBwF7so1hg7MFyZpagRAWMFbuH4SIjhdPebN:NssswsssHmvjdbFdI
MD5:	6465F7AFD722457B7EDCEE9DE1C2B599
SHA1:	621C29422CF1D74476C1871604F1A1E09E9B96AD
SHA-256:	C7652CF562975D07DFD7F7DD73E3A5CF0E0B39B46BDDF18737BFE1618EAEC31C
SHA-512:	A689E1D5E7F67F2B9981FF1E514351EE3C83F82E26213614D779BF36D386590B578001F3F1630343C87456D2269FD485DED78D4253A5B312CB0DD4911D1AE13A
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/favicon.ico
Preview:	............ .h.......(....... ..... .....@.........................c...c...c...c...c...c...........c...c...c...c...c...c......\.._..a..a..a..a..`k.........`k.a..a..a..a..`..\......`}.a..a..`..`..`..........`..`..`..a..a..`}.........`'.`..a..`..`;.]..........]..a3.`..a..`..`'.............`..a..`..`I.................`;.`..a..`..................a3.`..a..`...c..............`..a..`..`;..................c..`..a..`..a3.........`'.`..a..`...c......................`I.`..a.._..........`}.a..`..`I..........................c..a..a..`..]..]..`..a..a..\..............................`W.`..a..`k.`W.a..a..`k.................................\..`..a..`..`..a..`..]......................................`k.a..a..a..a..`}.........................................]..`..a..a..`..`'.............................................`}.a..a..`..................................................`'.`..`..a3..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-3.4.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	88147
Entropy (8bit):	5.291368969514295
Encrypted:	false
SSDEEP:	1536:jTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPmt:jgZm0H5HO5+gCKWZyPmHQ47GKR
MD5:	A6B6350EE94A3EA74595C065CBF58AF0
SHA1:	B15F7CFA79519756DFF1AD22553FD0ED09024343
SHA-256:	412B8FF9C5AB32B9019FCD84BCD4A54C0E265A14528474F4EE45B27A20ABEAEB
SHA-512:	F5A9C6AEE347C155E4DD796C51716B7447BC22AE44741FCEB6BCFEE02F955AD4063D38613F241108A3E1F3E1F540FCAED8D9848B9A0FB823C00955CF9A19EFAD
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/js/jquery-3.4.1.min.js?tn=2111313818
Preview:	/! jQuery v3.4.1 \| (c) JS Foundation and other contributors \| jquery.org/license /..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-ui.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	253397
Entropy (8bit):	5.143267383519172
Encrypted:	false
SSDEEP:	3072:SmKOJp1g7SV7opRBCDrgn8Kn6xji/1uLO1TG0qFEZr+L1vhj:CL8KJCOQlFg0vhj
MD5:	F5E9E19A3C99F2875ECC6D2653FF8B3D
SHA1:	294B3C42D7DC81EF796D6E910342E2232F414FF0
SHA-256:	E79A2C1E429495D3C084B8E6FA8B7B1651C123B9CC4EF5C51ACC5EEFCC534F38
SHA-512:	A85847D7695DDBFD1289BFC7FF53697345242262614D9DD565906C4DF2A06E353438DB34F3BD39FE60641C0B7EA0680F0FFB781D69DC0E82115A0FB32286E3E2
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/jqueryui/jquery-ui.min.js?tn=2111313818
Preview:	/! jQuery UI - v1.12.0 - 2016-07-08.. http://jqueryui.com..* Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-1-7.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/sorta

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\1[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, frames 3
Category:	downloaded
Size (bytes):	145120
Entropy (8bit):	7.796167341609381
Encrypted:	false
SSDEEP:	3072:jiksnaADPE3xYxPqo9KI+3xjZYh3sywvPKgrnfSb5jjxOmwovL:jCadGQo9UdpagrnfSbVtOmJz
MD5:	8597C2D817C8A0EE3B6C8AA39404C276
SHA1:	36597D89AEB31652E6F73DD3F86E50913B3BA8DB
SHA-256:	070E852BD056799BD472896E2FB92B558B5817649C039A964B729D8D0D545FE5
SHA-512:	C2E746D894DAD46D47598B167EFE8F568A5164C4A07A2FDF2D266D57C9B2C26AB25B3DD2F6FDAB481475167467939A982F284A26181276E75A2DA3003743C5E2
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/Image/Index/1?fileName=LMS_OFF_BG_02.jpg&imageTag=Backgrounds
Preview:	......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:442e5bf2-e7f9-1942-901d-132de6ff164e" xmpMM:DocumentID="xmp.did:640514EEE1FC11E89FCACB11F82A24AC" xmpMM:InstanceID="xmp.iid:640514EDE1FC11E89FCACB11F82A24AC" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:442e5bf2-e7f9-1942-901d-132de6ff164e" stRef:documentID="xmp.did:442e5bf2-e7f9-1942-901d-132de6ff164e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\DynamicCSS[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1868
Entropy (8bit):	5.026449494938463
Encrypted:	false
SSDEEP:	24:5H5WcIUpwJFhuRWgcE96E9dKK/q4qbqpAJqifqwXjfK4+Wq4m1WE08R:x5W5EcE96E9dvvMhJlfbjfK4+N1WE0+
MD5:	B9A273EBEB375781F45A07F37E0EC4B3
SHA1:	CBEA2B51B49249C8E05E5B44C49716096A2B495D
SHA-256:	78781E13A295BA2C65119E040E4FAD1B21AF30EAA6D69B148536FB8A5D96CD69
SHA-512:	C6237D104FB83764703B54763716CDE00A6D61DDD7B879D1B074C1E02642A88ED92571748DE04F3820F1F4FCEAFF81E95A76AC931ECDF23F2DFA5F289E2CDA0C
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/Service/Shared/DynamicCSS?envId=226&token=212233509&envUID=00000000-0000-0000-0000-000000000000
Preview:	@media(min-width:768px){html{background-image:url('/portal/Image/Index/1?fileName=LMS_OFF_BG_02.jpg&imageTag=Backgrounds')}}.bg-environment{background-color:#48bd4a}.color-environment{color:#48bd4a}.bordercolor-environment{border-color:#48bd4a}.hover-environment:hover{background-color:#39973b}.sec-bg-environment{background-color:#00c0e8}.sec-color-environment{color:#00c0e8}.sec-bordercolor-environment{border-color:#00c0e8}.btn-environment,a.btn-environment{background-color:#48bd4a}.btn-environment:hover,a.btn-environment:hover{background-color:#39973b}.btn-link-environment,a.btn-link-environment{background-color:transparent;color:#48bd4a;border-color:transparent}.progress-quiz .progress-bar,.progress-quiz .progress-bar:after{background-color:#48bd4a}.radio-environment input[type="radio"]+label::after,.radio-environment input[type="radio"]:checked+label::after,.checkbox-environment input[type="checkbox"]+label::after,.checkbox-environment input[type="checkbox"]:checked+label::after,.che

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ai.2.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	127592
Entropy (8bit):	5.282804271618992
Encrypted:	false
SSDEEP:	3072:M9aZTtPG/tIkeFdFDHSHtaG3BWYix+ujWYiZEtZzj2S5ntTeG2JQH:4t3WYiRjWYiUZzjL5nxyJQH
MD5:	2A0004562AFBE6892F418FA776D6F3DB
SHA1:	5FBB81294FAED8EAE5C9B9A7223D16297F53B65D
SHA-256:	2F4E3E28AEB435AFC9528382B79D0DDC2A19CD3485998874B7D9ED502F8FD9C9
SHA-512:	4EE41CD14286D9A80A50A04B1991CC1AAB09B29F4BCEA79DC4B5E689FBD7869EF2C4C8596DA6213C772A8A1494ACEC34895296617B01F31EE40AE0324E50248B
Malicious:	false
Reputation:	low
IE Cache URL:	https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Preview:	/!. Application Insights JavaScript SDK - Web, 2.5.11. * Copyright (c) Microsoft and contributors. All rights reserved.. */.var e=this,t=function(e){"use strict";var i="function",r="object",t="undefined",a="prototype",o="hasOwnProperty";function n(){return typeof globalThis!==t&&globalThis?globalThis:typeof self!==t&&self?self:typeof window!==t&&window?window:typeof global!==t&&global?global:null}function s(e){var t=Object.create;if(t)return t(e);if(null==e)return{};if((t=typeof e)!==r&&t!==i)throw new TypeError("Object prototype may only be an Object:"+e);function n(){}return n[a]=e,new n}var c,f,P,u=function(e,t){return(u=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var n in t)t[o](n)&&(e[n]=t[n])})(e,t)},l=function(e,t){function n(){this.constructor=e}u(e,t),e[a]=null===t?s(t):(n[a]=t[a],new n)};(pt=nn=n()\|\|{}).__assign\|\|(pt.__assign=Object.assign\|\|function(e){for(var t,n=1,i=arguments.length;n<i;n++)for(var r in t=argumen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\insights[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1519
Entropy (8bit):	5.123517253365513
Encrypted:	false
SSDEEP:	24:y9dImm3xfpYC7QIWV0wRWUnapjkzdVFtAWI/0MnOHoXD1BSXT:y9Q3xfp/7yiwwUnapqQ0gOYD1BSXT
MD5:	89E2B6C8691FD4D88C3C2EC06D6CD685
SHA1:	1F7B45D2A620E2748B44829BD864F1DEFF0F86A2
SHA-256:	61BCE0E8943A51DEC1831C185192EB5DE7F414225520D17EDBF1F15C33D8C8E2
SHA-512:	4F585F95798140F02ED9C078C5B1AEF419667C4EE2E8414B73281B05B8DD2AAC683148F32FC63956C21FDD2D26BD840FD9DFDE8CE2B026E65FCC13A5E20DD6D3
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/insights.js?token=2122105617
Preview:	var sdkInstance = 'appInsightsSDK';window[sdkInstance] = 'appInsights';var aiName = window[sdkInstance], aisdk = window[aiName] \|\| function (e) { function n(e) { t[e] = function () { var n = arguments; t.queue.push(function () { t[e].apply(t, n) }) } } var t = { config: e }; t.initialize = !0; var i = document, a = window; setTimeout(function () { var n = i.createElement('script'); n.src = e.url \|\| 'https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js', i.getElementsByTagName('script')[0].parentNode.appendChild(n) }); try { t.cookie = i.cookie } catch (e) { } t.queue = [], t.version = 2; for (var r = ['Event', 'PageView', 'Exception', 'Trace', 'DependencyData', 'Metric', 'PageViewPerformance']; r.length;)n('track' + r.pop()); n('startTrackPage'), n('stopTrackPage'); var s = 'Track' + r[0]; if (n('start' + s), n('stop' + s), n('setAuthenticatedUserContext'), n('clearAuthenticatedUserContext'), n('flush'), !(!0 === e.disableExceptionTracking \|\| e.extensionConfig && e.extensionConfig.Appl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-ui.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	32109
Entropy (8bit):	5.256360302686669
Encrypted:	false
SSDEEP:	384:6CwiEtw1cR8lOXHc11evBMzymUh+4x6GcOzDBSc7nfZBhVi:plEtPXHcEBMznURx6GcOzDfBhA
MD5:	4EF4EC09FD03E96AC23FB3CB85C16746
SHA1:	A1A208B1EF92C7E604AE53EA283492EEB045D1D7
SHA-256:	B0B53EA606E7397F37666242CD8D63D17186B3CC8513D49A9852BF4828A1FC46
SHA-512:	CC021C31550069F904FA63DCDE06124CD77C74B61976F68C40756C80835CA51E06F3F7886FAB886CEF861EB7FF3B22A492CDE7EA705206F0AA388967D3D9649D
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/jqueryui/jquery-ui.min.css
Preview:	/! jQuery UI - v1.12.0 - 2016-07-08.. http://jqueryui.com..* Includes: core.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog.css, draggable.css, resizable.css, progressbar.css, selectable.css, selectmenu.css, slider.css, sortable.css, spinner.css, tabs.css, tooltip.css, theme.css..* To view and modify this theme, visit http://jqueryui.com/themeroller/?bgShadowXPos=&bgOverlayXPos=&bgErrorXPos=&bgHighlightXPos=&bgContentXPos=&bgHeaderXPos=&bgActiveXPos=&bgHoverXPos=&bgDefaultXPos=&bgShadowYPos=&bgOverlayYPos=&bgErrorYPos=&bgHighlightYPos=&bgContentYPos=&bgHeaderYPos=&bgActiveYPos=&bgHoverYPos=&bgDefaultYPos=&bgShadowRepeat=&bgOverlayRepeat=&bgErrorRepeat=&bgHighlightRepeat=&bgContentRepeat=&bgHeaderRepeat=&bgActiveRepeat=&bgHoverRepeat=&bgDefaultRepeat=&iconsHover=url(%22images%2Fui-icons_555555_256x240.png%22)&iconsHighlight=url(%22images%2Fui-icons_777620_256x240.png%22)&iconsHeader=url(%22images%2Fui-icons_444444

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-ui.structure.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	15552
Entropy (8bit):	5.2951899743266875
Encrypted:	false
SSDEEP:	192:Ly4ncR8lOG1bRCNPbtqxlhIuxrjv572hk/k52bZuQEjQDMsrsUR9P:L1cR8lOXHc11evs
MD5:	909CE025471E11A770DFEB266D02384A
SHA1:	B915957FC131DB3EC221E130AF9B2023D039D458
SHA-256:	4E2EC0490FFA766A812249114B99F7B2B578C750619F3175D948BE265F07AF11
SHA-512:	82888F071C8F992D6E33F2BF3E7E8A19BD1CEDD4D7F9923151D02947CAC846E61B061DBE855706D12EAD3DAC762E16D4429FF675C5192C9AF86239ACD58FE77D
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/jqueryui/jquery-ui.structure.min.css
Preview:	/! jQuery UI - v1.12.0 - 2016-07-08.. http://jqueryui.com..* Copyright jQuery Foundation and other contributors; Licensed MIT */.....ui-helper-hidden{display:none}.ui-helper-hidden-accessible{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.ui-helper-reset{margin:0;padding:0;border:0;outline:0;line-height:1.3;text-decoration:none;font-size:100%;list-style:none}.ui-helper-clearfix:before,.ui-helper-clearfix:after{content:"";display:table;border-collapse:collapse}.ui-helper-clearfix:after{clear:both}.ui-helper-zfix{width:100%;height:100%;top:0;left:0;position:absolute;opacity:0;filter:Alpha(Opacity=0)}.ui-front{z-index:100}.ui-state-disabled{cursor:default!important;pointer-events:none}.ui-icon{display:inline-block;vertical-align:middle;margin-top:-.25em;position:relative;text-indent:-99999px;overflow:hidden;background-repeat:no-repeat}.ui-widget-icon-block{left:50%;margin-left:-8px;display:block}.ui-widget-overlay{position:fixed

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-ui.theme.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	13880
Entropy (8bit):	4.87224905855555
Encrypted:	false
SSDEEP:	192:LwGIzlzymUh+4pQ8l6GcIPRBGWLTxBm9v5B6xBpYPzFhCNBjVs5y6sybYw9QoFYG:L7MzymUh+4x6GcOzDBSc7nfZBhVi
MD5:	74FB9452A91EF09555EB92AA59516997
SHA1:	B74731AF5B28A90CCA86FA1097C75D8F8419AB87
SHA-256:	11E1CF2B2EE76191E1556D414A6EEBB8E9A357B5930EBBC06858162174B1683D
SHA-512:	0107FDE1E003F418B9DA20D5DC38AE6D6397E70C239406343ED995470C934E032C833A4B01FE6E776C699646D64C3D2D376C2A21D9B1180CD4B3D41764B6F318
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/jqueryui/jquery-ui.theme.min.css
Preview:	/! jQuery UI - v1.12.0 - 2016-07-08.. http://jqueryui.com..* Copyright jQuery Foundation and other contributors; Licensed MIT */.....ui-widget{font-family:Arial,Helvetica,sans-serif;font-size:1em}.ui-widget .ui-widget{font-size:1em}.ui-widget input,.ui-widget select,.ui-widget textarea,.ui-widget button{font-family:Arial,Helvetica,sans-serif;font-size:1em}.ui-widget.ui-widget-content{border:1px solid #c5c5c5}.ui-widget-content{border:1px solid #ddd;background:#fff;color:#333}.ui-widget-content a{color:#333}.ui-widget-header{border:1px solid #ddd;background:#e9e9e9;color:#333;font-weight:bold}.ui-widget-header a{color:#333}.ui-state-default,.ui-widget-content .ui-state-default,.ui-widget-header .ui-state-default,.ui-button,html .ui-button.ui-state-disabled:hover,html .ui-button.ui-state-disabled:active{border:1px solid #c5c5c5;background:#f6f6f6;font-weight:normal;color:#454545}.ui-state-default a,.ui-state-default a:link,.ui-state-default a:visited,a.ui-button,a:link.ui-button,a:visi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\rp_bubbles[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12677
Entropy (8bit):	5.176265687437868
Encrypted:	false
SSDEEP:	192:yxN1jBGISrhFui5bAmhfQYquf2ssl1eFSm5TvzSFUMGTyjsDt5E2YeFdpOHej:yxHjBcFFAmhJYet
MD5:	E9B944B679BC0716E7C506AC6684BA28
SHA1:	B7D753886AC0E8AA16F792AB354025F60376516E
SHA-256:	4BC5A823BC0D699486B8DA7C703F02935D4E050FDF7E139CA77C6E744F9899F6
SHA-512:	50362FA9C95E04B2E32EB154429CA1D30E1777120D47D8F64F0B177BF47739BB53C7369EAC6CF7888F3AD94BD885EC8EB8980B90214E56C181F507DA2FDEDDCF
Malicious:	false
Reputation:	low
IE Cache URL:	http://cloud-drive.services/common/css/rp_bubbles.css
Preview:	/..Theme Name: CSS Bubbles and Tooltips..Theme URI: http://delicioustheme.com/demo-15/index.html..Description: A beautiful CSS Bubbles and Tooltips..Author: ukrop-studio..Author URI: http://www.delicioustheme.com../ .. .. ../* ==========================================================================.. Style.. ========================================================================== */.. .....rp_talk_bubble {..margin:10px;..display: inline-block;..position: relative;..width:220px;..height: auto;..background-color:lightyellow;..}.....rp_talktext {..padding:1.5em;..text-align:center;..line-height:1.8em;..}.....rp_talktext p {..font-style:italic; ..-webkit-margin-before: 0em;..-webkit-margin-after: 0em;..}.....rp_triangle_right.rp_left_top:after{..content: ' ';..position: absolute;..width: 0;..height: 0;..left: -20px;..right: auto;..top: 0px;..bottom: auto;..border: 22px solid;..border-color: lightyellow transparent transparent transparent;..}.....rp_triangle_right.rp_left_to

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\selawk[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Selawik family
Category:	downloaded
Size (bytes):	16547
Entropy (8bit):	7.9631348784938645
Encrypted:	false
SSDEEP:	384:MTI3MEqNVqouCpaRvqXXfUGQSMFCojnCwFww4yKE:N8EqNYoun9qfjQSMFCoTC8ww4yK
MD5:	6AB68A1E621E1C44E010926766EBBF2C
SHA1:	C6A83F954E0B700AC120B872C6576FAFFE77C01C
SHA-256:	81CA4F85C7A1F0074DBCDE42D58F278BEEBCB06D3F50B53542A9C26692B0C1E7
SHA-512:	06675BC50B8CD17EA13F3E6740E3BB7E997D10FBD0A526F6F0EC8BD70F5B444E31E55749E7375D3BAC317A438FC66FD355F2F9C0C24799841DD3AF9300FFB04F
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/fonts/selawk.eot
Preview:	.@...?............................LP................... ............................S.e.l.a.w.i.k.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.1.....S.e.l.a.w.i.k..........?..?..=.......U.D.-...Wu...,...oO....?..........._..W.....M..._&Z..1..y.0d......g.0..15,5.>Isia...W5.au....\=.$a!..%"...u&.?.x7?..hy\|......J.m...U.&.....v......5...:...c.K.^.9.3..I%QZ..W.v..5.N=X..3.D1.1.l..jI..KN...#I.C?.l..yOtg\.L..:.....Q;..DN.\|...G.t;.......4...s.\|S....)I....K.v.z.....#E..?I....!&.....w...(....^T.......8y...B..6..a.f1.....GT...sx.B....x.....4..ga....R_$.2Ya............h..l;.T...?..a.a.:.t..v...w$.<.A`.E.B.....x.....c..8.....C"e0......;f..p./v..-...J.....Y..i.T....G.....d6..h.xz.,...b.0..#U.A...MH)...W.5..A.f..Pk.].l....PT.N.......<"f...VI..?:.s.'@)...0....c....4....B.A.@.A........$.]...z.\|.K...EY.Q.g..@./...y).#....-.C.Y.Bf\.y.y.....2.t'.8c.<....g-.c..7g.....".i...#...y...!...o0dNvD..<......N......4H8dB..... ....Fq.vE.!.vA....2%.R.#.T.......... ....j....rg..7..c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\selawksb[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Selawik Semibold family
Category:	downloaded
Size (bytes):	16856
Entropy (8bit):	7.957479096473991
Encrypted:	false
SSDEEP:	192:2B1PNH9xZAcxnCkII6hkfEAhFMtNwwUpL+Y/9mVyvbzCTAR9h59FEEObbmDQYJh2:eF9YSnAh6EADspS6VQbzffOmUYH2
MD5:	86745E35835E5615C44EA38C2FEE057B
SHA1:	74E49885C481F0457DE79D668C303B7F55F7B2AE
SHA-256:	DFF4CB491E56DD9C76A5E1C5192EA4ED8EB644A688A42DA4EF29FE359938D2C8
SHA-512:	F4F73F3FF0ACA40C32321BA8884D5078085F72AE77590C70D6161A702CF91D6B9A5AFEE198F9BD98F54E526128C27BB9AD002C887E1CF19752A9245F4C60C673
Malicious:	false
Reputation:	low
IE Cache URL:	https://secure.terranovasite.com/portal/fonts/selawksb.eot
Preview:	.A...A......................X.....LP................... .......................... .S.e.l.a.w.i.k. .S.e.m.i.b.o.l.d.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.1... .S.e.l.a.w.i.k. .S.e.m.i.b.o.l.d..........A..A..=.......U.D.-...Wu...,...oO.v.X..5...."..z~..6.U......bm.....f42O#............nf&......:..1..d..OI.........h.w...^_f.0. .....m.w..c....f..Vr.i.`bb;.r.g.8..\......q.....j.U?.Ps.r.(A.......[I.4..;.:...#..C<./...Lxhw...6F>.......#D..P}vV@.....7./.=...h....}x.u/.H.~....P......z.8L....].#...."}..".\'bH. ."D........L..va.....Nc..h ....z.E$.-..@.NLj...._...1m.b\|.:rYr.lf&3..c.#y.p&....rp..X...V+,.(.F..D.....I..R..a...B.q>qa0.m.Fg..n&)....x.}k.H.D.....i..k..z.!.\|.......-...\.s.8..$....(t..n........_MGN...C.R.I.A.!.:.._{...iu(..D".M}<...X2.....-1.3~$.kD..N..W...<=m=T...S....l.@p..9..3.h.k..v..S.H6a.1lFl..;...'ap.8f3....}G....il..+6!y..@......)4.:.2.... F.z.... ..L.7.<......M.......S..\|..m...Y.o7.'Ktm.H...(./..H......ond)$...........d5*J.h...r?.4.M

C:\Users\user\AppData\Local\Temp\~DF010439FB5F82DC94.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.2888555113862237
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	1D3B92B2D176A574CAA348D1535EB46A
SHA1:	E72806E4C4C7C11F654AC2C04ACDEC97C8B56EB9
SHA-256:	32E0906B790462EDB2853AE632C15FF0DF1E57B4B8943409F738929C43637550
SHA-512:	232C32E6C1A964C2E789C6DA06C31EF74631A1B3D6F47C5B0619A4E96E44A550F79D74EE91555D59044C8A0AE7DF131913324C521D7FEFA90B60E463B2497334
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF4AE67E7C46965483.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47677662281494165
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loeKi9loeKS9lWeKwsH50J:kBqoIfNfLf9Z0J
MD5:	0E1B6F39031E0BC334052DAAE07D5D0B
SHA1:	45F955E7B7F8883D6ACEECF7B60FFC1DD87A2932
SHA-256:	48B6969E2865E27E0D68C0C1A3FACAC6A5DC78E94D3F39EC3274932D5F96EB55
SHA-512:	7194B19B942224F47D95F96ED7515ED43B914AF3BA59BCFA927513DE0D185C60DDD60B14D7DA92856E45AB5CF14C95813CFDA18F003B9E20515D65155DD7B426
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF950719B2CF711C8C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	89412
Entropy (8bit):	2.7364703162929906
Encrypted:	false
SSDEEP:	768:A/ib1BlO+fzHVUED7Np/ib1BlO+fzHVUED7Nu/ib1BlO+fzHVUED7N:Qibbl7Vxibbl7Vuibbl7V
MD5:	A598F4911B39553705D611F4A02ED040
SHA1:	7589E88777C1EDDD88C34521D3488679E16193A5
SHA-256:	4B8302CA1F9578599F73378FC88DC92A11E02F59B918C387217C71BB583B1940
SHA-512:	6A1C6F31334EF5609BA2563B7E9639460009C4ABA20CC3BFE5376392B268D36908DB841DB2FADEC2F011AFDDD646F4DB917797262ED5E22D74D1CE4852DAEBAA
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
02/03/21-18:00:57.059922	TCP	1141	WEB-MISC handler access	49755	80	192.168.2.4	52.235.47.121
02/03/21-18:01:17.995452	TCP	1141	WEB-MISC handler access	49755	80	192.168.2.4	52.235.47.121

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 3, 2021 18:00:54.792836905 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:54.792973995 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:54.938806057 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:54.938977003 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:54.939235926 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:54.939347982 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:54.940474033 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.154090881 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.187901020 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.187932014 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.187956095 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.187978983 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.188007116 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.188046932 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.238919020 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.241642952 CET	49755	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.242194891 CET	49756	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.242384911 CET	49757	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.242978096 CET	49758	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.331382990 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.331434011 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.331465006 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.331491947 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.331495047 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.331518888 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.331522942 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.331526995 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.331537008 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.331557035 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.331569910 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.331587076 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.331603050 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.331619978 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.331653118 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.331695080 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.383373976 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.383410931 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.383438110 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.383466005 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.383488894 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.383523941 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.385509014 CET	80	49755	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.385624886 CET	49755	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.386101961 CET	80	49758	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.386132002 CET	80	49756	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.386189938 CET	49758	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.386233091 CET	49756	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.386286020 CET	80	49757	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.386390924 CET	49757	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.387656927 CET	49755	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.387872934 CET	49757	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.387964010 CET	49756	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.387984991 CET	49758	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.475056887 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.475174904 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.477407932 CET	49754	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.529879093 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.529937029 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.529982090 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.529985905 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.530005932 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.530026913 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.530031919 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.530069113 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.530076981 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.530108929 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.530111074 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.530153990 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.530508995 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.530549049 CET	80	49753	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.530642986 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.530667067 CET	49753	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.532628059 CET	80	49758	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.532663107 CET	80	49758	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.532680035 CET	80	49758	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.532716990 CET	49758	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.532732010 CET	80	49755	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.532758951 CET	80	49755	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.532763958 CET	49758	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.532783031 CET	80	49755	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.532804966 CET	80	49755	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.532840967 CET	49755	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.532874107 CET	49755	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.533407927 CET	80	49757	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.533437014 CET	80	49757	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.533459902 CET	80	49756	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.533483028 CET	80	49756	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.533499956 CET	49757	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.533505917 CET	80	49756	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.533571005 CET	80	49756	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.533581018 CET	49757	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.533658981 CET	49756	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.533688068 CET	49756	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.533694029 CET	49756	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.540220976 CET	49758	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.542196035 CET	49757	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.544400930 CET	49756	80	192.168.2.4	52.235.47.121
Feb 3, 2021 18:00:55.621602058 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.621650934 CET	80	49754	52.235.47.121	192.168.2.4
Feb 3, 2021 18:00:55.621680021 CET	80	49754	52.235.47.121	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 3, 2021 18:00:48.866303921 CET	53700	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:48.919848919 CET	53	53700	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:49.820785046 CET	51726	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:49.867719889 CET	53	51726	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:51.940514088 CET	56794	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:51.986444950 CET	53	56794	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:52.723617077 CET	56534	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:52.772327900 CET	53	56534	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:53.420826912 CET	56627	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:53.476450920 CET	53	56627	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:53.722656965 CET	56621	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:53.768429995 CET	53	56621	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:54.637886047 CET	63116	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:54.695729971 CET	64078	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:54.741621017 CET	53	64078	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:54.781759024 CET	53	63116	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:57.386012077 CET	64801	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:57.431895018 CET	53	64801	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:58.696372986 CET	61721	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:58.742410898 CET	53	61721	8.8.8.8	192.168.2.4
Feb 3, 2021 18:00:59.872770071 CET	51255	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:00:59.918493986 CET	53	51255	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:01.168730021 CET	61522	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:01.214399099 CET	53	61522	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:03.433079958 CET	52337	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:03.478779078 CET	53	52337	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:05.883677006 CET	55046	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:05.937346935 CET	53	55046	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:07.066160917 CET	49612	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:07.114763021 CET	53	49612	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:13.298405886 CET	49285	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:13.461718082 CET	53	49285	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:16.361845970 CET	50601	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:16.411683083 CET	53	50601	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:18.018899918 CET	60875	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:18.133677006 CET	53	60875	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:20.863512993 CET	56448	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:20.925687075 CET	53	56448	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:21.354341984 CET	59172	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:21.400165081 CET	53	59172	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:23.423614979 CET	62420	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:23.489895105 CET	53	62420	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:24.191032887 CET	60579	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:24.239423037 CET	53	60579	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:24.429234028 CET	62420	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:24.478046894 CET	53	62420	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:25.192727089 CET	60579	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:25.241565943 CET	53	60579	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:25.429358006 CET	62420	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:25.476222992 CET	53	62420	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:26.208381891 CET	60579	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:26.254220963 CET	53	60579	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:27.444807053 CET	62420	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:27.490537882 CET	53	62420	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:28.224150896 CET	60579	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:28.270323992 CET	53	60579	8.8.8.8	192.168.2.4
Feb 3, 2021 18:01:31.458698034 CET	62420	53	192.168.2.4	8.8.8.8
Feb 3, 2021 18:01:31.506664991 CET	53	62420	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 3, 2021 18:00:54.637886047 CET	192.168.2.4	8.8.8.8	0x33a2	Standard query (0)	cloud-drive.services	A (IP address)	IN (0x0001)
Feb 3, 2021 18:01:13.298405886 CET	192.168.2.4	8.8.8.8	0xcdaf	Standard query (0)	favicon.ico	A (IP address)	IN (0x0001)
Feb 3, 2021 18:01:18.018899918 CET	192.168.2.4	8.8.8.8	0xb0d9	Standard query (0)	secure.terranovasite.com	A (IP address)	IN (0x0001)
Feb 3, 2021 18:01:21.354341984 CET	192.168.2.4	8.8.8.8	0xbdfe	Standard query (0)	dc.services.visualstudio.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 3, 2021 18:00:54.781759024 CET	8.8.8.8	192.168.2.4	0x33a2	No error (0)	cloud-drive.services		52.235.47.121	A (IP address)	IN (0x0001)
Feb 3, 2021 18:01:13.461718082 CET	8.8.8.8	192.168.2.4	0xcdaf	Name error (3)	favicon.ico	none	none	A (IP address)	IN (0x0001)
Feb 3, 2021 18:01:18.133677006 CET	8.8.8.8	192.168.2.4	0xb0d9	No error (0)	secure.terranovasite.com		40.86.224.87	A (IP address)	IN (0x0001)
Feb 3, 2021 18:01:20.925687075 CET	8.8.8.8	192.168.2.4	0xbbd	No error (0)	sni1gl.wpc.gammacdn.net		152.199.21.175	A (IP address)	IN (0x0001)
Feb 3, 2021 18:01:21.400165081 CET	8.8.8.8	192.168.2.4	0xbdfe	No error (0)	dc.services.visualstudio.com	dc.applicationinsights.microsoft.com		CNAME (Canonical name)	IN (0x0001)
Feb 3, 2021 18:01:21.400165081 CET	8.8.8.8	192.168.2.4	0xbdfe	No error (0)	dc.applicationinsights.azure.com	global.in.ai.monitor.azure.com		CNAME (Canonical name)	IN (0x0001)
Feb 3, 2021 18:01:21.400165081 CET	8.8.8.8	192.168.2.4	0xbdfe	No error (0)	global.in.ai.monitor.azure.com	global.in.ai.privatelink.monitor.azure.com		CNAME (Canonical name)	IN (0x0001)
Feb 3, 2021 18:01:21.400165081 CET	8.8.8.8	192.168.2.4	0xbdfe	No error (0)	global.in.ai.privatelink.monitor.azure.com	dc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)

HTTP Request Dependency Graph

cloud-drive.services

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49754	52.235.47.121	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 3, 2021 18:00:54.940474033 CET	67	OUT	GET /l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive
Feb 3, 2021 18:00:55.187901020 CET	73	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 Set-Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2; expires=Fri, 05-Mar-2021 17:00:55 GMT; path=/; HttpOnly ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:54 GMT Content-Length: 16434 Data Raw: 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 0d 0a 09 59 4f 55 27 56 45 20 42 45 45 4e 20 50 48 49 53 48 45 44 21 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 6f 6d 6d 6f 6e 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 6f 6d 6d 6f 6e 2f 6a 71 75 65 72 79 75 69 2f 6a 71 75 65 72 79 2d 75 69 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 6f 6d 6d 6f 6e 2f 6a 71 75 65 72 79 75 69 2f 6a 71 75 65 72 79 2d 75 69 2e 73 74 72 75 63 74 75 72 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 6f 6d 6d 6f 6e 2f 6a 71 75 65 72 79 75 69 2f 6a 71 75 65 72 79 2d 75 69 2e 74 68 65 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 63 6f 6d 6d 6f 6e 2f 63 73 73 2f 72 70 5f 62 75 62 62 6c 65 Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>YOU'VE BEEN PHISHED!</title><meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link href="/common/bootstrap/css/bootstrap.css" rel="stylesheet" /><link href="/common/jqueryui/jquery-ui.min.css" rel="stylesheet" /><link href="/common/jqueryui/jquery-ui.structure.min.css" rel="stylesheet" /><link href="/common/jqueryui/jquery-ui.theme.min.css" rel="stylesheet" /><link href="/common/css/rp_bubble
Feb 3, 2021 18:00:55.477407932 CET	104	OUT	GET /common/css/rp_tooltips.css HTTP/1.1 Accept: text/css, / Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.621602058 CET	140	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Encoding: gzip Last-Modified: Tue, 06 Aug 2019 19:41:54 GMT Accept-Ranges: bytes ETag: "0adebff8e4cd51:0" Vary: Accept-Encoding Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:54 GMT Content-Length: 2514 Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 5a dd 6f dc b8 11 7f 37 e0 ff 81 b8 c2 80 9d 5a b2 b4 df ab e0 1e d2 bb 97 7b 68 0b 34 29 70 87 43 11 70 25 ee 2e 1b ad 28 48 da 38 4e 91 ff bd a4 48 49 1c 7e 68 77 9b 35 70 40 7d 97 c4 20 47 c3 19 ce 6f 3e 38 e4 d3 9b db 9b 0f 7b 72 20 e8 6f f8 40 12 f4 d3 fb f7 e8 2f c7 cd 26 27 35 c2 45 86 3e 30 96 37 b4 ac 3b aa 7f fe e3 97 04 ed 9b a6 4c 9e 9e 32 92 d3 94 b2 63 dd 88 a9 30 65 07 3e 74 60 41 3c 7f a2 45 46 be 84 fb e6 90 df de fc 4c ea b4 a2 65 43 59 91 a0 77 68 43 f0 b1 a1 db 63 3e b2 d6 bb 63 b3 67 55 82 8e 9f 2a 56 06 75 73 cc 28 eb 46 81 08 cf cf cf a1 2d c6 ed cd 9b a7 db 9b db 9b a7 37 e8 c7 ab fd dc de 20 f4 be 79 c9 09 ff e5 7a 5c 91 94 34 ac ca 8f 29 2b 1a 4c 0b 52 7d 6c 58 89 fe 23 d6 43 e8 80 ab 1d 2d 02 3e 92 a0 65 54 7e 79 0b 86 37 ac 69 d8 21 41 73 39 f3 4d b0 12 d3 36 bb 12 d5 25 2e 3a ae e2 67 cb e7 83 9a 7e e5 46 9f cc 7a c6 e2 a7 21 5f 9a a0 a9 70 51 6f 59 c5 b9 1f cb 92 54 29 ae 89 46 93 b2 5c 18 68 93 e3 f4 93 36 5c e2 2c a3 c5 2e a8 e8 6e df 24 28 9e f7 8c bf 75 6a 16 1c 67 5c 24 69 ea 4e 20 f5 9d fc 02 c5 83 a2 1b ce 7f 57 b1 63 91 25 28 17 4c 5f 48 9e b3 67 35 eb 90 42 ee 4c 82 22 c4 61 c6 d4 60 ab 11 e6 df f3 89 94 14 0d a9 ba dd 82 3b 25 f7 f3 9a 7b af 38 fe 71 b6 7f 10 2d 27 db e6 9a aa b6 fc be 47 d1 82 15 27 74 74 68 d1 aa 7a 4d 35 24 c3 d7 d5 e3 62 5b e1 82 1e 70 43 b2 6b 2a da f3 fc e3 80 53 84 05 4b d7 f4 58 d5 82 df 81 7d ee 56 29 59 4d 65 3e a9 48 8e 1b da 4e 00 35 01 a7 24 d9 10 2e 2e 79 f4 ce e3 2d 8f 09 fa 0e 0c 2b e0 4d cd f2 63 a3 2b 28 90 2e 76 f7 4e 1b 63 25 4e 69 f3 c2 03 8f 36 f8 35 68 13 61 82 82 38 8a 74 65 dd 62 ec b9 86 d5 49 61 b7 2c 3d d6 27 a9 14 af 56 b1 53 ac 2c ed 7b 65 62 97 32 83 2e 2d 22 06 30 d4 29 ce c9 7d fc 20 c7 b8 61 c8 6f f7 d1 c3 69 bd 95 2e ba 04 1b 56 65 a4 e2 a9 9f 27 5c ce 98 e5 34 7b 6b cd 3e d3 ac d9 73 79 c8 01 85 cb 39 ff 3b 92 ff da 94 0a 92 7f 8a a2 48 0a 57 e2 8a e7 01 df ef 80 81 f4 25 ae b4 6e 6e e5 69 12 09 41 08 17 15 3e c6 b9 24 e8 87 1f c6 36 2a 5c 80 9d 0a d6 d1 dd 83 49 df 81 30 cf 51 b8 98 d7 dc 19 36 34 0d 36 e4 2b 25 d5 7d b8 9a 3f a2 20 0a e3 d5 23 9a c6 8f 28 0e 27 8b 87 c7 ce 7a f2 83 70 5e bf 0a f0 74 63 0d 92 06 bc 18 c3 1c 37 e1 e4 8c 55 6d dc e9 d9 5e d8 ca 36 64 85 33 ca 85 e0 0b 98 76 56 66 5a 01 33 75 76 df 6e b7 da 68 87 1b c8 a2 af 41 e6 20 e2 41 4b 2f dd 86 c6 4d 53 dd 67 b8 c1 01 af 6a 1e 46 8d 3e 07 46 9f 5f 6e f3 19 b7 79 6b f2 b0 b7 f9 79 fb fd 5d 21 c1 b6 71 04 96 fc 5d 6a 2f eb ba 7f 71 f6 a1 fa bd 2f f1 5c 31 db 11 df 7b 05 20 47 08 4e 63 0e a8 a4 46 0d 34 77 a3 97 45 fa cf b4 a6 1b 9a b7 b1 70 4f b3 8c 14 da 64 70 a8 83 2d cd 39 3f ee e9 65 c5 76 34 4b 7e fe f5 97 03 de 91 0f 9d d9 c3 bf d2 b4 62 35 db 36 e1 bb bc dc e3 fb bf 4b e7 fc 31 7a d0 63 43 c7 e6 72 2e a7 52 50 f0 4c 36 9f a8 ca d9 4a d1 2e 40 44 1c 36 88 f0 e4 cd 23 7b c0 8e cd a3 a6 af 63 12 b0 12 62 49 1a 00 cf 28 5c b6 a0 5c 3e f2 c9 e5 b2 c5 e7 cc 87 f0 ff 51 8e ef 5a df 52 22 19 dc 71 9a dd 47 fc 3b fe bf c7 85 4f 50 96 8c 8a b3 45 40 3e f3 a0 50 83 42 d0 87 6a e9 93 63 d8 96 14 3a c2 0d 02 e9 b1 63 2c 24 85 d3 49 1c eb 1b 73 ce cf 1c 6b 1a 73 96 9f e9 ae d4 fe 9e 93 6b f9 12 cf cd 57 f1 26 c1 e7 ed 48 Data Ascii: Zo7Z{h4)pCp%.(H8NHI~hw5p@} Go>8{r o@/&'5E>07;L2c0e>t`A<EFLeCYwhCc>cgUVus(F-7 yz\4)+LR}lX#C->eT~y7i!As9M6%.:g~Fz!_pQoYT)F\h6\,.n$(ujg\$iN Wc%(L_Hg5BL"a`;%{8q-'G'tthzM5$b[pCkSKX}V)YMe>HN5$..y-+Mc+(.vNc%Ni65ha8tebIa,='VS,{eb2.-"0)} aoi.Ve'\4{k>sy9;HW%nniA>$6*\I0Q646+%}? #('zp^tc7Um^6d3vVfZ3uvnhA AK/MSgjF>F_nyky]!q]j/q/\1{ GNcF4wEpOdp-9?ev4K~b56K1zcCr.RPL6J.@D6#{cbI(\\>QZR"qG;OPE@>PBjc:c,$IskskW&H
Feb 3, 2021 18:00:55.626101017 CET	143	OUT	GET /Media/tgmedia_81B98B7BC7F64F6D9E29F9AAD2018618/TN_PHI_L30F_EN_Shareddocumentinthecloud_v1b1.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.802902937 CET	183	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Thu, 31 Aug 2017 19:28:54 GMT Accept-Ranges: bytes ETag: "05fc7618f22d31:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 64600 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 06 bf 00 00 05 c2 08 06 00 00 00 a2 db f6 fd 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 fb fa 49 44 41 54 78 da ec dd 5f 90 54 d7 81 e7 f9 73 f3 4f 55 f1 47 55 b0 63 59 96 6d 8c d8 88 b1 3b 02 ba 11 6b 4b b1 4d c7 86 a4 91 23 16 9e 24 70 84 e9 d8 17 20 62 e1 d1 40 34 7e 94 40 d2 cb 46 18 87 c0 fb 26 c5 06 f0 66 1c 61 90 a6 37 06 45 ac 64 c4 78 8c 67 2c cf 20 f5 c0 b6 ed f9 83 30 ee 96 64 af 2c 55 49 40 51 95 99 77 ef ef 66 9e e4 d4 a9 fb 2f b3 b2 aa 32 b3 be 1f fb 2a ff dd 3c 79 ef b9 37 6f 51 e7 57 e7 1c 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 09 de fa d9 db 97 a2 db 27 a9 0a 00 00 00 00 00 00 00 00 80 c1 f0 f4 bf 7a 32 a0 16 92 95 a8 02 00 00 00 00 00 00 00 00 00 0c 0b c2 2f 00 00 00 00 00 00 00 00 00 0c 8d 8a fb 60 dd ba 89 68 59 47 ad 00 00 00 00 00 00 00 00 00 f4 91 e9 e9 69 f3 e1 87 1f 51 11 05 cc 09 bf aa d5 11 b3 7a f5 6a 6a 05 00 00 00 00 00 00 00 00 00 03 89 61 0f 01 00 00 00 00 00 00 00 00 30 34 08 bf 00 00 00 00 00 00 00 00 00 30 34 08 bf 00 00 00 00 00 00 00 00 00 30 34 08 bf 00 00 00 00 00 00 00 00 00 30 34 2a 54 01 00 00 00 00 00 00 00 00 c0 60 09 c3 30 58 ca 8f b3 77 82 20 e8 fb ba 21 fc 02 00 00 00 00 00 00 00 00 40 96 76 e2 15 86 a1 fb 7c fc a0 df 02 31 c2 2f 00 00 00 00 00 00 00 00 80 01 73 f3 f7 b7 7a 96 38 3d f4 c5 07 cd d8 d8 98 fb 54 58 f0 ad f1 36 38 81 58 5f 84 61 84 5f 00 00 00 00 00 00 00 00 00 03 e6 97 ff fe 57 1d 27 4c b5 5a 2d 9c 9d 9d 4d 7d bd d1 a8 9b bb 77 a7 cd f8 03 0f 04 0f 8c 3f 10 3f f7 95 2f 7f 39 be 7d f8 e1 2f 99 07 bf f0 2f 6c 48 96 16 8e b9 61 58 b8 5c 21 18 e1 17 00 00 00 00 00 00 00 00 c0 80 f9 d2 97 1e ea 3c fc ca 08 be a4 de 68 98 7a bd 1e df 57 80 a5 a0 ec 9f 3f f8 c0 4c 4f df 33 ff f5 bf fd f7 f0 ee dd 3b a6 5a a9 9a 2f 7c e1 5f 04 5f f9 ca 97 cd c3 5f fa 92 f9 e2 17 1f 8c 57 4f 28 2e 58 ae 10 8c f0 0b 00 00 00 00 00 00 00 00 60 c0 a8 77 56 17 6f 4b 7d 4f 18 69 34 1a f6 be 7a 89 99 46 74 ab fb 0a c4 ea d1 e3 9a 6e a3 65 66 66 c6 fc e3 6f 7e 67 fe d3 d5 f7 c2 72 a9 64 fe e2 2f be 11 7c e3 eb ff d2 4c 4c 8c f7 45 08 46 f8 05 00 00 00 00 00 00 00 00 30 60 3e fe f3 9f 4b b9 2b 85 26 6c 84 8d c4 97 1a 0d 05 5b f7 5f 2b 95 4a 41 a5 52 89 c3 2d 05 5a d5 91 11 e5 61 66 64 64 c4 8c 46 4b f4 5a d0 88 de a4 e0 4b 3d c4 66 67 67 35 84 62 a0 90 ec fd 9b bf 37 ef be f7 0f e1 57 bf f2 e5 60 eb d6 bf b4 43 25 fa 41 58 1c 82 05 41 10 2e 76 dd 10 7e 01 00 00 00 00 00 00 00 00 0c 98 d5 ab 56 e5 86 5f 61 93 ff 9c 09 13 e2 a7 4a a5 dc 7a bd f9 df 5a ad 1e 28 bf ba 7d fb 76 1c a2 29 e4 aa 8e 54 83 6a b5 1a 8e 8d 8e 9a 35 ab 57 07 76 0e b1 55 ab 56 85 6b d7 ae 09 14 8c 5d 7a fb e7 e1 9a 35 ab cd e3 8f 7d 33 48 0a c1 a2 cf 57 f7 af 45 ed 05 46 f8 05 00 00 00 00 00 00 00 00 30 60 6a b5 7a b9 9b f7 35 d3 b0 66 1e 15 0f 6b d8 68 a8 37 96 b1 21 59 18 36 c2 72 a9 59 b4 7a 7a e9 35 05 63 23 23 d5 b0 52 a9 9a 7a bd 16 de be 73 c7 d4 6b f5 b0 54 2e 29 c2 0a 27 26 26 82 b5 6b d6 84 33 b3 b3 66 7c 7c 3c 0e cc 7e 71 e5 3f 98 d1 d1 91 f0 af ff e7 c7 83 2f 3e 38 6f 5e 30 f5 02 5b b4 00 8c f0 0b 00 00 00 00 00 00 00 00 60 c0 d4 1b dd 85 5f 9e 50 d3 80 95 4a e5 56 8f b0 b0 15 8e 35 e2 fb 41 a9 14 b6 82 a4 38 a8 9a 9e 9e Data Ascii: PNGIHDRtEXtSoftwareAdobe ImageReadyqe<IDATx_TsOUGUcYm;kKM#$p b@4~@F&fa7Edxg, 0d,UI@Qwf/2<y7oQWcd'z2/`hYGiQzjja04040404T`0Xw !@v\|1/sz8=TX68X_a_W'LZ-M}w??/9}//lHaX\!<hzW?LO3;Z/\|___WO(.X`wVoK}Oi4zFtneffo~grd/\|LLEF0`>K+&l[_+JAR-ZafddFKZK=fgg5b7W`C%AXA.v~V_aJzZ(}v)Tj5WvUVk]z5}3HWEF0`jz5fkh7!Y6rYzz5c##RzskT.)'&&k3f\|\|<~q?/>8o^0[`_PJV5A8

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49753	52.235.47.121	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 3, 2021 18:00:55.238919020 CET	78	OUT	GET /common/bootstrap/css/bootstrap.css HTTP/1.1 Accept: text/css, / Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.383373976 CET	91	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Encoding: gzip Last-Modified: Tue, 06 Aug 2019 19:41:54 GMT Accept-Ranges: bytes ETag: "0adebff8e4cd51:0" Vary: Accept-Encoding Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:54 GMT Content-Length: 23052 Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 6b b3 e3 b8 91 20 fa 7d 22 e6 3f 68 aa c3 d1 55 6e 49 ad b7 8e 8e a3 6b 67 ae 77 63 c7 11 eb f9 b2 fe b0 11 ed be 1b 14 49 1d d1 45 89 32 49 d5 a3 e7 7a 7f fb 05 40 e2 9d 99 00 25 9d ea f6 86 ab ec ae 73 88 cc 44 22 91 48 64 e2 91 f8 fe b7 ff f2 cf ff 34 fa ed e8 ff a9 aa b6 69 eb e4 32 fa b8 9c 2e a7 9b d1 db 63 db 5e 9e bf ff fe 25 6f f7 b2 6c 9a 56 a7 77 02 fc f7 d5 e5 4b 5d bc 1c db d1 62 36 9f 4f d8 7f d6 a3 3f 7d 2a da 36 af c7 a3 3f 9c d3 a9 80 fa 1f 45 9a 9f 9b 3c 1b 5d cf 59 5e 8f fe f8 87 3f 75 64 1b 4e b7 68 8f d7 3d a7 f8 7d fb 69 df 7c af 2a f9 7e 5f 56 fb ef 4f 49 c3 68 7d ff 3f fe f0 fb ff f6 1f ff f3 bf 89 4a bf ff e7 7f 62 dc 8e ce 55 7d 4a ca e2 e7 7c 9a 36 0d e7 76 36 5d 8e fe 3f 41 bc af 8f fd 66 50 3f e7 69 55 26 cd f7 36 1e a7 76 6c 4f e5 e8 3f 19 69 f6 e7 50 9d db c9 21 39 15 e5 97 e7 51 93 9c 9b 49 93 d7 c5 e1 77 5d e9 e4 53 be ff 50 b4 93 36 ff dc 4e 1a 46 63 92 64 7f b9 36 ed f3 68 3e 9b fd 46 02 9d 1a 1c e0 6f ff fc 4f ff fc 4f fb 2a fb 22 2b 3c 25 f5 4b 71 7e 1e cd 64 61 52 b7 45 5a e6 63 f6 53 53 64 fc df 2c 6f 93 a2 6c d8 4f 87 e2 25 4d 2e 6d 51 9d bb 5f ae 35 2f 3f 30 91 31 79 b3 86 e4 49 d6 fd f0 52 57 d7 0b fb e1 94 14 1c f4 94 9f af ec 9f 73 f2 91 fd b7 c9 d3 9e 42 73 3d b1 ea 15 2b 59 d1 5c ca 84 b5 9b 49 3e fd a0 f8 b9 66 45 c5 80 d3 e4 fc 31 e1 4c 5c ea ea a5 ce 1b fe e3 47 c6 60 e5 a1 17 e7 b2 38 e7 13 49 85 97 7d cc 79 ab 92 72 c2 24 ff c2 5a bb 4f 9a 9c 03 c9 4a 38 8c a8 e8 f9 5c b5 6f 7f 4c 59 2f d4 55 d9 fc f4 4e 12 b7 2a 38 57 02 53 7e 3f e6 5c 03 3b 11 f2 df 05 c5 1f 8f 45 96 e5 e7 9f 18 97 6d 7e 62 78 6d ee 31 da d3 e9 9a 29 4b f7 49 fa 81 8b ef 9c 4d 98 c2 54 f5 f3 88 69 e3 b9 b9 24 75 7e 6e 2d 7e 9f 13 26 c8 8f bc 07 ba 5f 8f 15 6b a6 c9 70 75 6d 79 23 1d ce 92 fd be fe b1 2d da 32 ff 49 d5 59 d5 ac e3 26 fb aa 6d ab 13 d3 95 cb e7 51 c6 7e ce 33 a5 31 bc b7 98 48 ce 2f 96 a2 7e ea 5b be af 4a 05 9a 1d ce 16 4c d3 7e 29 19 0b 45 cb 44 9f 4a a0 e3 dc d5 bf e9 66 9b 9f 14 a3 1d 26 d3 df e7 d1 22 3f 49 2c 06 fb 41 e2 f5 b2 f9 66 36 93 38 5a 70 ec f3 e1 a0 14 ba 61 c3 cd 1e 5f 1d e1 27 3d 20 9a ab 68 e0 f5 22 c1 2e 55 53 70 25 7d 1e d5 39 eb 3a 26 65 9f b1 ed 5a 8e 38 a1 6e ae 16 84 54 ce a8 ad ad 2e cf a3 c9 74 ad 5b ca 18 d2 7d d3 75 ca 64 ba 30 00 8a d3 8b dd 79 c6 08 6e 3e be 08 35 7e ae d9 c0 54 1a cc 95 e3 50 56 9f 9e 47 9d 66 4a e8 6e 18 bb dd 31 67 9d b1 9a 5d 3e ab 0e 53 8a e5 b6 53 da a4 7d f5 99 0b a6 38 bf 3c 8f f8 f8 61 da ca bf 29 a3 54 fd 1c 00 c1 4b 05 07 17 cd a4 6e 4a 72 6d 2b 09 90 56 c2 5a 7d d8 67 c2 48 f0 9f 9b e4 74 01 2d eb a9 3a 57 6c 48 a5 f9 58 ff e8 f7 f0 5c cb 7b 7f 65 bd c0 6d 56 71 be 5c 5b f6 6f 75 69 a5 91 63 fd ca 4c 9a 18 e8 9f 5b 36 4c 13 c8 b6 4a d2 dc 3c 1d 99 49 6f fb 6f bd 1e eb 8f 46 75 7e 7b 3f 16 4d b1 2f 73 8f ab 8e 05 a5 4f dc fa 0b ab 71 60 93 8d 6d 67 14 8a 98 75 44 6b 7e 6c bf 5c f2 1f de 74 25 6f 7e 92 8d ec 3f 33 53 9b b7 de 57 a6 a0 a7 82 7d 96 55 4a 2d 48 2e 97 3c 61 35 a7 4c 7c 1d 41 d9 ce 6b dd f0 86 5e aa 82 75 6d 6d 1a b2 0e ee 47 66 16 13 d6 b6 ec a7 de a0 19 0c aa 22 d3 ba 49 8a 59 7e 48 ae 65 6b 9a 38 4d f5 f9 59 68 de a1 4a af cd a4 38 9f c5 f4 c4 8b 05 61 bf d4 ac e0 Data Ascii: k }"?hUnIkgwcIE2Iz@%sD"Hd4i2.c^%olVwK]b6O?}6?E<]Y^?udNh=}i\|~_VOIh}?JbU}J\|6v6]?AfP?iU&6vlO?iP!9QIw]SP6NFcd6h>FoOO"+<%Kq~daREZcSSd,olO%M.mQ_5/?01yIRWsBs=+Y\I>fE1L\G`8I}yr$ZOJ8\oLY/UN8WS~?\;Em~bxm1)KIMTi$u~n-~&_kpumy#-2IY&mQ~31H/~[JL~)EDJf&"?I,Af68Zpa_'= h".USp%}9:&eZ8nT.t[}ud0yn>5~TPVGfJn1g]>SS}8<a)TKnJrm+VZ}gHt-:WlHX\{emVq\[ouicL[6LJ<IooFu~{?M/sOq`mguDk~l\t%o~?3SW}UJ-H.<a5L\|Ak^ummGf"IY~Hek8MYhJ8a
Feb 3, 2021 18:00:55.687753916 CET	155	OUT	GET /Media/public/Learning_Page_icon_Beware_blue.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.850605965 CET	228	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 28 Oct 2016 13:57:00 GMT Accept-Ranges: bytes ETag: "0de4a272331d21:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 7173 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 9b 00 00 01 b4 08 06 00 00 00 e4 62 8a 1b 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 1b a7 49 44 41 54 78 da ec dd 4f 8c 5d d5 61 07 e0 eb b1 07 5c d3 c0 44 8e d5 48 c5 f0 2a 55 16 61 51 86 64 83 17 91 1f 95 12 92 55 8c da 45 a2 48 cd 18 a9 45 dd 14 7b d9 48 95 b1 52 75 93 05 66 53 29 9b 7a 90 da a2 4a 8d b0 17 55 45 91 ca a0 2c 6c 16 09 c3 c6 76 91 a2 3c 23 a3 04 19 2b 83 09 13 82 13 d2 7b de dc 67 3f 9b 19 cf fb 73 ef 7d e7 9e fb 7d d1 68 86 60 3c 6f ce 7b 33 bf f9 9d 3f f7 ee c8 80 5b ec 39 70 70 21 7f b7 38 e1 7f be b6 fe d6 d9 55 a3 08 b7 da 61 08 48 38 34 3a f9 bb 4e f1 8f dd a1 7f 75 68 e8 e3 e1 3f 53 a5 95 a1 8f 7b f9 db a5 a1 8f c3 5b 96 87 d4 8a 67 0d 61 03 f1 86 49 68 21 a1 8d 3c 52 bc 1f fc 73 53 85 66 b4 56 bc 7f 7f f0 cf c2 08 61 03 d5 86 ca e2 50 a8 3c 32 f4 71 1b 0d 42 68 b5 68 47 fd 8f f3 20 5a f3 4a 41 d8 c0 e8 c1 d2 1d 0a 95 c5 16 87 ca a4 21 f4 da 50 00 f5 0c 0b c2 06 c1 b2 d1 58 c2 db 21 c1 52 79 00 ad 68 40 08 1b da 14 2e dd 22 5c c2 fb 05 a3 52 bb d5 22 78 fa 01 24 7c 10 36 08 17 84 0f c2 06 36 09 97 85 22 54 be 51 bc ef 18 95 c6 09 c1 73 a6 08 1e e7 85 10 36 44 13 30 21 50 0e 0f 05 0c e9 e8 0d c2 27 0f 9e d3 86 03 61 43 dd 01 13 a6 c7 be 53 84 8b 45 fd 76 58 1b 6a 3d a7 4d b7 21 6c a8 3a 60 42 8b e9 18 91 d6 3b 2d 78 10 36 94 15 30 9d 22 5c 9e 11 30 dc c1 72 66 aa 0d 61 c3 98 01 b3 50 04 cc 60 9a 0c 46 b5 56 34 9e e7 6d 2e 40 d8 b0 55 c8 74 b3 9b d3 64 b6 28 33 ad 5e 08 9d d0 7a 4c b3 21 6c 04 4c 08 95 a5 cc 34 19 d5 5a ce df 5e 70 21 51 61 43 fb 42 66 b1 08 98 25 a3 81 b6 83 b0 a1 ec 90 19 b4 18 db 95 99 a5 c1 da ce 09 17 0b 15 36 a4 13 30 61 aa ec 68 b6 b1 1e d3 31 22 44 66 b0 a1 60 c5 50 08 1b 9a 19 32 9d ec e6 54 99 05 7f 62 b7 5a 84 ce b2 a1 10 36 34 27 64 8e 67 d6 63 68 a6 5e b6 31 bd 26 74 84 0d 42 06 6a 09 1d 9b 09 84 0d 42 06 6a b1 56 84 ce 49 a1 23 6c 10 32 50 47 e8 1c 33 bd 26 6c 10 32 50 87 5e 66 4d 47 d8 50 69 c8 0c b6 30 1f 37 1a d0 0f 9d 23 b6 4c 0b 1b ca 0d 9a 67 b3 8d 6d cc b6 30 c3 ad 42 d8 1c 73 e1 4f 61 c3 74 21 13 2e 8a f9 5c e6 30 26 6c 67 39 73 45 02 61 c3 d8 21 b3 58 84 4c d7 68 c0 c8 fa 3b d7 f2 c0 79 d6 50 08 1b ee 1c 32 61 9a 2c ac c9 1c 35 1a 30 b1 d0 6e ac e7 08 1b b6 08 9a a5 a2 cd 58 97 81 72 84 eb ae 1d 33 b5 26 6c c8 6e 6c 65 3e 95 99 32 83 2a 98 5a 13 36 14 bb cc 6c 65 86 ea ad 16 2d 67 c5 50 08 9b 36 85 4c b7 68 33 1d a3 01 b5 3a 99 6d ec 5a 73 e9 1b 61 93 74 c8 d8 00 00 b3 d7 cb 6c 20 10 36 da 0c a0 e5 08 1b b4 19 d0 72 18 db 4e 43 50 69 d0 84 c3 99 2f e5 6f 87 8d 06 44 29 fc 32 b8 34 bf 77 ff 8e eb 57 2f 0b 1c cd a6 91 41 13 9a cc 73 46 02 1a 63 b5 68 39 ae b3 26 6c 1a 11 32 0b 45 9b e9 1a 0d 68 9c b0 7e 13 d6 71 4e 1a 0a 61 13 73 d0 84 e9 b2 53 99 ab 00 40 d3 9d 2e 5a 8e cd 03 c2 26 ba a0 09 53 66 36 01 40 3a 7a f9 db 93 a6 d5 84 4d 2c 21 d3 c9 36 a6 cd 16 8d 06 24 e9 98 69 35 61 33 eb a0 e9 16 41 63 da 0c d2 66 5a 6d 4a 73 86 60 e2 a0 79 36 7f f7 aa a0 81 56 08 eb b1 af 16 c7 19 d0 6c 6a 09 99 10 2e a7 32 67 67 a0 8d d6 8a 86 73 da 50 8c c7 a1 ce f1 82 66 70 48 b3 6b 34 a0 95 76 e7 6f df 74 08 54 b3 a9 32 68 ba 99 f5 19 e0 26 eb 38 c2 a6 f4 a0 59 ca 36 a6 ce 00 86 85 6d d1 4f ba 1b a8 b0 29 23 68 42 c8 2c 19 09 60 0b a1 d9 3c ee 3c ce 9d 59 b3 d9 3a 64 Data Ascii: PNGIHDRbtEXtSoftwareAdobe ImageReadyqe<IDATxO]a\DHUaQdUEHE{HRufS)zJUE,lv<#+{g?s}}h`<o{3?[9pp!8UaH84:Nuh?S{[gaIh!<RsSfVaP<2qBhhG ZJA!PX!Ryh@."\R"x$\|66"TQs6D0!P'aCSEvXj=M!l:`B;-x60"\0rfaP`FV4m.@Utd(3^zL!lL4Z^p!QaCBf%60ah1"Df`P2TbZ64'dgch^1&tBjBjVI#l2PG3&l2P^fMGPi07#Lgm0BsOat!.\0&lg9sEa!XLh;yP2a,50nXr3&lnle>2Z6le-gP6Lh3:mZsatl 6rNCPi/oD)24wW/AsFch9&l2Eh~qNasS@.Z&Sf6@:zM,!6$i5a3AcfZmJs`y6Vlj.2ggsPfpHk4votT2h&8Y6mO)#hB,`<<Y:d
Feb 3, 2021 18:00:55.864648104 CET	256	OUT	GET /Media/public/TN_Learning_Activity_Page_BG.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:56.028251886 CET	408	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Last-Modified: Fri, 28 Oct 2016 13:57:00 GMT Accept-Ranges: bytes ETag: "0de4a272331d21:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 95744 Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 64 00 64 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 64 00 00 ff ee 00 26 41 64 6f 62 65 00 64 c0 00 00 00 01 03 00 15 04 03 06 0a 0d 00 00 54 6a 00 00 6b 6e 00 00 b9 79 00 01 75 fe ff db 00 84 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 02 02 02 02 02 02 02 02 02 02 03 03 03 03 03 03 03 03 03 03 01 01 01 01 01 01 01 02 01 01 02 02 02 01 02 02 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 ff c2 00 11 08 05 54 02 09 03 01 11 00 02 11 01 03 11 01 ff c4 00 f0 00 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 03 04 06 05 07 08 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 10 00 01 03 01 06 06 03 00 02 03 01 00 03 00 00 00 01 00 02 03 11 10 20 30 12 32 04 40 50 60 21 31 06 13 35 36 22 14 41 23 26 05 33 15 25 11 00 00 03 03 08 06 08 04 05 02 06 03 00 00 00 00 00 01 11 21 02 05 10 31 41 51 12 03 b4 75 20 30 40 50 61 22 60 71 81 91 a1 b1 d1 32 c1 e1 52 13 f0 f1 42 62 06 92 15 72 82 a2 c2 23 24 94 a4 55 12 00 01 02 06 02 02 03 00 03 00 00 00 00 00 00 00 01 60 21 00 10 20 30 11 61 40 50 70 31 80 41 71 90 02 12 13 01 00 02 01 03 02 05 04 03 01 01 01 00 00 00 00 01 00 11 21 10 31 41 51 61 20 30 f0 71 a1 40 81 91 b1 c1 d1 e1 50 f1 60 ff da 00 0c 03 01 00 02 11 03 11 00 00 01 fc 13 fb 3f c2 71 bb e4 20 ad b5 8d bb 9d f6 b6 17 1a 62 8c 36 62 31 9a 97 38 3a 71 c9 a9 32 4d b6 51 30 59 41 2b 25 ac 94 ca b6 aa c6 3b 9a 55 52 a1 15 6b 37 b3 af 43 3d a2 dc 6c e3 d7 3c 76 6c 67 77 ce b3 ce bc b6 39 ea e3 ad 92 56 5a 00 10 a0 00 4a 65 24 1f 44 c7 4e 37 a7 28 a9 8a ad 4d eb 9f 49 bc ed c4 98 93 5d 35 6e 71 ae a1 a3 ae 79 35 cf 2d 92 48 16 89 26 2c 2a 6a ec e5 b6 4c 6c e3 29 64 10 96 6a e5 b5 95 ce 78 f5 79 fa b2 e7 a2 b5 f7 c6 12 d9 b9 67 4f 03 3c fc be 7d ae 4a 94 00 08 0a 04 25 73 6c c9 7e 87 9e 9c 6e f9 40 a8 94 7a 17 3e 8b a6 c4 de 34 d6 67 58 c6 52 cd 73 46 e7 5a e3 3e b1 96 e6 54 28 01 62 d1 35 92 e7 2d b6 4c 65 12 56 49 5a a6 53 75 ad a9 d7 23 53 12 63 b9 bc b6 9a 83 0d e7 e4 b1 e1 f1 eb 62 56 5a 00 85 04 28 11 25 65 b2 23 e8 53 a7 1d d3 94 4a 48 51 e8 59 e8 37 65 d7 93 12 d5 2a b4 4c 56 6a 26 95 ce 3b 9d 8d 62 f7 32 09 51 09 36 c9 64 bd 66 ac a1 6a 50 c0 c6 34 db ba dc 6b 29 97 3a da 9d b2 e7 56 a1 4b 31 b1 9f 3d 70 5c 61 8e 7e 73 d1 c6 a1 40 00 00 00 89 63 36 d6 4c bf 42 9d 38 ee 9c 51 16 c4 5e cd c9 76 9b 2d 42 50 82 a6 24 c1 66 a2 69 dc 46 b3 9f 58 c8 92 14 28 05 84 da 5d 8b 60 c0 9a 4c 49 bf 75 b5 2d ed bc 5a 6b 66 6f 3c e9 79 66 a5 66 20 82 73 a8 cf 4f 2f 5e 7f 09 cb 57 3b 02 00 00 02 b9 b2 58 98 fa 0c eb c7 74 e4 24 cc bb 53 59 da 92 a4 24 04 88 a5 63 4c 09 82 cd 5b 35 59 9d 67 3e b1 6a 99 25 41 20 ad 98 eb 6e 6b 21 8a cd 26 32 db e8 5b 94 c9 2e 55 c9 2d 9a c8 67 cf 4c ad cc b6 2c 16 12 73 ab e3 ac 26 0b 3c 6d 79 bc 56 31 67 61 00 08 0b 59 6d 25 ad 99 8f a1 4e fc 7f 4e 59 57 6e 6f 3c d5 94 02 42 56 a0 aa 44 94 ac 49 81 30 d6 ad ce b3 37 df 3c d6 4a 09 a9 a8 30 a6 34 da 9a a5 69 b1 b3 75 bf 66 45 b4 49 95 73 4b 75 96 b3 4b 9e 74 bb 73 2d 99 9b 66 54 5b 9f 59 96 2c 83 57 58 f0 af 9f ca 92 b9 d0 02 08 58 96 d2 5a c9 93 e9 13 bf 33 b9 b1 2d d4 08 58 04 20 25 6a a4 33 88 c2 Data Ascii: JFIFddDuckyd&AdobedTjknyuT 02@P`!156"A#&3%!1AQu 0@Pa"`q2RBbr#$U`! 0a@Pp1Aq!1AQa 0q@P`?q b6b18:q2MQ0YA+%;URk7C=l<vlgw9VZJe$DN7(MI]5nqy5-H&,jLl)djxygO<}J%sl~n@z>4gXRsFZ>T(b5-LeVIZSu#ScbVZ(%e#SJHQY7eLVj&;b2Q6dfjP4k):VK1=p\a~s@c6LB8Q^v-BP$fiFX(]`LIu-Zkfo<yff sO/^W;Xt$SY$cL[5Yg>j%A nk!&2[.U-gL,s&<myV1gaYm%NNYWno<BVDI07<J04iufEIsKuKts-fT[Y,WXXZ3-X %j3

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49755	52.235.47.121	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 3, 2021 18:00:55.387656927 CET	97	OUT	GET /common/jqueryui/jquery-ui.min.css HTTP/1.1 Accept: text/css, / Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.532732010 CET	120	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Encoding: gzip Last-Modified: Wed, 31 Jul 2019 13:26:12 GMT Accept-Ranges: bytes ETag: "0f25c85a347d51:0" Vary: Accept-Encoding Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:54 GMT Content-Length: 7882 Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ac 7d e9 72 eb 38 ce e8 ff a9 9a 77 f0 d7 5d a7 ab cf 24 4e 6c 79 4f ea dc 5b 71 12 2f d9 9c 38 89 b7 3f 53 b2 44 d9 8a b5 59 8b 97 a4 ce bb 5f 8a a4 24 52 a2 68 a7 bf eb 54 cf 48 24 00 02 20 00 82 9b ce f9 7f fe a7 f0 f1 12 00 77 5f 78 ef 17 8a 85 4d f9 ac 2c 9d 95 e0 93 54 2a d7 8b a5 46 b1 d4 fc f7 bf fe 53 58 fa be 73 71 7e fe b1 0e 41 03 fd 4c b1 cd b0 b8 6f 29 46 a0 02 ef a2 a0 d8 2e 38 53 3c ef b4 20 2b f0 59 d5 6d 8b bc 06 be 0d a1 1d 03 f8 04 c0 04 56 80 9f e6 81 ef 47 70 8a 6d f9 ae 6d 2c 5c 3b 70 48 c9 12 28 ab b9 bd 73 65 48 0d 17 a9 b2 0f 1c 5d 59 01 97 bc eb b2 61 2f c8 b3 2b 2f 16 f2 dc 20 ad b8 c0 d3 3f 93 57 c7 b5 17 b0 c8 9b cb 04 d5 03 06 50 fc 04 00 bf 27 bc 79 86 ae 46 cd 78 b6 4b 43 3a ba 65 45 55 b0 dc 23 4f b6 6d f8 3a e1 dd 5f 02 13 81 87 5a 7a b3 0b 1b 1d 6c 0b b2 a5 16 4c 5b d5 b5 3d ac d7 3d 0c 74 0a eb 3c dd e7 69 f8 1c 01 40 a5 18 c0 3d ff bf f3 c5 eb 52 56 ed ed e4 d9 f6 7e fd 35 5f 0c 36 c0 35 e4 7d f4 7a eb ba b6 1b bd f4 f4 c5 d2 80 ff f9 51 c1 35 d4 2e b0 e2 d7 1e 90 a1 70 d1 db 95 e2 eb 1b 10 d7 d9 9b a4 ea 06 68 72 60 c4 78 98 83 29 cb c1 94 e6 60 9a e6 60 ca 72 30 65 38 98 32 1c 4c 69 0e a6 2c 07 53 86 83 21 70 80 ec 53 3c 24 05 88 8b e4 35 e6 23 29 22 9c 50 30 88 97 e4 1d 73 43 d5 87 fc 24 af 84 a3 a8 40 87 96 eb 21 90 5f 81 6b fc fd 43 92 74 53 5e 00 ef 87 d4 09 f4 22 aa fd 6f 0d fd fe 2b d5 ea 3b a9 5a 3a 73 ac 05 04 fb 49 50 23 0e f3 d1 1b 8d 46 5d 2a e5 a0 23 e6 f3 71 ab e8 c7 c7 45 ba ca 47 55 94 12 fc f1 51 89 12 84 3c c3 1f 1f 99 f4 c0 3f 63 1a f7 4e 3e ae 86 7e 19 dc f9 a2 6f 2e de 5d 03 1b d0 af f8 9d 18 50 52 80 bb 32 79 8d bb 27 29 c2 2a 8f df b1 1a e3 d7 48 35 71 41 24 6e 5c 40 44 f8 cb 76 64 45 f7 f7 1d dd f0 81 4b 18 bb 32 9c a5 fc f7 00 d7 fc a8 dc 54 4a 3f 59 b8 88 61 01 20 26 f5 0c 5c e5 57 a5 14 15 12 bc a8 34 54 d6 b5 6d d8 2e 96 f7 87 54 c1 46 4a 55 c4 92 c3 4a 6c 82 54 25 d6 01 ac c1 7d 95 d4 60 6d c0 0a 6c 3e 49 45 a4 17 4c 0d fe 92 aa 48 43 1c 72 44 57 b0 06 77 2c 56 e2 80 16 f4 57 89 29 8c 14 c4 96 62 b6 5a 35 a6 30 11 b1 c6 56 44 0c 35 52 f0 58 ea 54 29 61 b1 9e 82 45 7a 4d 81 46 3a 40 c5 6f 60 e7 07 2e 20 42 68 86 ec 27 85 91 10 6c 29 16 82 2d 4b 64 60 cb 23 11 52 d0 58 02 b6 90 08 90 82 44 fc b3 65 11 fb a8 14 0e f3 70 18 1c c2 d1 39 f0 7e 55 9c dd 5f da 36 aa b7 6c d7 94 8d bf 34 2d 2a b8 72 e1 48 fd 43 ba ee 01 63 03 7c 5d 91 e1 b3 27 5b 5e d1 03 ae ae fd a5 c5 f1 a4 0c 4c 86 30 51 4e 13 92 87 63 a6 b2 b2 e0 18 4e ca 6a b0 cc d6 34 0f f8 0f 40 f3 23 53 88 0b df 6c 87 2e 63 0c e6 ac 82 c6 01 68 5e a4 00 9a 57 1d fd 52 de 42 41 46 25 10 54 46 bf bf 34 25 b6 f5 9a 56 81 7f 7f cd 61 e6 03 5c d6 0d b4 b2 dc 6c b5 22 2a 49 b1 aa 6a 2a 94 5c e1 b9 19 45 87 a9 56 65 b5 56 03 11 2d a6 0a ba 86 dc 2a 41 7a 94 2f e1 1f 4d 8d aa 54 d1 2f a2 45 55 10 3f 83 9c c5 3e 9e 25 94 d4 b1 74 92 72 d0 0a ff 20 99 ac 07 27 64 92 ba 52 a9 02 90 77 67 ca 1b 84 9b 28 4e 49 f3 f0 8f 61 26 aa 52 d0 2f e6 25 2a 06 6a f8 07 69 50 21 a8 5a 0b ff 68 2a 54 a5 52 0b ff 22 3a 54 85 56 0f ff c2 a4 ee da 76 f6 6e a8 fc 28 7f ee d8 81 05 f3 53 98 f8 a2 44 cf 86 c9 9b 8b b3 5a 1d e6 b9 b6 eb 5d 16 1e 74 05 58 1e 50 0b 8f fd b7 c2 7f ce ff fd af 7f ff Data Ascii: }r8w]$NlyO[q/8?SDY_$RhTH$ w_xM,TFSXsq~ALo)F.8S< +YmVGpmm,\;pH(seH]Ya/+/ ?WP'yFxKC:eEU#Om:_ZzlL[==t<i@=RV~5_65}zQ5.phr`x)``r0e82Li,S!pS<$5#)"P0sC$@!_kCtS^"o+;Z:sIP#F]#qEGUQ<?cN>~o.]PR2y')H5qA$n\@DvdEK2TJ?Ya &\W4Tm.TFJUJlT%}`ml>IELHCrDWw,VW)bZ50VD5RXT)aEzMF:@o`. Bh'l)-Kd`#RXDep9~U_6l4-rHCc\|]'[^L0QNcNj4@#Sl.ch^WRBAF%TF4%Va\l"Ij\EVeV-Az/MT/EU?>%tr 'dRwg(NIa&R/%jiP!Zh*TR":TVvn(SDZ]tXP
Feb 3, 2021 18:00:55.684760094 CET	154	OUT	GET /Media/public/button.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.850867033 CET	236	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 28 Oct 2016 14:56:40 GMT Accept-Ranges: bytes ETag: "084237d2b31d21:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 2744 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 26 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 32 31 20 37 39 2e 31 35 35 37 37 32 2c 20 32 30 31 34 2f 30 31 2f 31 33 2d 31 39 3a 34 34 3a 30 30 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 43 20 32 30 31 34 20 28 57 69 6e 64 6f 77 73 29 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 38 38 33 42 42 30 35 43 38 42 43 41 31 31 45 36 38 39 39 46 42 41 46 34 33 39 35 43 36 44 30 46 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 38 38 33 42 42 30 35 44 38 42 43 41 31 31 45 36 38 39 39 46 42 41 46 34 33 39 35 43 36 44 30 46 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 38 38 33 42 42 30 35 41 38 42 43 41 31 31 45 36 38 39 39 46 42 41 46 34 33 39 35 43 36 44 30 46 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 38 38 33 42 42 30 35 42 38 42 43 41 31 31 45 36 38 39 39 46 42 41 46 34 33 39 35 43 36 44 30 46 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e f0 04 40 08 00 00 07 28 49 44 41 54 78 da c4 57 59 6c 5b 45 14 bd f3 9e b7 d8 4e ec ac 4d 9b a4 21 34 29 85 40 43 e1 0b 01 52 11 11 12 7c 00 12 50 10 7c 80 40 42 88 45 80 fa 01 12 20 04 42 02 15 24 10 eb 07 a2 e2 03 54 40 20 21 10 8b 54 7e d8 5a 10 4b 81 42 5b f6 a6 4d e2 d0 34 71 62 c7 b1 fd de 9b 19 ce 9d f7 ec ba 89 1d 0a 3f c4 ba b6 e3 b9 73 ef 99 73 97 b9 4f 68 ad e9 ff fc 0b f1 9b 10 62 45 a5 43 2f df db 5c 9e 9f dc 3e 97 f9 63 34 3f 3f de 52 2c 65 2d 4f 79 be 01 3b 4c 4d d1 b4 6a 4e f5 e6 d2 ab 4f fe 28 9a 5a 73 e3 da 1b 1e cb 9f 28 00 c1 0c 34 02 90 79 f5 fe b6 e9 3f f6 ec 9e 3c f8 e5 7a 4f 39 d4 93 3e 89 da 12 dd 94 88 34 53 28 dc 84 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<&iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:883BB05C8BCA11E6899FBAF4395C6D0F" xmpMM:DocumentID="xmp.did:883BB05D8BCA11E6899FBAF4395C6D0F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:883BB05A8BCA11E6899FBAF4395C6D0F" stRef:documentID="xmp.did:883BB05B8BCA11E6899FBAF4395C6D0F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>@(IDATxWYl[ENM!4)@CR\|P\|@BE B$T@ !T~ZKB[M4qb?ssOhbEC/\>c4??R,e-Oy;LMjNO(Zs(4y?<zO9>4S(
Feb 3, 2021 18:00:55.865443945 CET	257	OUT	GET /Media/public/Learning_Page_icon_links_blue.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:56.029223919 CET	445	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 28 Oct 2016 13:57:00 GMT Accept-Ranges: bytes ETag: "0de4a272331d21:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 7655 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 9b 00 00 01 9b 08 06 00 00 00 12 98 3d f8 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 1d 89 49 44 41 54 78 da ec dd 5f 8c 5c d5 7d 07 f0 cb da 06 b3 49 b0 23 e3 24 55 21 dd be 20 e0 a1 d9 84 87 18 a9 c8 cb 03 a4 52 55 c5 6e f2 50 94 87 ac 23 a5 e9 53 6d 1e 90 9a a8 55 b0 12 45 6d a9 8a fd d2 96 54 8a 97 87 88 b6 4a 64 23 35 4a 43 1e b2 88 4a 6c 1f 08 8b 2a 81 85 54 65 1c 6d 94 20 62 75 21 c1 18 4c d2 de df ec 1d b2 5e ef 9f f9 73 ef cc 3d f7 7e 3e d2 68 16 0c bb b3 67 c6 f3 9d df 39 bf 73 ee 75 19 b4 c0 f4 6d 77 ef cf ef 66 8b 7f 5c ff 75 d8 b7 e1 9f d7 9b 29 6e db 59 cd 6f cb 5b fc 59 fc fb d7 36 fc f3 6a ef eb 4b 2f 3f bb ea d9 a1 0d ae 33 04 34 28 48 7a c1 b0 3e 3c e6 12 f9 35 16 37 84 53 a7 77 cb 03 a9 e3 59 46 d8 c0 f8 42 65 6e 5d a0 1c de a4 42 69 b2 5e 45 f4 f4 ba 10 5a f4 aa 40 d8 c0 f0 a1 32 53 84 c8 6c 11 2a bd 80 e1 5a bd 0a e8 e9 22 90 22 84 96 0d 0b c2 06 b6 0f 96 d9 a2 62 61 34 8b eb 02 68 d9 54 1c c2 86 b6 85 4b 84 c9 5c 7e fb 48 71 af 62 19 5f 05 b4 5c 04 d0 a2 ea 07 61 43 53 c3 e5 70 71 af 6a a9 87 d5 75 d5 8f f0 41 d8 90 5c b8 44 98 1c 59 17 2e 2a 97 74 c2 e7 5c 11 3e e7 b4 64 23 6c a8 73 f5 f2 d9 ac 3d dd 61 4d 17 95 ce 93 45 f0 a8 7a 10 36 4c 2c 60 22 5c 3e 59 54 31 aa 97 66 eb 64 6b 53 6e 4f e6 c1 73 ce 70 20 6c a8 3a 60 8e ac 0b 18 6b 2f ed d4 9b 6e 13 3c 08 1b 4a 0d 98 98 16 3b 2e 60 d8 26 78 1e b7 c1 14 61 c3 30 01 33 b3 2e 60 66 8c 08 7d e8 14 c1 73 da 9e 1e 84 0d db 05 4c af 8b 2c 42 c6 22 3f a3 88 86 82 d3 99 ae 36 84 0d eb 42 c6 34 19 55 5a c8 4c b3 21 6c 54 31 aa 18 c6 a4 93 df 4e aa 76 84 0d ed 08 99 99 22 60 e6 55 31 4c 48 af a9 e0 a4 b5 1d 61 43 f3 42 66 2e fb cd 54 19 d4 c5 62 11 3a 8b 86 42 d8 90 76 c8 cc 67 a6 ca a8 bf 4e 11 3a 0b 86 42 d8 90 5e c8 7c 39 d3 b6 4c 7a a1 13 5d 6c 0b d6 75 84 0d f5 0d 98 58 83 39 51 54 32 d6 63 48 d9 6a 11 3a a7 84 8e b0 41 c8 80 d0 41 d8 08 19 10 3a 08 1b 46 0b 9a f9 fc ee 51 21 43 1b 43 27 0f 9c 87 0d 85 b0 a1 fa 90 b1 f0 4f db 75 32 dd 6b c2 86 4a 42 66 ae a8 64 b4 30 c3 d5 a1 73 cc 3e 1d 61 c3 e8 21 13 15 cc 99 6c ed 2a 98 c0 e6 22 6c 1e 74 45 51 61 c3 e0 21 13 6b 31 31 5d 76 c2 68 40 df 4e 65 6b d3 6b 9a 08 6a 68 97 21 a8 5d d0 cc e7 77 df 55 cd c0 c0 0e e5 b7 3f db 73 e0 d6 b7 ae 5c 5c 59 32 1c 2a 1b 36 0f 99 58 8f 79 54 c8 40 29 62 4a ed 41 eb 39 c2 86 df 84 8c 29 33 a8 ce 42 11 3a a6 d6 84 4d ab 83 e6 48 51 cd cc 18 0d a8 4c 04 4d 74 ad 9d 33 14 c2 a6 6d 21 33 53 84 8c 23 ff 61 7c 16 8b d0 e9 18 8a f1 d3 20 30 fe a0 89 e9 b2 27 32 7b 66 60 dc e2 43 de bc 06 02 95 4d 1b aa 19 7b 66 40 95 a3 b2 a1 f2 6a e6 76 a3 01 aa 1c 95 0d 65 87 cc fe a2 9a b1 36 03 aa 1c 61 43 25 41 73 a4 08 1a 27 33 43 fd e9 58 13 36 49 56 33 f6 cd 40 9a 16 32 fb 72 84 4d 02 41 33 5b 54 33 3a cd 20 5d 9d fc 76 d4 c1 9e e5 9a 32 04 a5 05 cd 7c 7e f7 03 41 03 c9 9b c9 6f cf 17 8d 3d a8 6c 6a 13 32 31 6d 16 1b 34 e7 8d 06 34 4e ac e1 1c 33 ad 26 6c 26 1d 34 a6 cd a0 f9 3a 99 69 b5 91 d9 67 33 7c d0 44 b7 d9 d9 cc b9 66 d0 74 31 7b f1 27 7b 0e dc fa ca 95 8b 2b 02 47 65 33 d6 a0 89 69 33 f3 b9 d0 3e 0b 79 85 73 cc 30 08 9b aa 43 66 7f 51 cd cc 19 0d 68 ad a8 6e ee b5 8e 23 6c aa 0a 9a d9 cc b4 19 b0 66 b5 08 1c d3 6a 7d b2 66 d3 5f d0 f4 d6 67 3e 64 34 80 dc de cc 3a 8e b0 29 Data Ascii: PNGIHDR=tEXtSoftwareAdobe ImageReadyqe<IDATx_\}I#$U! RUnP#SmUEmTJd#5JCJlTem bu!L^s=~>hg9sumwf\u)nYo[Y6jK/?34(Hz><57SwYFBen]Bi^EZ@2SlZ""ba4hTK\~Hqb_\aCSpqjuA\DY.t\>d#ls=aMEz6L,`"\>YT1fdkSnOsp l:`k/n<J;.`&xa03.`f}sL,B"?6B4UZL!lT1Nv"`U1LHaCBf.Tb:BvgN:B^\|9Lz]luX9QT2cHj:AA:FQ!CC'Ou2kJBfd0s>a!l"ltEQa!k11]vh@Nekkjh!]wU?s\\Y2*6XyT@)bJA9)3B:MHQLMt3m!3S#a\| 0'2{f`CM{f@jve6aC%As'3CX6IV3@2rMA3[T3: ]v2\|~Ao=lj21m44N3&l&4:ig3\|Dft1{'{+Ge3i3>ys0CfQhn#lfj}f_g>d4:)
Feb 3, 2021 18:00:56.098649979 CET	453	OUT	GET /Media/public/Learning_Page_icon_attachment_blue.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:56.265804052 CET	623	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 28 Oct 2016 13:57:00 GMT Accept-Ranges: bytes ETag: "0de4a272331d21:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 8835 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 9b 00 00 01 9b 08 06 00 00 00 12 98 3d f8 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 22 25 49 44 41 54 78 da ec dd 7f 88 9d d5 9d c7 f1 33 33 19 13 13 93 4c 89 a9 ba 35 e6 96 2e 12 f3 47 33 31 7f 98 c0 86 dc 2c 68 5a 4a 31 b3 ca 52 71 c1 89 60 85 5d e8 4c 0a b2 58 94 18 5a ba 6c 53 9a 99 fe 51 74 0b 66 84 6d c3 16 25 13 b6 a5 9b 0a cd b5 59 48 f2 87 3a 6e c1 84 b0 dd de 84 11 6b e3 e0 4c 34 93 1f a3 76 cf f7 ce b9 e6 66 32 3f 9e 1f e7 3c cf 39 cf f3 7e c1 30 a3 26 73 ef 3d f7 7a 3f f7 7b ce f7 9c a7 4d 01 b8 ce d2 bb b7 74 e9 6f dd 09 ff fa f8 e4 99 e3 23 8c 22 70 bd 36 86 00 05 0e 8d 8a fe 56 31 ff 58 6d f9 4f db 5a 7e 6e fd 33 2e d5 5a 7e ae eb af b3 2d 3f cb 97 d2 21 55 e3 59 03 61 03 f8 1b 26 52 85 48 35 b2 c1 7c 6f fe 73 a8 a4 32 1a 6f 09 a5 11 53 31 11 46 20 6c 00 87 a1 d2 dd 12 2a 1b 5a 7e 2e a3 71 13 3e 23 2d 41 34 a2 83 68 9c 57 0a 08 1b 20 7a b0 54 67 84 4a 95 51 89 15 42 af b5 04 50 9d 61 01 61 03 82 65 7a 1a ac 6a 82 a5 5a e2 6a 25 8b 00 aa 51 01 81 b0 41 59 c2 a5 db 84 ca 36 f3 bd 8b 51 c9 dc 88 09 9e 46 00 11 3e 20 6c 40 b8 80 f0 01 61 03 cc 12 2e 5d 26 54 1e 34 df 2b 8c 4a 70 9a c1 33 cc 7e 21 10 36 f0 29 60 24 50 76 b6 04 0c 8a a3 6e c2 e7 b0 0e 9e 61 86 03 84 0d b2 0e 98 ee 96 80 61 51 bf 3c 24 70 0e 9b aa 87 e9 36 10 36 70 16 30 8f 99 90 a9 30 22 04 0f c1 03 c2 06 b6 02 a6 62 c2 e5 31 2a 18 2c 10 3c 2f 31 d5 06 c2 06 71 02 a6 ab 25 60 aa 8c 08 62 18 37 c1 33 48 73 01 08 1b cc 15 32 55 75 6d 9a 8c 16 65 a4 55 97 d0 d1 5f 43 4c b3 81 b0 21 60 24 54 7a f5 57 9f 62 1d 06 ee 0c a9 e9 69 b6 1a 43 41 d8 a0 5c 21 d3 6d 02 a6 97 d1 00 d5 0e 08 1b d8 0e 19 09 17 d6 62 90 b7 e6 da ce 5e 0e 0b 25 6c 50 9c 80 91 a9 b2 7e 13 32 15 46 04 9e a9 99 d0 a9 31 14 84 0d c2 0c 19 09 96 e6 54 19 0b fe f0 9d 74 af 49 17 db 10 43 41 d8 20 9c 90 d9 a3 58 8f 41 98 ea a6 d2 21 74 08 1b 10 32 40 26 a1 f3 92 fe 1a a0 99 80 b0 01 21 03 b8 26 41 33 48 e8 10 36 20 64 80 ac 42 47 a6 d7 06 18 0a c2 06 84 0c e0 5a 5d b1 a6 43 d8 c0 69 c8 34 5b 98 f7 30 1a 40 23 74 76 73 f8 27 61 03 bb 41 f3 9c 9a 6e 63 a6 85 19 b8 5e 4d b1 4f 87 b0 41 ea 90 91 43 31 f7 2b 36 63 02 0b 19 52 9c 48 40 d8 20 76 c8 74 9b 90 a9 32 1a 40 64 8d ce 35 1d 38 cf 31 14 84 0d e6 0f 19 99 26 93 35 99 7e 46 03 48 4c aa 1b d6 73 08 1b cc 11 34 bd a6 9a 61 5d 06 b0 a3 a6 bf 76 31 b5 46 d8 40 7d d6 ca 7c 40 31 65 06 b8 c0 d4 1a 61 03 d3 65 46 2b 33 e0 9e 1c f4 b9 9b ae 35 c2 a6 6c 21 23 55 8c 4c 99 75 33 1a 40 a6 e4 04 82 bd 1c 7d 43 d8 14 3d 64 68 00 00 f2 57 57 d3 6b 39 54 39 84 4d 61 ab 19 59 9b a9 30 1a 00 55 0e 61 03 17 41 b3 9f 6a 06 a0 ca 21 6c e0 2a 64 ba 4d 35 c3 da 0c e0 79 95 a3 03 67 37 c3 40 d8 84 18 34 52 c9 ec 67 24 80 60 8c 98 2a 67 84 a1 20 6c 42 08 19 69 02 38 a4 d8 37 03 84 88 eb e6 10 36 41 04 4d d5 04 0d a7 00 00 61 1b 36 55 0e cd 03 96 b4 33 04 d6 82 46 a6 cc 8e 12 34 40 21 c8 89 eb 6f 9a 75 57 50 d9 78 11 32 5d 26 64 78 51 02 c5 b4 9b 69 35 c2 26 ef a0 a9 2a a6 cd 80 32 60 5a 2d 25 a6 d1 92 07 4d bf 62 da 0c 28 0b 99 56 3b ca b4 1a 95 4d 96 21 23 e1 72 c0 bc f8 00 94 cb b8 a9 70 b8 56 4e 4c 1d 0c 41 ac a0 a9 e8 6f bf 56 b4 35 03 65 b5 44 7f 7d a3 73 d5 9a b6 a9 b1 d1 1a c3 41 65 e3 22 68 24 60 58 9f 01 d0 c4 3a 0e 61 63 3d 68 7a d5 f4 d4 19 00 Data Ascii: PNGIHDR=tEXtSoftwareAdobe ImageReadyqe<"%IDATx33L5.G31,hZJ1Rq`]LXZlSQtfm%YH:nkL4vf2?<9~0&s=z?{Mto#"p6V1XmOZ~n3.Z~-?!UYa&RH5\|os2oS1F lZ~.q>#-A4hW zTgJQBPaaezjZj%QAY6QF> l@a.]&T4+Jp3~!6)`$PvnaaQ<$p66p00"b1,</1q%`b73Hs2UumeU_CL!`$TzWbiCA\!mb^%lP~2F1TtICA XA!t2@&!&A3H6 dBGZ]Ci4[0@#tvs'aAnc^MOAC1+6cRH@ vt2@d581&5~FHLs4a]v1F@}\|@1eaeF+35l!#ULu3@}C=dhWWk9T9MaY0UaAj!ldM5yg7@4Rg$`g lBi876AMa6U3F4@!ouWPx2]&dxQi5&*2`Z-%Mb(V;M!#rpVNLAoV5eD}sAe"h$`X:ac=hz
Feb 3, 2021 18:00:57.059921980 CET	762	OUT	POST /Handler/CountLearningTime.ashx?time=1612371656841&f=-1&s=0&crc=5c23f8900acd4e33a8e21c381949e1f0 HTTP/1.1 Accept: / X-Requested-With: XMLHttpRequest Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: cloud-drive.services Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:57.315473080 CET	765	IN	HTTP/1.1 302 Found Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Location: /blank.html Server: Microsoft-IIS/8.5 Set-Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=Jo8lOp0VNtvah0Xq94RJGGwwW6G_4mvm4l-OjsI3G0YZVNc9mcNvFa12GgVnysbC_4sU1QqYTdgYbQ_5FbnG2GJruMKYlvAkWvgmkZVofRc1&CurrentCampaignRecipientEventLogID=_eJ6mojxYhVKIabT5y7RDfG1wuhIPNSFQcchqpm086_J2uspzdFcY0kxxVml1LIUpZbprydZscZdl4GfA3SXXQ2&TotalLearningTime=tGYquRaXMtkh773jJ_APJSZ62tclpPoUX2s9DYttGteHOB8XSRY-Q0NMeIqr2tjvS6-FgD6O2QRijxfS8rDcdA2; expires=Fri, 05-Mar-2021 17:00:57 GMT; path=/; HttpOnly; SameSite=None ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:56 GMT Data Raw: 38 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 62 6c 61 6e 6b 2e 68 74 6d 6c 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 80<html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/blank.html">here</a>.</h2></body></html>
Feb 3, 2021 18:00:57.320502043 CET	766	OUT	GET /blank.html HTTP/1.1 Accept: / X-Requested-With: XMLHttpRequest Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: cloud-drive.services Connection: Keep-Alive Cache-Control: no-cache Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=Jo8lOp0VNtvah0Xq94RJGGwwW6G_4mvm4l-OjsI3G0YZVNc9mcNvFa12GgVnysbC_4sU1QqYTdgYbQ_5FbnG2GJruMKYlvAkWvgmkZVofRc1&CurrentCampaignRecipientEventLogID=_eJ6mojxYhVKIabT5y7RDfG1wuhIPNSFQcchqpm086_J2uspzdFcY0kxxVml1LIUpZbprydZscZdl4GfA3SXXQ2&TotalLearningTime=tGYquRaXMtkh773jJ_APJSZ62tclpPoUX2s9DYttGteHOB8XSRY-Q0NMeIqr2tjvS6-FgD6O2QRijxfS8rDcdA2
Feb 3, 2021 18:00:57.466774940 CET	766	IN	HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Wed, 31 Jul 2019 13:26:12 GMT Accept-Ranges: bytes ETag: "0f25c85a347d51:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:56 GMT Content-Length: 131 Data Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head> <title></title></head><body></body></html>
Feb 3, 2021 18:01:17.995451927 CET	1107	OUT	POST /Handler/CountLearningTime.ashx?time=1612371677779&f=-1&s=18&crc=5c23f8900acd4e33a8e21c381949e1f0 HTTP/1.1 Accept: / X-Requested-With: XMLHttpRequest Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: cloud-drive.services Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cache Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=Jo8lOp0VNtvah0Xq94RJGGwwW6G_4mvm4l-OjsI3G0YZVNc9mcNvFa12GgVnysbC_4sU1QqYTdgYbQ_5FbnG2GJruMKYlvAkWvgmkZVofRc1&CurrentCampaignRecipientEventLogID=_eJ6mojxYhVKIabT5y7RDfG1wuhIPNSFQcchqpm086_J2uspzdFcY0kxxVml1LIUpZbprydZscZdl4GfA3SXXQ2&TotalLearningTime=tGYquRaXMtkh773jJ_APJSZ62tclpPoUX2s9DYttGteHOB8XSRY-Q0NMeIqr2tjvS6-FgD6O2QRijxfS8rDcdA2
Feb 3, 2021 18:01:18.168891907 CET	1109	IN	HTTP/1.1 302 Found Cache-Control: private Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Location: /blank.html Server: Microsoft-IIS/8.5 Set-Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=lurAIRPGygeAHDb6YSPJTO_Lmj7rceAuhmJ3gBmlZuhsKllVyHNxd3gxfQiymBgK0Wbfg4KPjXjLMoACQa0IlGq7MGwskpEePnWMTJnSO-o1&CurrentCampaignRecipientEventLogID=xaxFdhXHpblRxxuwx9Q6kZbrQO2A2s6jJSaChp3Tkv73OIQKl3pQm_YHX4qSEXlsIcS1eD1iHTxJiC6XzEJR0g2&TotalLearningTime=z6KjafVUzsAQiYxXLzVta58TrhTBz48zCnb6ZYAJ7cSlgu4Uvgr-s9ORAFfMiLeoJDHSFbK_nBBDfmfJJvK7DA2; expires=Fri, 05-Mar-2021 17:01:18 GMT; path=/; HttpOnly; SameSite=None ServerNo: 1 Date: Wed, 03 Feb 2021 17:01:17 GMT Data Raw: 38 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 62 6c 61 6e 6b 2e 68 74 6d 6c 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 80<html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/blank.html">here</a>.</h2></body></html>
Feb 3, 2021 18:01:18.173335075 CET	1110	OUT	GET /blank.html HTTP/1.1 Accept: / X-Requested-With: XMLHttpRequest Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: cloud-drive.services Connection: Keep-Alive Cache-Control: no-cache Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=lurAIRPGygeAHDb6YSPJTO_Lmj7rceAuhmJ3gBmlZuhsKllVyHNxd3gxfQiymBgK0Wbfg4KPjXjLMoACQa0IlGq7MGwskpEePnWMTJnSO-o1&CurrentCampaignRecipientEventLogID=xaxFdhXHpblRxxuwx9Q6kZbrQO2A2s6jJSaChp3Tkv73OIQKl3pQm_YHX4qSEXlsIcS1eD1iHTxJiC6XzEJR0g2&TotalLearningTime=z6KjafVUzsAQiYxXLzVta58TrhTBz48zCnb6ZYAJ7cSlgu4Uvgr-s9ORAFfMiLeoJDHSFbK_nBBDfmfJJvK7DA2
Feb 3, 2021 18:01:18.317986965 CET	1111	IN	HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Wed, 31 Jul 2019 13:26:12 GMT Accept-Ranges: bytes ETag: "0f25c85a347d51:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:01:17 GMT Content-Length: 131 Data Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head> <title></title></head><body></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49757	52.235.47.121	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 3, 2021 18:00:55.387872934 CET	98	OUT	GET /common/jqueryui/jquery-ui.theme.min.css HTTP/1.1 Accept: text/css, / Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.533407927 CET	125	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Encoding: gzip Last-Modified: Wed, 31 Jul 2019 13:26:12 GMT Accept-Ranges: bytes ETag: "0f25c85a347d51:0" Vary: Accept-Encoding Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:54 GMT Content-Length: 2328 Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ac 5a 4b 6f e3 ba 15 de 0f 30 ff 41 bd d9 cc 0c a2 44 7e c7 0e ba b8 28 50 f4 02 2d 8a 02 ed fa 82 a6 28 8b 63 5a d4 25 a9 3c 26 98 ff 5e 52 92 6d 91 3a 3c 4a d0 da 1b 5b fa be 43 9e c7 47 1e 3d ee bf fd 29 f9 fe af 86 a9 d7 e4 3f bf 25 69 f2 34 bb 9b cd ef 32 fb 6b 9e cd d6 69 b6 49 b3 87 cf 9f be 25 a5 31 f5 ee fe fe fb 1f 0e da f0 3b 2a 4f ee f0 5f 64 fd aa f8 a1 34 67 23 7f 95 4d 95 13 c3 65 95 90 2a 4f a4 29 99 4a a8 ac 8c e2 fb c6 48 a5 1f 93 bf 73 ca 2a cd f2 e4 1f bf fd 3b f9 76 ff f9 d3 e7 4f 77 0d 4f 9f 79 7e 60 e6 ad b0 d8 b4 20 27 2e 5e 77 bf 2a 4e c4 ed df 98 78 62 86 53 72 ab 49 a5 53 cd 14 2f 1e 5b 98 e6 3f d8 6e c6 4e 3f af fc 24 34 05 61 78 55 37 e6 76 70 40 33 c1 a8 77 c4 b0 17 43 14 23 c3 63 d6 01 23 ab ff 75 86 d7 5f a9 8b 0b ab cc db 5e aa 9c a9 dd ac 7e 49 b4 14 3c 4f 6e e8 ca 7d 7f be 0b 9b e7 f9 e3 9e d0 e3 41 b9 d8 ef 6e 8a a2 78 a4 52 48 b5 bb 59 2c 16 80 8d 84 bc c1 e7 4b 46 ac ed 77 0c c1 b6 ee 3b 18 a5 f3 f6 99 b9 52 d8 ed a5 c8 c7 66 c7 a3 6a 43 0c 4b 73 56 90 46 0c 83 7f 99 27 0a ea ad c2 98 2e 55 b7 a5 39 89 e4 fa 7f 80 e5 9a ec 05 cb 77 a5 7c 62 ea 1d 38 42 0d 7f 62 d1 4c f9 09 58 bb af 17 92 4a aa 13 11 e7 80 2d 57 ee 3b 8e 41 d2 95 5b 70 6c 27 78 75 04 4f 3c 71 cd 0d cb 6f c9 c0 e5 0e ee 1d e8 61 83 63 d7 9f 6f de 94 1e 5d d9 db 01 a8 54 ad 86 ed bc 2b 36 98 67 17 2d 34 53 23 c8 28 4f 57 44 f7 bf 90 b4 d1 b8 d1 11 64 64 f4 8a e8 fc da 5d 47 e9 0f b4 08 28 81 94 fa b5 9d bb 2f 92 bd f9 de 7d c3 a8 78 b9 eb 8f ec 42 57 cf c7 83 8c 9e 0f 9f f3 19 b8 e5 99 ee 8f ec c0 28 8e 4d 9f 0f 03 a5 d2 9b 20 a3 18 79 7e c6 4b c2 9a 6c 88 48 cf 71 7d 49 75 49 72 f9 bc cb 92 2c 59 d8 f8 ba 18 ab c3 fe cb 76 79 3b 5b 3d dc ce 67 cb af 83 a0 75 82 c2 d3 3e c6 8c f2 de 43 86 4e 0c 58 b1 23 21 bf 0b 05 50 1c 59 b6 60 76 39 1d d6 47 96 6d dc 0a 1b af 0f 7b b6 f5 93 5b 87 d2 2b f3 36 1c 34 01 40 e7 29 8c 07 4e 03 eb 9e 25 32 36 3e aa 84 cb f1 be 14 de ae 06 27 65 6f bd 14 ce d3 09 e9 43 b0 b1 fc cf 28 68 9f 21 f9 6a c5 c2 dd 8c 6c b3 73 6c 37 9b cd 7a 9e 0d a6 46 4b 46 8f ec 12 b7 f7 d8 82 1c 4b 86 1b 3d e6 9a 0f 8c 3b 77 dd ed 46 53 66 4a c9 89 45 74 04 19 0d d4 22 00 af 8b 19 79 d8 6e 7d af f3 bc c8 2f 2d c1 aa 58 d8 6f 38 9d 29 ff 01 10 3c a5 ab df f0 40 a9 2b b5 77 8c 35 c2 c1 c3 b5 30 60 c4 5a 71 a9 b8 79 75 3f 4e 44 bd c6 46 c4 70 83 11 43 d8 1b d8 ee 5c 50 da 2a c9 76 c1 ef 18 16 44 42 03 5f 80 6f b2 26 d4 1e d9 dd 6d 1e 0b 2e 8c 4d ff af a2 2e c9 97 7f 76 c7 ff bc c9 be 02 8b d3 b0 d9 e8 7b 9a 89 8e 0b 40 8d 5b ae 1e 74 9d d4 62 05 cf 6a b1 fa 3a 5c cc 6c 14 0f 2c 5c 66 ce d6 2e 0b e3 5b cc d4 65 7d 7d b3 33 33 e5 6e b6 ae 5f 1e cb ce 5f f7 fb 72 3e e6 63 cb 1d cd a7 51 e2 cb 2f ed 4f 7d df 83 f4 ef cb f6 f3 fb 7c b5 7e 99 2f b3 bb ba 3a fc f2 15 e8 6e ff 5f 56 bb 0d ea a3 e6 36 ed 07 30 37 6c 30 bc a0 0c db 03 ef c4 b0 39 00 cf 00 1c bf 31 fd e0 dc 57 ed 27 3a f7 60 b3 1c ef eb 1f 1d af 68 3f f1 58 5d 96 70 60 48 68 a9 ff 78 aa ec 7e 10 1d be 5b 45 81 e8 5e d7 bb 8f 3a 4c 69 66 3f c0 88 5d f3 21 48 75 1c 5a aa a5 ed 0f 5c 17 e0 94 94 78 72 4a a9 bd 26 36 e9 2c ad 40 82 ed fc 00 28 03 b1 69 6b 1d c0 47 e0 8b 39 0c d7 11 fc f2 21 82 87 e1 eb 55 04 fe 0c e3 1f Data Ascii: ZKo0AD~(P-(cZ%<&^Rm:<J[CG=)?%i42kiI%1;O_d4g#MeO)JHs;vOwOy~` '.^wNxbSrIS/[?nN?$4axU7vp@3wC#c#u_^~I<On}AnxRHY,KFw;RfjCKsVF'.U9w\|b8BbLXJ-W;A[pl'xuO<qoaco]T+6g-4S#(OWDdd]G(/}xBW(M y~KlHq}IuIr,Yvy;[=gu>CNX#!PY`v9Gm{[+64@)N%26>'eoC(h!jlsl7zFKFK=;wFSfJEt"yn}/-Xo8)<@+w50`Zqyu?NDFpC\P*vDB_o&m.M.v{@[tbj:\l,\f.[e}}33n__r>cQ/O}\|~/:n_V607l091W':`h?X]p`Hhx~[E^:Lif?]!HuZ\xrJ&6,@(ikG9!U
Feb 3, 2021 18:00:55.542196035 CET	134	OUT	GET /common/bootstrap/js/bootstrap.min.js?tn=2111313818 HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.733807087 CET	175	IN	HTTP/1.1 200 OK Content-Type: application/javascript Last-Modified: Mon, 26 Oct 2020 17:43:22 GMT Accept-Ranges: bytes ETag: "0d97c7fbfabd61:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 39685 Data Raw: 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 33 2e 34 2e 31 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0d 0a 20 2a 2f 0d 0a 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 6a 51 75 65 72 79 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 42 6f 6f 74 73 74 72 61 70 27 73 20 4a 61 76 61 53 63 72 69 70 74 20 72 65 71 75 69 72 65 73 20 6a 51 75 65 72 79 22 29 3b 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 6a 51 75 65 72 79 2e 66 6e 2e 6a 71 75 65 72 79 2e 73 70 6c 69 74 28 22 20 22 29 5b 30 5d 2e 73 70 6c 69 74 28 22 2e 22 29 3b 69 66 28 65 5b 30 5d 3c 32 26 26 65 5b 31 5d 3c 39 7c 7c 31 3d 3d 65 5b 30 5d 26 26 39 3d 3d 65 5b 31 5d 26 26 65 5b 32 5d 3c 31 7c 7c 33 3c 65 5b 30 5d 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 42 6f 6f 74 73 74 72 61 70 27 73 20 4a 61 76 61 53 63 72 69 70 74 20 72 65 71 75 69 72 65 73 20 6a 51 75 65 72 79 20 76 65 72 73 69 6f 6e 20 31 2e 39 2e 31 20 6f 72 20 68 69 67 68 65 72 2c 20 62 75 74 20 6c 6f 77 65 72 20 74 68 61 6e 20 76 65 72 73 69 6f 6e 20 34 22 29 7d 28 29 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 66 6e 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 21 31 2c 69 3d 74 68 69 73 3b 6e 28 74 68 69 73 29 2e 6f 6e 65 28 22 62 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 65 3d 21 30 7d 29 3b 72 65 74 75 72 6e 20 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 7c 7c 6e 28 69 29 2e 74 72 69 67 67 65 72 28 6e 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 2e 65 6e 64 29 7d 2c 74 29 2c 74 68 69 73 7d 2c 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 20 6f 28 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 62 6f 6f 74 73 74 72 61 70 22 29 2c 65 3d 7b 57 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 3a 22 77 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 22 2c 4d 6f 7a 54 72 61 6e 73 69 74 69 6f 6e 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 4f 54 72 61 6e 73 69 74 69 6f 6e 3a 22 6f 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 20 6f 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 74 72 61 6e 73 69 74 69 6f 6e 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 7d 3b 66 6f 72 28 76 61 72 20 69 20 69 6e 20 65 29 69 66 28 74 2e 73 74 79 6c 65 5b 69 5d 21 3d 3d 75 6e 64 65 66 69 6e 65 64 29 72 65 74 75 72 6e 7b 65 6e 64 3a 65 5b 69 5d 7d 3b 72 65 74 75 72 6e 21 31 7d 28 29 2c 6e 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 26 26 28 6e 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2e 62 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 3d 7b 62 69 6e 64 54 79 70 65 3a 6e 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 2e 65 6e 64 2c 64 65 6c 65 67 61 74 65 54 79 70 65 3a 6e 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 Data Ascii: /! Bootstrap v3.4.1 (https://getbootstrap.com/) * Copyright 2011-2019 Twitter, Inc. * Licensed under the MIT license */if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");!function(t){"use strict";var e=jQuery.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9\|\|1==e[0]&&9==e[1]&&e[2]<1\|\|3<e[0])throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(),function(n){"use strict";n.fn.emulateTransitionEnd=function(t){var e=!1,i=this;n(this).one("bsTransitionEnd",function(){e=!0});return setTimeout(function(){e\|\|n(i).trigger(n.support.transition.end)},t),this},n(function(){n.support.transition=function o(){var t=document.createElement("bootstrap"),e={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var i in e)if(t.style[i]!==undefined)return{end:e[i]};return!1}(),n.support.transition&&(n.event.special.bsTransitionEnd={bindType:n.support.transition.end,delegateType:n.support.transi

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49756	52.235.47.121	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 3, 2021 18:00:55.387964010 CET	99	OUT	GET /common/jqueryui/jquery-ui.structure.min.css HTTP/1.1 Accept: text/css, / Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.533459902 CET	128	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Encoding: gzip Last-Modified: Wed, 31 Jul 2019 13:26:12 GMT Accept-Ranges: bytes ETag: "0f25c85a347d51:0" Vary: Accept-Encoding Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:54 GMT Content-Length: 4962 Data Raw: 1f 8b 08 00 00 00 00 00 04 00 a4 3b d9 92 e2 b8 b2 ef 27 62 fe 81 33 37 26 62 66 68 aa c0 60 b6 8a b9 11 40 b1 17 50 40 81 81 37 61 cb d8 20 ef 36 6b f4 bf 5f c9 fb 06 45 cf 9d 89 ee b6 65 29 95 ca 5d 99 c9 eb df ff cd ec a7 16 d4 2f 99 45 3f 93 cb 1c 0b 2f 05 ea 25 8f 9f a8 7c a1 9c cb 57 72 f9 ea 6f ff f9 3b 23 98 a6 5a 7f 7d dd 6b 64 aa 25 be b0 8a 44 86 5b 8a 7a d1 c5 9d 60 7a 40 3a 8a 25 73 c0 14 15 39 03 64 2e a3 98 02 d4 33 ac 22 9b ba b8 b5 4c 45 37 de 32 1f 22 0b 65 03 72 99 51 ff 2b f3 f7 eb 6f ff f9 ed 3f 2f 96 98 13 20 52 a1 9e 13 44 8e 83 f2 8d 13 0d 15 81 4b 5d 56 64 f8 33 f1 39 07 58 16 1a 86 b8 45 f0 b6 55 74 0e ea f5 fc 1b 8b 44 b5 ae 43 d6 fc 33 9f b1 ff ff eb 4d 80 04 b7 7a 41 3d bf 49 40 df 89 72 3d 47 9e 95 23 d4 79 a4 9c ea 0e b4 37 15 70 9c 28 ef 30 0c 55 31 44 82 7c 1d 6c 0d 05 59 26 7c 3b 89 9c 29 10 08 61 2c 74 68 40 f3 e6 82 cc 87 d6 fb c8 28 96 89 44 19 e2 27 f2 4f ce 43 e4 a5 f8 66 c2 b3 99 e3 20 ab e8 36 99 ec 13 be f1 98 42 39 43 bc c2 7a 21 9f ff 03 af 31 f0 ab 79 41 30 41 00 16 41 a0 f3 e2 b9 be 85 bc a2 c3 1f 69 9f 00 6f 42 fd 46 a8 0e 65 b3 fe fb ef 6f 1e 35 4d 80 29 e6 22 99 63 15 84 80 6a c0 ba f7 f0 f3 01 2c f2 5a df 62 76 86 27 5d f1 84 9b 4b 20 82 b6 77 4a f2 6c 2a 2a 39 3c e4 cd 54 b2 2a 2a 60 45 f3 82 bf f1 22 c2 3b d4 1b 48 15 c0 9f 13 67 f8 9f fc 5f f6 3e bc 8e cf 70 bb e6 44 99 83 67 02 d7 1e 35 4c 60 c2 1c 3e 13 39 0d 77 63 2d dd 50 f4 3a 07 79 60 21 f3 bf a2 a4 2a ba 09 64 13 ef 2a 62 0a e8 39 78 c4 64 30 02 4a 8a 98 32 be 80 89 b2 cd a0 2d 52 d8 c3 1b 96 0b 53 64 01 ca 01 24 ee e4 ba 84 c5 03 d3 cb e1 73 8e 9c 28 f7 42 d1 50 0a ce a3 43 84 b9 78 84 0e 57 09 9a 98 e0 b9 1a f9 2f 45 ce b6 80 3d ec 74 a2 21 58 82 54 08 4c 8c 93 fb 64 23 86 49 b9 83 a6 8d 9f 83 d0 cd a6 1f 8d c9 e9 e2 60 bf e7 aa 18 b6 87 bf 3d 2f bc 9a 6c 8a 3f dc 7c 1c 31 93 20 17 e5 47 3a cf 6c 28 58 b3 b0 78 10 fd 8d bc 61 96 03 2c 34 b7 c8 b6 6f 2e e9 5d 42 a7 90 c5 55 11 4a 3d 3b 2a e9 ab ca 0b 26 63 26 f4 57 05 53 35 aa 04 0f b1 71 65 fb e6 81 2b 60 18 d4 0b 85 81 b8 c2 ed 1c d7 67 00 c0 b6 c7 01 88 1f b0 ed 52 11 34 e1 2d 29 96 11 2a 45 05 cb 5e 2e 41 d9 ba c5 b4 33 a4 fe be 45 88 92 c9 37 06 3e 8c 8c 0f 2c 81 43 72 4e 4e 34 a1 14 58 9b 18 d1 03 6c 72 a2 04 76 b0 6e e9 e8 cf df b1 0d 06 75 fb fd 75 27 f2 58 f2 0c 58 2e fd 98 e5 51 77 f2 8e 84 c6 b4 d1 6c f4 1b ce 7f 9f af af af 97 1e dd 6c b4 ed d7 0f 67 b4 d9 b0 df fb cd 59 a3 51 f9 fd af 3b 58 e5 4e 3a 50 b1 29 b8 25 59 ef 51 a5 88 79 4f d8 43 fe 7d 29 41 29 05 12 27 1e 45 22 5c ee 11 69 22 2d 9e 60 e6 43 62 11 35 a6 9e b5 cd f9 26 da 91 b1 e8 06 8e b1 e0 15 d6 32 7e a4 7c 00 2c 41 f6 16 f2 0e 3f 83 03 62 29 33 92 27 8b 4d b8 47 10 e7 f8 8e c6 52 f1 63 db 26 e8 9e f8 61 33 6b 2a 92 27 87 b6 54 bb f8 11 e9 cd a4 48 91 03 cf 9e 4e a6 bc e9 0e 81 ec 89 d8 ed 9a 64 33 4f f1 30 0b 08 3f de 52 0d 60 92 8d 61 8a cb 8a 2e 01 e4 d9 22 67 93 17 02 2b 26 92 e9 66 d4 36 91 ce 08 0e 00 c8 bc dc 09 6e 0f a2 99 b3 0c cc 45 03 22 ec bb 1d 8d ca 49 ca 35 6d d4 48 0e 26 06 7c 9d 3f 8a 76 80 10 22 c2 8f e0 b1 8e cf 75 08 bf 93 d9 26 e4 c2 43 02 01 15 1e 70 85 25 cd 83 87 76 71 ec b7 22 a3 8b eb 1b 1d b3 74 26 32 4c 38 e0 4a 2d 1e 49 7a 0d 6c d8 4f 02 c6 23 Data Ascii: ;'b37&bfh`@P@7a 6k_Ee)]/E?/%\|Wro;#Z}kd%D[z`z@:%s9d.3"LE72"erQ+o?/ RDK]Vd39XEUtDC3MzA=I@r=G#y7p(0U1D\|lY&\|;)a,th@(D'OCf 6B9Cz!1yA0AAioBFeo5M)"cj,Zbv']K wJl9<T`E";Hg_>pDg5L`>9wc-P:y`!db9xd0J2-RSd$s(BPCxW/E=t!XTLd#I`=/l?\|1 G:l(Xxa,4o.]BUJ=;&c&WS5qe+`gR4-)E^.A3E7>,CrNN4Xlrvnuu'XX.QwllgYQ;XN:P)%YQyOC})A)'E"\i"-`Cb5&2~\|,A?b)3'MGRc&a3k*'THNd3O0?R`a."g+&f6nE"I5mH&\|?v"u&Cp%vq"t&2L8J-IzlO#
Feb 3, 2021 18:00:55.544400930 CET	135	OUT	GET /common/jqueryui/jquery-ui.min.js?tn=2111313818 HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.695756912 CET	157	IN	HTTP/1.1 200 OK Content-Type: application/javascript Last-Modified: Wed, 31 Jul 2019 13:26:12 GMT Accept-Ranges: bytes ETag: "0f25c85a347d51:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 253397 Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 55 49 20 2d 20 76 31 2e 31 32 2e 30 20 2d 20 32 30 31 36 2d 30 37 2d 30 38 0d 0a 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 75 69 2e 63 6f 6d 0d 0a 2a 20 49 6e 63 6c 75 64 65 73 3a 20 77 69 64 67 65 74 2e 6a 73 2c 20 70 6f 73 69 74 69 6f 6e 2e 6a 73 2c 20 64 61 74 61 2e 6a 73 2c 20 64 69 73 61 62 6c 65 2d 73 65 6c 65 63 74 69 6f 6e 2e 6a 73 2c 20 65 66 66 65 63 74 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 62 6c 69 6e 64 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 62 6f 75 6e 63 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 63 6c 69 70 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 64 72 6f 70 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 65 78 70 6c 6f 64 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 66 61 64 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 66 6f 6c 64 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 68 69 67 68 6c 69 67 68 74 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 70 75 66 66 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 70 75 6c 73 61 74 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 73 63 61 6c 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 73 68 61 6b 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 73 69 7a 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 73 6c 69 64 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 74 72 61 6e 73 66 65 72 2e 6a 73 2c 20 66 6f 63 75 73 61 62 6c 65 2e 6a 73 2c 20 66 6f 72 6d 2d 72 65 73 65 74 2d 6d 69 78 69 6e 2e 6a 73 2c 20 6a 71 75 65 72 79 2d 31 2d 37 2e 6a 73 2c 20 6b 65 79 63 6f 64 65 2e 6a 73 2c 20 6c 61 62 65 6c 73 2e 6a 73 2c 20 73 63 72 6f 6c 6c 2d 70 61 72 65 6e 74 2e 6a 73 2c 20 74 61 62 62 61 62 6c 65 2e 6a 73 2c 20 75 6e 69 71 75 65 2d 69 64 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 61 63 63 6f 72 64 69 6f 6e 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 61 75 74 6f 63 6f 6d 70 6c 65 74 65 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 62 75 74 74 6f 6e 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 63 68 65 63 6b 62 6f 78 72 61 64 69 6f 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 63 6f 6e 74 72 6f 6c 67 72 6f 75 70 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 64 61 74 65 70 69 63 6b 65 72 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 64 69 61 6c 6f 67 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 64 72 61 67 67 61 62 6c 65 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 64 72 6f 70 70 61 62 6c 65 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 6d 65 6e 75 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 6d 6f 75 73 65 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 70 72 6f 67 72 65 73 73 62 61 72 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 72 65 73 69 7a 61 62 6c 65 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 73 65 6c 65 63 74 61 62 6c 65 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 73 65 6c 65 63 74 6d 65 6e 75 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 73 6c 69 64 65 72 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 73 6f 72 74 61 62 6c 65 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 73 70 69 6e 6e 65 72 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 74 61 62 73 2e 6a 73 2c 20 77 69 64 67 65 74 73 2f 74 6f 6f 6c 74 69 70 2e 6a 73 0d 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 6a 51 75 65 72 79 20 46 6f Data Ascii: /! jQuery UI - v1.12.0 - 2016-07-08 http://jqueryui.com* Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-1-7.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/sortable.js, widgets/spinner.js, widgets/tabs.js, widgets/tooltip.js* Copyright jQuery Fo
Feb 3, 2021 18:00:57.036530018 CET	761	OUT	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:57.183346033 CET	763	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:56 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavaila

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49758	52.235.47.121	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Feb 3, 2021 18:00:55.387984991 CET	100	OUT	GET /common/css/rp_bubbles.css HTTP/1.1 Accept: text/css, / Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.532628059 CET	117	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Encoding: gzip Last-Modified: Wed, 31 Jul 2019 13:26:12 GMT Accept-Ranges: bytes ETag: "0f25c85a347d51:0" Vary: Accept-Encoding Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:54 GMT Content-Length: 2399 Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cc 5a dd 6e e3 b8 15 be 0f 90 77 20 76 10 6c 32 b0 1c fd 58 8e ad a0 17 fb 73 d3 9b 5e 74 b6 40 7b 15 c8 36 13 0b 91 45 55 a6 c7 99 59 cc a3 f4 a6 e8 93 6c 5f ac fc 17 29 91 12 35 e3 2e 76 06 4e 62 e9 88 3c e7 e3 77 7e 78 a8 fb f7 d7 57 bf ec e1 01 82 bf e4 07 98 81 9f 3e 7c 00 3f 9e 36 9b 12 1e 41 5e ed c0 2f 08 95 b8 a8 8f 52 ea 6f 7f fd 73 06 f6 18 d7 d9 fd fd 0e 96 c5 b6 40 a7 23 a6 b7 e6 5b 74 20 97 0e 28 88 d2 fb a2 da c1 b7 f9 1e 1f ca eb ab 9f e1 71 db 14 35 2e 50 95 81 1f c0 06 e6 27 5c 3c 9f ca 81 b9 7e 38 e1 3d 6a 32 70 7a 6d 50 1d 1c f1 69 57 20 79 d5 50 e1 7c 3e cf fb 6a 5c 5f bd bf 07 00 5c 5f b5 3f ee df 83 3f 5d ec 1f 1d f3 03 fe 54 42 f2 c7 e5 46 05 ef ef 85 b2 d7 57 f3 a6 7e c2 79 f9 fa b4 61 f8 80 5f af af 0e 79 f3 52 54 59 14 d6 6f 8f d7 57 bb e2 58 97 f9 a7 0c 14 55 59 54 30 d8 94 68 fb 4a ae d7 e8 58 70 a4 1b 58 e6 b8 f8 08 c9 c5 73 b1 c3 fb 2c 8e f9 a3 7b 58 bc ec 71 06 c8 32 20 f2 75 93 6f 5f 5f 1a 74 aa 76 c1 16 95 04 f5 92 de fe 04 cb 12 9d c9 ed 2f ba 3a 18 be 61 aa 4b 9d ef 76 45 f5 92 45 f3 14 1e 88 10 bd 1e e4 e4 c1 2a db c2 0a c3 86 5c 63 6a 89 b9 a2 f9 8a c9 f5 07 ab e9 70 cf a8 c2 64 95 09 a0 59 41 ee 14 db 47 8a 42 70 86 9b d7 02 07 dc f0 60 03 9f 51 43 18 1a b2 91 3a 37 f3 67 32 a9 bc d7 ce d2 14 79 f5 52 c2 a7 86 6a 41 af 94 f0 19 3f 61 54 67 ec 01 32 f5 96 4c 4d 34 ce c0 f7 e0 7b 03 be 7c 73 44 e5 09 b7 f0 81 50 c3 8e fe 4d c7 ca 40 20 50 6d 0c 50 e9 14 80 df d8 20 8c d1 a1 85 1b 35 3b aa 6a 1c d7 6f 80 4c 51 ec d4 45 81 3f d0 16 00 e0 26 af 8e 75 de 10 1d 5d 7f fb 59 4c a8 f3 3b d8 fc 30 68 73 e4 67 b3 87 fd ba cd 8c bb 94 46 62 c4 26 df 15 a7 63 06 12 ae 8b 64 8a e3 ee 01 7d 76 dc 1a 00 75 83 0f 0c d8 cb 41 ea 24 91 82 90 23 2a a1 f7 a0 91 07 75 80 c3 d7 f9 40 bf b6 d3 2c e5 2c e0 a5 81 b0 1a 41 87 3d a4 e3 f4 44 d8 c7 fd 17 5c 02 ac a5 37 5a 8b 0e 5a a1 13 2d 66 97 13 27 1f ab 89 ad ec cb 85 8d 15 26 09 63 13 d3 c1 26 1b 38 68 e6 b0 81 ca b8 8b 91 de 34 4d 52 9b 2e e4 f2 12 71 64 22 e9 b5 7c 1b ff ae 09 b7 a3 90 b2 52 f9 dc bb 5d b8 7d de c5 8f 6d e2 05 51 2a 00 7a 0b 8e fb 7c 87 ce 2c 84 b0 0f 05 e7 5d 18 86 2d 36 22 b0 25 9d b0 a6 d9 cb d7 d4 e4 ab 73 4d fb 0a 36 2f 9b fc 36 8d 66 40 7e c2 79 b4 be 73 4e 66 f3 8e 09 b3 bd 4b 92 c4 8c 56 8c 25 ca 04 2f 46 b4 e8 08 8a 32 52 45 09 05 91 fd d2 bd 8c de 53 ac 5d a4 37 96 d9 5b 9b cc e9 df ad d7 eb e1 79 a3 81 79 13 f7 bc aa 8a f9 7a 93 f9 84 ad e5 32 8a 0e da 4b 25 be da 58 39 63 d4 9b 71 c0 52 1e 1f 1c b6 ba 1d bb 03 73 8b 30 10 e6 b1 99 13 36 97 0c 41 e2 4e 67 6a 97 b9 fa dc d4 f4 e1 49 23 e7 a4 1d c7 6c 2b 8b 6f 34 57 a3 b4 39 b3 28 e3 ba d6 b2 cb df 66 ac c6 66 fb 94 ee 20 74 ac 21 dc ee d9 f6 c2 16 53 cd 70 ac 47 58 a0 42 ac 91 27 54 3d 37 8f c5 2e 85 5a 40 8c 23 9e d5 20 9c 63 78 1b 2c 76 f0 e5 4e 7c fb c7 6d 94 d2 af 46 88 ce 64 e6 d7 b6 38 40 ed 71 dc 66 08 18 67 c0 7e 57 ad ae 35 e4 7d 0e d8 fe 99 c2 f5 d8 8d 91 03 53 aa 41 f9 ee 83 e2 d2 b4 29 57 06 15 ad e6 ec 43 55 54 7b d8 14 d8 0a 56 cc b0 62 d7 4b fa 7d 9e 10 58 67 20 98 47 e4 f7 1d 38 6e f3 12 de 46 f3 30 ee 20 e8 91 6f 0d cc 5a ea 65 22 e0 87 f6 98 22 8c e3 32 09 dd 8a 02 bb 4f 48 d3 b9 24 a3 03 50 25 9d bc 29 59 c2 b1 89 e4 Data Ascii: Znw vl2Xs^t@{6EUYl_)5.vNb<w~xW>\|?6A^/Ros@#[t (q5.P'\<~8=j2pzmPiW yP\|>j\_\_??]TBFW~ya_yRTYoWXUYT0hJXpXs,{Xq2 uo__tv/:aKvEE\cjpdYAGBp`QC:7g2yRjA?aTg2LM4{\|sDPM@ PmP 5;joLQE?&u]YL;0hsgFb&cd}vuA$#u@,,A=D\7ZZ-f'&c&8h4MR.qd"\|R]}mQ*z\|,]-6"%sM6/6f@~ysNfKV%/F2RES]7[yyz2K%X9cqRs06ANgjI#l+o4W9(ff t!SpGXB'T=7.Z@# cx,vN\|mFd8@qfg~W5}SA)WCUT{VbK}Xg G8nF0 oZe""2OH$P%)Y
Feb 3, 2021 18:00:55.540220976 CET	133	OUT	GET /common/js/jquery-3.4.1.min.js?tn=2111313818 HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0 Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cloud-drive.services Connection: Keep-Alive Cookie: Landing.enc=CurrentCampaignRecipientID=Da39__2ZXoIL0MnX4oxbuxzF6ySF-aqKy7bMlf_3kJH6ZELUW3prOAkTpG8Wow6lOzSCi7lXJVSdfwsuBHFsJQ2&ExpirationDate=zZQi_KpnkwR79VFNIlFKjUL8IGsRSJZT8NRcA1IzylHlKKF2z6FBdNZpkO9kibZunbx_tmtzKrrvAaublDpYMV5TtpSnod6QwWD8SqbePqc1&CurrentCampaignRecipientEventLogID=LA4lApnAN2-2y5kqIUeEQCoMr7uL50VTMs_F7Pk3Frx4x3yW9z8JK0gP9pzt5fzUulr334THZ1TKPiw3u4e6ng2&TotalLearningTime=eTiZIbvMi8yxwrlttetUWUnPJKH6pDSKTZyqFVfdB3ATntg1l8y9Eld7pHLWqhFyxUIF8wfQ1F6oO9eOCbp10g2
Feb 3, 2021 18:00:55.710347891 CET	166	IN	HTTP/1.1 200 OK Content-Type: application/javascript Last-Modified: Mon, 26 Oct 2020 17:43:22 GMT Accept-Ranges: bytes ETag: "0d97c7fbfabd61:0" Server: Microsoft-IIS/8.5 ServerNo: 1 Date: Wed, 03 Feb 2021 17:00:55 GMT Content-Length: 88147 Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 34 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e 74 22 29 3b 72 65 74 75 72 6e 20 74 28 65 29 7d 3a 74 28 65 29 7d 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 3f 77 69 6e 64 6f 77 3a 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 43 2c 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 5b 5d 2c 45 3d 43 2e 64 6f 63 75 6d 65 6e 74 2c 72 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 2c 73 3d 74 2e 73 6c 69 63 65 2c 67 3d 74 2e 63 6f 6e 63 61 74 2c 75 3d 74 2e 70 75 73 68 2c 69 3d 74 2e 69 6e 64 65 78 4f 66 2c 6e 3d 7b 7d 2c 6f 3d 6e 2e 74 6f 53 74 72 69 6e 67 2c 76 3d 6e 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 61 3d 76 2e 74 6f 53 74 72 69 6e 67 2c 6c 3d 61 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 29 2c 79 3d 7b 7d 2c 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 21 3d 74 79 70 65 6f 66 20 65 2e 6e 6f 64 65 54 79 70 65 7d 2c 78 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 65 26 26 65 3d 3d 3d 65 2e 77 69 6e 64 6f 77 7d 2c 63 3d 7b 74 79 70 65 3a 21 30 2c 73 72 63 3a 21 30 2c 6e 6f 6e 63 65 3a 21 30 2c 6e 6f 4d 6f 64 75 6c 65 3a 21 30 7d 3b 66 75 6e 63 74 69 6f 6e 20 62 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 28 6e 3d 6e 7c 7c 45 29 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 69 66 28 6f 2e 74 65 78 74 3d 65 2c 74 29 66 6f 72 28 72 20 69 6e 20 63 29 28 69 3d 74 5b 72 5d 7c 7c 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 26 26 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 72 29 29 26 26 6f 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 72 2c 69 29 3b 6e 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6f 29 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 77 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 65 2b 22 22 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 3f 6e 5b 6f 2e 63 61 6c 6c 28 65 29 5d 7c 7c 22 6f 62 6a 65 63 74 22 3a 74 79 70 65 6f 66 20 65 7d 76 61 72 20 66 3d 22 33 2e 34 2e 31 22 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 6b 2e 66 6e 2e 69 6e 69 74 28 65 2c 74 29 7d 2c 70 3d 2f 5e 5b 5c 73 5c 75 46 45 46 46 5c 78 41 30 5d 2b 7c 5b 5c 73 5c 75 46 45 46 46 5c 78 41 Data Ascii: /! jQuery v3.4.1 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var f="3.4.1",k=function(e,t){return new k.fn.init(e,t)},p=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 3, 2021 18:01:21.010462999 CET	152.199.21.175	443	192.168.2.4	49776	CN=sni1e6ffgl.wpc.edgecastcdn.net, OU=SecOps, O="Verizon Digital Media Services, Inc.", L=Los Angeles, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Apr 16 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Thu Apr 21 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 3, 2021 18:01:21.010462999 CET	152.199.21.175	443	192.168.2.4	49776	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Feb 3, 2021 18:01:21.013279915 CET	152.199.21.175	443	192.168.2.4	49775	CN=sni1e6ffgl.wpc.edgecastcdn.net, OU=SecOps, O="Verizon Digital Media Services, Inc.", L=Los Angeles, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Apr 16 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Thu Apr 21 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 3, 2021 18:01:21.013279915 CET	152.199.21.175	443	192.168.2.4	49775	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 7008 Parent PID: 800

General

Start time:	18:00:52
Start date:	03/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff6fae10000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 7052 Parent PID: 7008

General

Start time:	18:00:53
Start date:	03/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7008 CREDAT:17410 /prefetch:2
Imagebase:	0x1150000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://cloud-drive.services/l/index.aspx?code=5c23f8900acd4e33a8e21c381949e1f0

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 7008 Parent PID: 800

General

Analysis Process: iexplore.exe PID: 7052 Parent PID: 7008

General

Disassembly