Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus

Overview

General Information

Sample URL:https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus
Analysis ID:1428976
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2084,i,8693577889849474165,13308520653726380572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://securemail.americanfidelity.com/help/enus_encryption.htmHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49726 version: TLS 1.0
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49726 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: global trafficHTTP traffic detected: GET /securereader/help.jsf?lang=enus HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enusAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/help/enus_encryption.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Gzs+W8BSvtHk3yc&MD=ac+Mt9NH HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Gzs+W8BSvtHk3yc&MD=ac+Mt9NH HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global trafficHTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: unknownDNS traffic detected: queries for: securemail.americanfidelity.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: classification engineClassification label: clean1.win@31/11@8/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2084,i,8693577889849474165,13308520653726380572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2084,i,8693577889849474165,13308520653726380572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
74.125.138.106
truefalse
    		high
    pe-0018f201.gslb.pphosted.com
    		67.231.149.122
    		truefalse
      		high
      securemail.americanfidelity.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://securemail.americanfidelity.com/help/enus_encryption.htmfalse
          		high
          https://securemail.americanfidelity.com/help/enus_encryption.htm#Reading_a_Secure_Message_on_a_Smart_Phonefalse
            		high
            https://securemail.americanfidelity.com/help/enus_encryption.htm#Troubleshootingfalse
              		high
              https://securemail.americanfidelity.com/securereader/help.jsf?lang=enusfalse
                		high
                https://securemail.americanfidelity.com/help/enus_encryption.htm#Adding_Recipientsfalse
                  		high
                  https://securemail.americanfidelity.com/favicon.icofalse
                    		high
                    https://securemail.americanfidelity.com/help/enus_encryption.htm#Replying_or_Forwardingfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      67.231.149.122
                      		pe-0018f201.gslb.pphosted.comUnited States
                      		26211PROOFPOINT-ASN-US-WESTUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      74.125.138.106
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.16
                      192.168.2.5

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1428976
                      Start date and time:2024-04-20 00:05:35 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 4m 1s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:7
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:CLEAN
                      Classification:clean1.win@31/11@8/5
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Replying_or_Forwarding
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Adding_Recipients
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Reading_a_Secure_Message_on_a_Smart_Phone
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Resetting_Your_Expired_Password
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Troubleshooting
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Adding_Recipients
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Reading_a_Secure_Message_on_a_Smart_Phone
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Resetting_Your_Expired_Password
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Troubleshooting
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Replying_or_Forwarding
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Reading_a_Secure_Message_on_a_Smart_Phone
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Resetting_Your_Expired_Password
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Troubleshooting
                      • Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Replying_or_Forwarding

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 173.194.219.94, 74.125.136.101, 74.125.136.139, 74.125.136.100, 74.125.136.138, 74.125.136.102, 74.125.136.113, 64.233.176.84, 34.104.35.123, 72.21.81.240, 192.229.211.108, 74.125.138.94, 142.250.9.139, 142.250.9.100, 142.250.9.113, 142.250.9.102, 142.250.9.138, 142.250.9.101
                      • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtSetInformationFile calls found.
                      • VT rate limit hit for: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:06:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9789462509377262
                      Encrypted:false
                      SSDEEP:48:8sdTTb7SHWidAKZdA19ehwiZUklqeh+5y+3:8Eb7H5y
                      MD5:6BF55BDA5548E7851ACA9611A89D6B89
                      SHA1:C61E143B3602532EE637F7328039115F76319FB2
                      SHA-256:095D0E613A34DF3E870BD35EEF8E0A44A36AC4000063AF59706CA33DEAF57DCE
                      SHA-512:20B78C7F8E4336F5848126AA62A87A6FBF27BF59B9A2A24F5583025D4BEA09FA181F9A6C4A874DFBDA838AE9D76EA1BE111AE398CB59C305E08ADCAAD3E228A1
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........L........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:06:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.99695698066352
                      Encrypted:false
                      SSDEEP:48:8NdTTb7SHWidAKZdA1weh/iZUkAQkqeh35y+2:8TbJ9Q85y
                      MD5:AC3D8829C75F205D79C5AF34C74FB84B
                      SHA1:64103925E93B19A9763F582101E8C54684C24060
                      SHA-256:7791494FB88FD2CBB4157D689C244D55C0FD700581B8BEAA0CEFB8048BFC3AD4
                      SHA-512:BCFE6A8547A1D9F2DB58B1EF73C7E7B6076E16FDE0BD34BF197D18E62F4413B108DAD28E4DDF6CBC4512DB8ACFBB1878801D82B80889EE9E1FD8DD439033DDCE
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,....C......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........L........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2693
                      Entropy (8bit):4.007686510996893
                      Encrypted:false
                      SSDEEP:48:8xEdTTb7sHWidAKZdA14tseh7sFiZUkmgqeh7sV5y+BX:8xMb/n75y
                      MD5:4CD00E9A8FE1D59F86EBD10A5896E7E7
                      SHA1:1DF80BB5AD72BF75D46B4B848712568C3EFB4B1A
                      SHA-256:8DD93F17C8CB8EF45C7DD66ED3E7A5403929C0DFBB3B2453275812E1CC5BCBD3
                      SHA-512:454AC2F381F4CFFD2BFFA0159CA8D5DD6D47FF2B1F3DA48B9F26B4689327FC4E6BE01B9B8D2D4B16B188460C5B5E34E20686A534D8B1C58E139044779A379FC9
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........L........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:06:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):3.998347916979004
                      Encrypted:false
                      SSDEEP:48:8ndTTb7SHWidAKZdA1vehDiZUkwqehz5y+R:89bKN5y
                      MD5:C0411F39B1F44E3F0759636A72EFBC6C
                      SHA1:C997E902854D66A82C53E5F7BAABFFA58164C343
                      SHA-256:FD040210FE03F6C081CA5B4DB1A22E787DEF684F0CBE0FA289167EB0DD0CE8AF
                      SHA-512:FF8E1EABBDBAA427EF13D49C1E301453527DA0DB82000B8CCE450CE91438D627828EE557423DFF85241ACBF49D96AA9DA0CE2D1EEC49E5D5CB6D87A9C4E5C2B6
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,.....$.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........L........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:06:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):3.986400555777823
                      Encrypted:false
                      SSDEEP:48:8udTTb7SHWidAKZdA1hehBiZUk1W1qeh55y+C:8ubq9Z5y
                      MD5:75415045C8AC3926E3300A026F29DE14
                      SHA1:04F3EA87C499A57F1AED34F6086E31B92FF3E6A9
                      SHA-256:F5FA48E8193811366280BCC4BFFCDCBB933E86FD912C3ABB17F8AF29542A7561
                      SHA-512:7E877F5BE6C053BA6E3B5D7B51794C4E484D54EAE2CA40F115A92DF13E81B3202F3DB57A5C780759BAB8BA4852FC7865F34872A2C70B6D03C295ED9441133986
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........L........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 21:06:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2683
                      Entropy (8bit):3.996594551557764
                      Encrypted:false
                      SSDEEP:48:81dTTb7SHWidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb75y+yT+:8rb0T/TbxWOvTb75y7T
                      MD5:E53156A53C37C8F5363F5CE8F24F7137
                      SHA1:FE52C88029A556FE7DFBA437991E49D3F0FD1908
                      SHA-256:971B08803C3519936F65F2138463953E828C02E31E6A74563A3BD399486E2B1D
                      SHA-512:7C02A2B47D6144E11E30F82E1BBD4AD4B506383373C46211F748E789245566B6B4CDCFB6BEB3B66CE99985193956EAE6B46A5C47EAD5FF5C5797DA8A49DCB11F
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,....Y......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........L........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Chrome Cache Entry: 67

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (455), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):8905
                      Entropy (8bit):4.76884765493212
                      Encrypted:false
                      SSDEEP:192:VR+blWeX7ptGuV+WtLIVs5lWXagpHYz3PakCE8hkhOR:VIRptv7dIVs/3gpCPa48hkhOR
                      MD5:08DE8B12D5A4C99013F3D304610F1FAB
                      SHA1:31ABB8920F008C78F7630B22DC3A3A1A12389DB4
                      SHA-256:19BD685266DE133E3FBD5997F67FBDAB0DBECA8A6692B9BE5A0883472204B690
                      SHA-512:377AC006591EC286907113A5C33799CE6ABF61BFF0C4D8C7A5A2492F1125295DB4A63A138D611AD753790F4D44307DE4F23A0B1F3432A624E1EB7B1949A5BB61
                      Malicious:false
                      Reputation:low
                      URL:https://securemail.americanfidelity.com/help/enus_encryption.htm
                      Preview:<!DOCTYPE html>..<html><head>....<title>Proofpoint Encryption Help</title>..<style>..body..{..font-family:"Verdana";..}..</style>..</head>..<body>....<h1>Using Proofpoint Encryption</h1>..<p> <b>Contents</b></p>..<p><a href="#Receiving_Encrypted_Email">Receiving Encrypted Email</a></p>....<p> <a href="#Replying_or_Forwarding">Replying or Forwarding</a></p>....<p> <a href="#Adding_Recipients">Adding Recipients</a></p>....<p> <a href="#Adding_an_Attachment_to_Encrypted_Email">Adding an Attachment to .. Encrypted Email</a></p>....<p> <a href="#Reading_a_Secure_Message_on_a_Smart_Phone">Reading a Secure Message on a Smart Phone</a></p>....<p><a href="#Resetting_Your_Expired_Password">Resetting Your Expired Password</a></p>....<p> <a href="#Troubleshooting">Troubleshooting</a></p>....<h2><a name=Receiving_Encrypted_Email></a>Receiving Encrypted Email</h2>....<p>You have received a secure, encrypted message from the sender.</p>....<p>Click the attachment in the message to launch a browser to

                      Chrome Cache Entry: 68

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                      Category:dropped
                      Size (bytes):1150
                      Entropy (8bit):5.223148900731864
                      Encrypted:false
                      SSDEEP:24:tqAwGyTSQB24gTAhnsx1nD+o1NMTTJaz:tL+bgTinelDMd
                      MD5:A05A05DCD6158CC4F8701173734F484A
                      SHA1:FEEF99DC27E3DB5BF07A255B8EE509CCCACFF245
                      SHA-256:CA9A42575D5AD76A2915ED24034A512413392423BC5EC029B4605AEE7EDF5D46
                      SHA-512:635E76CBF85BC1E9AF0168A9B87D2085CBC68BEDEB07116DF062C2AAEA0F105D37378E37D881A8AED91EA3C0DFAF700BD6CD628620C5DCEEA6626EB3547E902C
                      Malicious:false
                      Reputation:low
                      Preview:............ .h.......(....... ..... .............................................................................................D..................................................d.................................................P...................................................@.....S..K..0.......................................................f..........................................................P....................................6.....j...........................................n......................f............................I.............{........................................^.......................i................................!.....:............./...................................{..............j...........................................................................-..`..M..v...@.........

                      Chrome Cache Entry: 69

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                      Category:downloaded
                      Size (bytes):1150
                      Entropy (8bit):5.223148900731864
                      Encrypted:false
                      SSDEEP:24:tqAwGyTSQB24gTAhnsx1nD+o1NMTTJaz:tL+bgTinelDMd
                      MD5:A05A05DCD6158CC4F8701173734F484A
                      SHA1:FEEF99DC27E3DB5BF07A255B8EE509CCCACFF245
                      SHA-256:CA9A42575D5AD76A2915ED24034A512413392423BC5EC029B4605AEE7EDF5D46
                      SHA-512:635E76CBF85BC1E9AF0168A9B87D2085CBC68BEDEB07116DF062C2AAEA0F105D37378E37D881A8AED91EA3C0DFAF700BD6CD628620C5DCEEA6626EB3547E902C
                      Malicious:false
                      Reputation:low
                      URL:https://securemail.americanfidelity.com/favicon.ico
                      Preview:............ .h.......(....... ..... .............................................................................................D..................................................d.................................................P...................................................@.....S..K..0.......................................................f..........................................................P....................................6.....j...........................................n......................f............................I.............{........................................^.......................i................................!.....:............./...................................{..............j...........................................................................-..`..M..v...@.........

                      Static File Info

                      No static file info

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 20, 2024 00:06:28.338607073 CEST49674443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:28.338628054 CEST49675443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:28.432427883 CEST49673443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:35.885535955 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:35.885569096 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:35.885649920 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:35.886579037 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:35.886615038 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:35.886689901 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:35.886842966 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:35.886857986 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:35.886989117 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:35.887003899 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.413171053 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.413532972 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.413556099 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.415024042 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.415119886 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.416872025 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.416965008 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.417298079 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.417315006 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.462344885 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.680763006 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.680847883 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.680907965 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.682174921 CEST49709443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.682208061 CEST4434970967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.734822035 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.734857082 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.734920025 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.735245943 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.735255957 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.867649078 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.868005037 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.868048906 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.869534016 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.869710922 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.870044947 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.870131016 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.870228052 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:36.870243073 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:36.917215109 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.068876028 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.068906069 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.068918943 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.068983078 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.069056988 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.069094896 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.069129944 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.076208115 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.082833052 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.082845926 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.083379030 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.084579945 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.084656954 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.084892988 CEST49710443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.084903955 CEST4434971067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.129153967 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.131534100 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.172137022 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.207628012 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:37.207674026 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:37.207767010 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:37.207988977 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:37.208000898 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:37.428297043 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:37.428634882 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:37.428668022 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:37.430118084 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:37.430214882 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:37.431432962 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:37.431515932 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:37.461218119 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.461411953 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.461524010 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.463159084 CEST49713443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.463176966 CEST4434971367.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.480756044 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:37.480784893 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:37.526606083 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:37.583606005 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.583663940 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.583731890 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.584027052 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.584047079 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.944498062 CEST49674443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:37.944502115 CEST49675443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:37.950308084 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.952162027 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.952192068 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.955777884 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.955847025 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.962996960 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.963177919 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:37.964242935 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:37.964260101 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:38.006988049 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:38.038274050 CEST49673443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:38.328278065 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:38.328360081 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:38.328404903 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:38.537286043 CEST49715443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:38.537338018 CEST4434971567.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:39.172183037 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.172230959 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.172463894 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.174913883 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.174932003 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.404897928 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.405071974 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.407609940 CEST4434970323.1.237.91192.168.2.5
                      Apr 20, 2024 00:06:39.407740116 CEST49703443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:39.408401966 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.408412933 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.408850908 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.460357904 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.497268915 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.544123888 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.601759911 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.601835966 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.601978064 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.626415968 CEST49716443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.626451015 CEST44349716184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.674721956 CEST49718443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.674768925 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.674864054 CEST49718443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.675314903 CEST49718443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.675331116 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.892802954 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.892915964 CEST49718443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.896327019 CEST49718443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.896337986 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.896676064 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:39.910206079 CEST49718443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:39.952153921 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:40.099997997 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:40.100172043 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:40.100230932 CEST49718443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:40.101514101 CEST49718443192.168.2.5184.31.62.93
                      Apr 20, 2024 00:06:40.101532936 CEST44349718184.31.62.93192.168.2.5
                      Apr 20, 2024 00:06:47.424609900 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:47.424669027 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:47.424730062 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:48.462759018 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:48.462790966 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:48.462860107 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:48.464132071 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:48.464147091 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:48.561106920 CEST49714443192.168.2.574.125.138.106
                      Apr 20, 2024 00:06:48.561137915 CEST4434971474.125.138.106192.168.2.5
                      Apr 20, 2024 00:06:48.618606091 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.618648052 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.618890047 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.619116068 CEST49721443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.619159937 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.619257927 CEST49721443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.619704008 CEST49721443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.619721889 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.619779110 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.619796991 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.962666988 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.962821007 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.963480949 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.963500977 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.963671923 CEST49721443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.963697910 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.963989019 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.964082003 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.965929985 CEST49721443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.966003895 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.966435909 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:48.966528893 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:48.966717958 CEST49721443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:49.012121916 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:49.097385883 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.097565889 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.100599051 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.100609064 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.101094007 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.125701904 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:49.233730078 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.340688944 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:49.340987921 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:49.341073036 CEST49721443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:49.361867905 CEST49721443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:49.361896038 CEST4434972167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:49.535861969 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.576114893 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.735009909 CEST49703443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:49.735109091 CEST49703443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:49.735673904 CEST49726443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:49.735708952 CEST4434972623.1.237.91192.168.2.5
                      Apr 20, 2024 00:06:49.735913992 CEST49726443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:49.736248970 CEST49726443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:49.736262083 CEST4434972623.1.237.91192.168.2.5
                      Apr 20, 2024 00:06:49.888900042 CEST4434970323.1.237.91192.168.2.5
                      Apr 20, 2024 00:06:49.888998985 CEST4434970323.1.237.91192.168.2.5
                      Apr 20, 2024 00:06:49.944782972 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.944844961 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.944864988 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.944883108 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.944931030 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.944952965 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.944968939 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.944991112 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.944998980 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.945009947 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.945039034 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.945039034 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.945049047 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.945065975 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.945163965 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.945183992 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.945247889 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.945249081 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:49.945261002 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.945380926 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:49.945507050 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:50.233576059 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:50.233576059 CEST49719443192.168.2.540.68.123.157
                      Apr 20, 2024 00:06:50.233606100 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:50.233616114 CEST4434971940.68.123.157192.168.2.5
                      Apr 20, 2024 00:06:50.582461119 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:50.582516909 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:50.582642078 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:50.583729982 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:50.583759069 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:50.605560064 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:50.648125887 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:51.289979935 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:51.290086031 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:51.290142059 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:51.290719986 CEST49720443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:51.290739059 CEST4434972067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:51.939366102 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:51.939644098 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:51.939660072 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:51.940805912 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:51.941559076 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:51.941737890 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:51.991766930 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.628514051 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.628562927 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.628658056 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.629698038 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.629713058 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.656275034 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.704124928 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.830882072 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.831274033 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.831379890 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.831650019 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.831650972 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.831679106 CEST4434972967.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.831778049 CEST49729443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.970873117 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.976710081 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.976722002 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.977128029 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:54.977571964 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:54.977639914 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:55.019968987 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:55.990782976 CEST4434972623.1.237.91192.168.2.5
                      Apr 20, 2024 00:06:55.990865946 CEST49726443192.168.2.523.1.237.91
                      Apr 20, 2024 00:06:56.582767963 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:56.582803965 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.582952976 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:56.583424091 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:56.583441019 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.590403080 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:56.632122993 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.761997938 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.762080908 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.762243032 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:56.764765024 CEST49730443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:56.764781952 CEST4434973067.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.925338030 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.925689936 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:56.925718069 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.926834106 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.927191973 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:56.927361965 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:56.968386889 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.584363937 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.584409952 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.584497929 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.587184906 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.587199926 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.598884106 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.640124083 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.774162054 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.774241924 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.774307966 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.803683996 CEST49731443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.803708076 CEST4434973167.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.928529978 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.932893991 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.932914972 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.933371067 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.933923006 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:06:58.934010029 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:06:58.976409912 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:08.582612991 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:08.582658052 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:08.582927942 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:08.583652020 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:08.583667040 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:08.594126940 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:08.640119076 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:08.770209074 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:08.770302057 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:08.770368099 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:08.770642996 CEST49732443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:08.770659924 CEST4434973267.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:10.614881992 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:10.614938974 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:10.615025997 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:10.615271091 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:10.615287066 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.361789942 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.362133026 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:13.362152100 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.362680912 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.363073111 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:13.363140106 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.363269091 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:13.408111095 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.742765903 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.743007898 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.743092060 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:13.743626118 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:13.743643045 CEST4434973467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:13.743659019 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:13.743717909 CEST49734443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:13.976609945 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:14.026901007 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:14.083225965 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:14.083246946 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:14.083775997 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:14.087141991 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:14.087229013 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:14.134695053 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:15.277179003 CEST4434972623.1.237.91192.168.2.5
                      Apr 20, 2024 00:07:15.277236938 CEST49726443192.168.2.523.1.237.91
                      Apr 20, 2024 00:07:16.927222967 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:16.927258968 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:16.927560091 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:16.928620100 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:16.928634882 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.264909029 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.280246973 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:17.280267954 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.280709982 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:17.280730963 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.281250954 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:17.281325102 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.323662996 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:17.324121952 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.456324100 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.456465960 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.456562996 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:17.456799030 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:17.456799030 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:17.456816912 CEST4434973367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:17.456901073 CEST49733443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.615631104 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.615674019 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.615731955 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.616568089 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.616584063 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.638356924 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.684118032 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.809240103 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.809324980 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.809393883 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.810688019 CEST49735443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.810694933 CEST4434973567.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.961714029 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.962033987 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.962048054 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.962352991 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:20.962872028 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:20.962929010 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:21.008313894 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:27.259320974 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:27.259386063 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:27.259531021 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:27.259959936 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:27.259979010 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:27.885828972 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:27.886019945 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:27.890537024 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:27.890573025 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:27.891097069 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:27.901846886 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:27.948117018 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.498951912 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.498970985 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.498986959 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.499037027 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:28.499043941 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.499078989 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.499119997 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.499135017 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:28.499135017 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:28.499145031 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.499155045 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:28.499211073 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.499365091 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:28.503772020 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:28.503772020 CEST49737443192.168.2.540.68.123.157
                      Apr 20, 2024 00:07:28.503787994 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:28.503798962 CEST4434973740.68.123.157192.168.2.5
                      Apr 20, 2024 00:07:30.584333897 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.584372997 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.584594011 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.585145950 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.585160017 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.603837967 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.648116112 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.781631947 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.781934977 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.781999111 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.782103062 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.782119036 CEST4434973667.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.782124043 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.782193899 CEST49736443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.925692081 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.925991058 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.926001072 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.926424980 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.926872969 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:30.926928997 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:30.980947971 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.614183903 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.614212036 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.614418030 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.614923954 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.614937067 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.616925955 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.660119057 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.787972927 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.788055897 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.788111925 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.796124935 CEST49738443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.796144009 CEST4434973867.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.962868929 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.963222980 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.963244915 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.963541985 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:32.963891029 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:32.963967085 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:33.007750988 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.604357004 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.604387045 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:34.604655981 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.606631994 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.606642962 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:34.614662886 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.656127930 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:34.785298109 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:34.785410881 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:34.785609961 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.785728931 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.785748005 CEST4434973967.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:34.785767078 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.785813093 CEST49739443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:34.944094896 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:34.999561071 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:35.361285925 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:35.361318111 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:35.361907959 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:35.362839937 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:35.362921000 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:35.402683020 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:37.161149025 CEST49742443192.168.2.574.125.138.106
                      Apr 20, 2024 00:07:37.161185026 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:37.161420107 CEST49742443192.168.2.574.125.138.106
                      Apr 20, 2024 00:07:37.161680937 CEST49742443192.168.2.574.125.138.106
                      Apr 20, 2024 00:07:37.161695957 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:37.375493050 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:37.375817060 CEST49742443192.168.2.574.125.138.106
                      Apr 20, 2024 00:07:37.375829935 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:37.376130104 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:37.376503944 CEST49742443192.168.2.574.125.138.106
                      Apr 20, 2024 00:07:37.376563072 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:37.423962116 CEST49742443192.168.2.574.125.138.106
                      Apr 20, 2024 00:07:38.595653057 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:38.640117884 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:38.767177105 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:38.767292023 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:38.767362118 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:38.790683031 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:38.790721893 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:38.790863037 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:38.791712046 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:38.791727066 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:38.792401075 CEST49741443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:38.792428017 CEST4434974167.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:39.130577087 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:39.157002926 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:39.157028913 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:39.157576084 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:39.157984018 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:39.158052921 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:39.198080063 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:47.387140989 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:47.387204885 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:47.387339115 CEST49742443192.168.2.574.125.138.106
                      Apr 20, 2024 00:07:48.557579994 CEST49742443192.168.2.574.125.138.106
                      Apr 20, 2024 00:07:48.557605028 CEST4434974274.125.138.106192.168.2.5
                      Apr 20, 2024 00:07:48.583837032 CEST49744443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:48.583884001 CEST4434974467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.583962917 CEST49744443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:48.584340096 CEST49744443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:48.584362984 CEST4434974467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.595354080 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:48.640122890 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.767281055 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.767370939 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.767440081 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:48.767846107 CEST49743443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:48.767860889 CEST4434974367.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.921765089 CEST4434974467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.922116041 CEST49744443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:48.922142029 CEST4434974467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.922525883 CEST4434974467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.922930956 CEST49744443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:48.922996044 CEST4434974467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:48.963649988 CEST49744443192.168.2.567.231.149.122
                      Apr 20, 2024 00:07:59.138582945 CEST4434974467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:59.138657093 CEST4434974467.231.149.122192.168.2.5
                      Apr 20, 2024 00:07:59.138711929 CEST49744443192.168.2.567.231.149.122
                      Apr 20, 2024 00:08:00.557276011 CEST49744443192.168.2.567.231.149.122
                      Apr 20, 2024 00:08:00.557307005 CEST4434974467.231.149.122192.168.2.5

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 20, 2024 00:06:34.456661940 CEST53515711.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:34.469125032 CEST53655081.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:35.099370956 CEST53502751.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:35.576097012 CEST5099453192.168.2.51.1.1.1
                      Apr 20, 2024 00:06:35.576303959 CEST5397953192.168.2.51.1.1.1
                      Apr 20, 2024 00:06:35.752793074 CEST53539791.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:35.884491920 CEST53509941.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:37.101824999 CEST6302253192.168.2.51.1.1.1
                      Apr 20, 2024 00:06:37.101982117 CEST5981053192.168.2.51.1.1.1
                      Apr 20, 2024 00:06:37.206383944 CEST53630221.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:37.206432104 CEST53598101.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:37.474060059 CEST6168253192.168.2.51.1.1.1
                      Apr 20, 2024 00:06:37.474237919 CEST5632353192.168.2.51.1.1.1
                      Apr 20, 2024 00:06:37.579631090 CEST53563231.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:37.580492020 CEST53616821.1.1.1192.168.2.5
                      Apr 20, 2024 00:06:52.148350954 CEST53596641.1.1.1192.168.2.5
                      Apr 20, 2024 00:07:10.967242956 CEST53653201.1.1.1192.168.2.5
                      Apr 20, 2024 00:07:33.017333031 CEST53561141.1.1.1192.168.2.5
                      Apr 20, 2024 00:07:34.082405090 CEST53654771.1.1.1192.168.2.5
                      Apr 20, 2024 00:07:38.578833103 CEST5535953192.168.2.51.1.1.1
                      Apr 20, 2024 00:07:38.579103947 CEST6211153192.168.2.51.1.1.1
                      Apr 20, 2024 00:07:38.731017113 CEST53553591.1.1.1192.168.2.5
                      Apr 20, 2024 00:07:38.828635931 CEST53621111.1.1.1192.168.2.5
                      Apr 20, 2024 00:08:00.968605042 CEST53520621.1.1.1192.168.2.5

                      ICMP Packets

                      TimestampSource IPDest IPChecksumCodeType
                      Apr 20, 2024 00:07:38.828707933 CEST192.168.2.51.1.1.1c258(Port unreachable)Destination Unreachable

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Apr 20, 2024 00:06:35.576097012 CEST192.168.2.51.1.1.10x701dStandard query (0)securemail.americanfidelity.comA (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:35.576303959 CEST192.168.2.51.1.1.10x1ddeStandard query (0)securemail.americanfidelity.com65IN (0x0001)false
                      Apr 20, 2024 00:06:37.101824999 CEST192.168.2.51.1.1.10x6983Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.101982117 CEST192.168.2.51.1.1.10xecbdStandard query (0)www.google.com65IN (0x0001)false
                      Apr 20, 2024 00:06:37.474060059 CEST192.168.2.51.1.1.10xbf73Standard query (0)securemail.americanfidelity.comA (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.474237919 CEST192.168.2.51.1.1.10xbc84Standard query (0)securemail.americanfidelity.com65IN (0x0001)false
                      Apr 20, 2024 00:07:38.578833103 CEST192.168.2.51.1.1.10xc192Standard query (0)securemail.americanfidelity.comA (IP address)IN (0x0001)false
                      Apr 20, 2024 00:07:38.579103947 CEST192.168.2.51.1.1.10x70c6Standard query (0)securemail.americanfidelity.com65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Apr 20, 2024 00:06:35.752793074 CEST1.1.1.1192.168.2.50x1ddeNo error (0)securemail.americanfidelity.compe-0018f201.gslb.pphosted.comCNAME (Canonical name)IN (0x0001)false
                      Apr 20, 2024 00:06:35.884491920 CEST1.1.1.1192.168.2.50x701dNo error (0)securemail.americanfidelity.compe-0018f201.gslb.pphosted.comCNAME (Canonical name)IN (0x0001)false
                      Apr 20, 2024 00:06:35.884491920 CEST1.1.1.1192.168.2.50x701dNo error (0)pe-0018f201.gslb.pphosted.com67.231.149.122A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.206383944 CEST1.1.1.1192.168.2.50x6983No error (0)www.google.com74.125.138.106A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.206383944 CEST1.1.1.1192.168.2.50x6983No error (0)www.google.com74.125.138.147A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.206383944 CEST1.1.1.1192.168.2.50x6983No error (0)www.google.com74.125.138.103A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.206383944 CEST1.1.1.1192.168.2.50x6983No error (0)www.google.com74.125.138.99A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.206383944 CEST1.1.1.1192.168.2.50x6983No error (0)www.google.com74.125.138.105A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.206383944 CEST1.1.1.1192.168.2.50x6983No error (0)www.google.com74.125.138.104A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:06:37.206432104 CEST1.1.1.1192.168.2.50xecbdNo error (0)www.google.com65IN (0x0001)false
                      Apr 20, 2024 00:06:37.579631090 CEST1.1.1.1192.168.2.50xbc84No error (0)securemail.americanfidelity.compe-0018f201.gslb.pphosted.comCNAME (Canonical name)IN (0x0001)false
                      Apr 20, 2024 00:06:37.580492020 CEST1.1.1.1192.168.2.50xbf73No error (0)securemail.americanfidelity.compe-0018f201.gslb.pphosted.comCNAME (Canonical name)IN (0x0001)false
                      Apr 20, 2024 00:06:37.580492020 CEST1.1.1.1192.168.2.50xbf73No error (0)pe-0018f201.gslb.pphosted.com67.231.149.122A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:07:38.731017113 CEST1.1.1.1192.168.2.50xc192No error (0)securemail.americanfidelity.compe-0018f201.gslb.pphosted.comCNAME (Canonical name)IN (0x0001)false
                      Apr 20, 2024 00:07:38.731017113 CEST1.1.1.1192.168.2.50xc192No error (0)pe-0018f201.gslb.pphosted.com67.231.149.122A (IP address)IN (0x0001)false
                      Apr 20, 2024 00:07:38.828635931 CEST1.1.1.1192.168.2.50x70c6No error (0)securemail.americanfidelity.compe-0018f201.gslb.pphosted.comCNAME (Canonical name)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • securemail.americanfidelity.com
                      • https:
                      • fs.microsoft.com
                      • slscr.update.microsoft.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.54970967.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:36 UTC705OUTGET /securereader/help.jsf?lang=enus HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-04-19 22:06:36 UTC649INHTTP/1.1 200 200
                      Date: Fri, 19 Apr 2024 22:06:36 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Set-Cookie: JSESSIONID=694377C52F368E73C0C59D9F739A017B; Path=/securereader; Secure; HttpOnly
                      Pragma: no-cache
                      Cache-Control: no-store, max-age=0
                      Expires: Thu, 30 Sep 2021 23:59:59 GMT
                      Content-Length: 224
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      X-UA-Compatible: IE=edge
                      Connection: close
                      Content-Type: text/html;charset=UTF-8
                      2024-04-19 22:06:36 UTC224INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 09 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 09 3c 68 65 61 64 3e 0a 09 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 52 45 46 52 45 53 48 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 68 65 6c 70 2f 65 6e 75 73 5f 65 6e 63 72 79 70 74 69 6f 6e 2e 68 74 6d 22 20 2f 3e 0a 09 09 3c 2f 68 65 61 64 3e 0a 09 09 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 0a 09 3c 2f 68 74 6d 6c 3e
                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8" /><meta http-equiv="REFRESH" content="0;url=/help/enus_encryption.htm" /></head><body></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.54971067.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:36 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Referer: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-04-19 22:06:37 UTC600INHTTP/1.1 200 200
                      Date: Fri, 19 Apr 2024 22:06:36 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Accept-Ranges: bytes
                      ETag: W/"8905-1418437582000"
                      Last-Modified: Sat, 13 Dec 2014 02:26:22 GMT
                      Content-Length: 8905
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:06:36 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      2024-04-19 22:06:37 UTC7592INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 0d 0a 3c 74 69 74 6c 65 3e 50 72 6f 6f 66 70 6f 69 6e 74 20 45 6e 63 72 79 70 74 69 6f 6e 20 48 65 6c 70 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 62 6f 64 79 0d 0a 7b 0d 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 68 31 3e 55 73 69 6e 67 20 50 72 6f 6f 66 70 6f 69 6e 74 20 45 6e 63 72 79 70 74 69 6f 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 20 3c 62 3e 43 6f 6e 74 65 6e 74 73 3c 2f 62 3e 3c 2f 70 3e 0d 0a 3c 70 3e 3c 61 20 68 72 65 66 3d 22 23 52 65 63 65 69 76 69 6e 67 5f 45 6e 63 72 79 70 74 65 64 5f 45 6d 61 69 6c 22 3e 52 65
                      Data Ascii: <!DOCTYPE html><html><head><title>Proofpoint Encryption Help</title><style>body{font-family:"Verdana";}</style></head><body><h1>Using Proofpoint Encryption</h1><p> <b>Contents</b></p><p><a href="#Receiving_Encrypted_Email">Re
                      2024-04-19 22:06:37 UTC592INData Raw: 66 20 79 6f 75 20 73 74 69 6c 6c 20 63 61 6e 6e 6f 74 20 64 65 63 72 79 70 74 20 74 68 65 20 6d 65 73 73 61 67 65 2c 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 65 6d 61 69 6c 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 0d 0a 0d 0a 3c 6c 69 3e 0d 0a 3c 62 3e 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 68 61 73 20 62 65 65 6e 20 64 69 73 61 62 6c 65 64 2e 3c 2f 62 3e 0d 0a 3c 62 72 3e 0d 0a 59 6f 75 72 20 65 6d 61 69 6c 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 68 61 73 20 64 69 73 61 62 6c 65 64 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 2e 0d 0a 3c 6c 69 3e 0d 0a 3c 62 3e 4c 6f 67 69 6e 20 44 69 73 61 62 6c 65 64 3c 2f 62 3e 0d 0a 3c 62 72 3e 59 6f 75 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 70 65 72 66 6f 72 6d 20 74 68
                      Data Ascii: f you still cannot decrypt the message, contact your email administrator.<li><b>Your account has been disabled.</b><br>Your email administrator has disabled your account.<li><b>Login Disabled</b><br>You do not have permission to perform th
                      2024-04-19 22:06:37 UTC721INData Raw: 20 54 68 69 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 64 6f 65 73 20 6e 6f 74 20 61 70 70 6c 79 20 74 6f 20 70 6c 61 69 6e 20 74 65 78 74 2e 0d 0a 3c 70 3e 0d 0a 3c 69 3e 49 6e 74 65 72 6d 69 74 74 65 6e 74 20 50 72 6f 62 6c 65 6d 20 77 69 74 68 20 52 65 70 6c 79 69 6e 67 20 74 6f 20 6f 72 20 46 6f 72 77 61 72 64 69 6e 67 20 53 65 63 75 72 65 20 4d 65 73 73 61 67 65 73 3c 2f 69 3e 0d 0a 3c 70 3e 0d 0a 0d 0a 49 66 20 50 72 6f 6f 66 70 6f 69 6e 74 20 45 6e 63 72 79 70 74 69 6f 6e 20 68 61 6e 67 73 20 77 68 65 6e 20 79 6f 75 20 74 72 79 20 74 6f 20 63 6f 6d 70 6f 73 65 20 61 20 6d 65 73 73 61 67 65 20 61 6e 64 20 63 6c 69 63 6b 20 74 68 65 0d 0a 52 65 70 6c 79 2c 20 52 65 70 6c 79 20 41 6c 6c 2c 20 6f 72 20 46 6f 72 77 61 72 64 20 6c 69 6e 6b 73 2c 20 63 6c 69
                      Data Ascii: This limitation does not apply to plain text.<p><i>Intermittent Problem with Replying to or Forwarding Secure Messages</i><p>If Proofpoint Encryption hangs when you try to compose a message and click theReply, Reply All, or Forward links, cli


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.54971367.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:37 UTC642OUTGET /favicon.ico HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://securemail.americanfidelity.com/help/enus_encryption.htm
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-04-19 22:06:37 UTC598INHTTP/1.1 200 OK
                      Date: Fri, 19 Apr 2024 22:06:37 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Last-Modified: Fri, 09 Sep 2022 18:31:36 GMT
                      ETag: "47e-5e842c188b200"
                      Accept-Ranges: bytes
                      Content-Length: 1150
                      Cache-Control: public, max-age=1550000
                      Expires: Fri, 19 Apr 2024 22:06:37 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close
                      Content-Type: image/x-icon
                      2024-04-19 22:06:37 UTC1150INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 f3 0e 00 00 f3 0e 00 00 00 00 00 00 00 00 00 00 d7 8c 02 ff ec 92 00 ff ee 8f 00 ff d6 82 04 ff d6 86 0f ff eb 92 0c ff e6 86 00 ff ec 90 01 ff ef 90 00 ff e9 8d 00 ff e4 89 06 ff e4 88 0b ff e3 87 0a ff e3 88 05 ff e3 89 02 ff e4 8c 02 ff eb 8c 00 ff f5 8b 00 ff e5 8b 0f ff ef be 80 ff ff f0 d9 ff ff e8 bf ff ea a2 44 ff f1 88 01 ff d8 8b 10 ff e2 8e 0c ff e8 8d 03 ff eb 89 00 ff e9 8b 02 ff e6 8d 07 ff e1 8c 08 ff de 8a 08 ff d5 88 13 ff f0 8a 00 ff eb 8c 0d ff fc d4 a0 ff f1 fb ff ff fb fe ff ff dc a7 64 ff ef 8a 05 ff dd 88 0a ff e9 8c 01 ff ee 8b 00 ff eb 8b 00 ff e6 8e 01 ff df 8c 08 ff db 88 04 ff e2 89 03 ff c5
                      Data Ascii: h( Dd


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.54971567.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:37 UTC366OUTGET /favicon.ico HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: */*
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-04-19 22:06:38 UTC598INHTTP/1.1 200 OK
                      Date: Fri, 19 Apr 2024 22:06:38 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Last-Modified: Fri, 09 Sep 2022 18:31:36 GMT
                      ETag: "47e-5e842c188b200"
                      Accept-Ranges: bytes
                      Content-Length: 1150
                      Cache-Control: public, max-age=1550000
                      Expires: Fri, 19 Apr 2024 22:06:38 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close
                      Content-Type: image/x-icon
                      2024-04-19 22:06:38 UTC1150INData Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 f3 0e 00 00 f3 0e 00 00 00 00 00 00 00 00 00 00 d7 8c 02 ff ec 92 00 ff ee 8f 00 ff d6 82 04 ff d6 86 0f ff eb 92 0c ff e6 86 00 ff ec 90 01 ff ef 90 00 ff e9 8d 00 ff e4 89 06 ff e4 88 0b ff e3 87 0a ff e3 88 05 ff e3 89 02 ff e4 8c 02 ff eb 8c 00 ff f5 8b 00 ff e5 8b 0f ff ef be 80 ff ff f0 d9 ff ff e8 bf ff ea a2 44 ff f1 88 01 ff d8 8b 10 ff e2 8e 0c ff e8 8d 03 ff eb 89 00 ff e9 8b 02 ff e6 8d 07 ff e1 8c 08 ff de 8a 08 ff d5 88 13 ff f0 8a 00 ff eb 8c 0d ff fc d4 a0 ff f1 fb ff ff fb fe ff ff dc a7 64 ff ef 8a 05 ff dd 88 0a ff e9 8c 01 ff ee 8b 00 ff eb 8b 00 ff e6 8e 01 ff df 8c 08 ff db 88 04 ff e2 89 03 ff c5
                      Data Ascii: h( Dd


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.549716184.31.62.93443
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:39 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-04-19 22:06:39 UTC467INHTTP/1.1 200 OK
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (chd/079C)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-eus-z1
                      Cache-Control: public, max-age=118602
                      Date: Fri, 19 Apr 2024 22:06:39 GMT
                      Connection: close
                      X-CID: 2


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.549718184.31.62.93443
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:39 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                      Range: bytes=0-2147483646
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-04-19 22:06:40 UTC805INHTTP/1.1 200 OK
                      ApiVersion: Distribute 1.1
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (chd/0778)
                      X-CID: 11
                      X-CCC: US
                      X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z
                      X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z
                      Content-Type: application/octet-stream
                      X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                      Cache-Control: public, max-age=118622
                      Date: Fri, 19 Apr 2024 22:06:40 GMT
                      Content-Length: 55
                      Connection: close
                      X-CID: 2
                      2024-04-19 22:06:40 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.54972167.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:48 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:06:49 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:06:49 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:06:49 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.54971940.68.123.157443
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:49 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Gzs+W8BSvtHk3yc&MD=ac+Mt9NH HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2024-04-19 22:06:49 UTC560INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                      MS-CorrelationId: af57f629-7d0e-4338-a4ec-8520212b9af2
                      MS-RequestId: f1e491da-5ebf-4fdf-8855-e0ffcd8da881
                      MS-CV: ZcDRwL2FzkuyIp9X.0
                      X-Microsoft-SLSClientCache: 2880
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Fri, 19 Apr 2024 22:06:49 GMT
                      Connection: close
                      Content-Length: 24490
                      2024-04-19 22:06:49 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                      2024-04-19 22:06:49 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.54972067.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:50 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:06:51 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:06:50 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:06:50 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.54972967.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:54 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:06:54 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:06:54 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:06:54 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.54973067.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:56 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:06:56 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:06:56 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:06:56 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.54973167.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:06:58 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:06:58 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:06:58 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:06:58 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      12192.168.2.54973267.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:08 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:08 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:08 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:08 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      13192.168.2.54973467.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:13 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:13 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:13 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:13 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      14192.168.2.54973367.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:17 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:17 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:17 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:17 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      15192.168.2.54973567.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:20 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:20 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:20 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:20 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      16192.168.2.54973740.68.123.157443
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:27 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Gzs+W8BSvtHk3yc&MD=ac+Mt9NH HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2024-04-19 22:07:28 UTC560INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                      MS-CorrelationId: 2d8e9ab7-e89a-4575-bd01-654b918346e5
                      MS-RequestId: 01dcd089-b403-45d4-8a82-b09ceef860e5
                      MS-CV: fZGCtcEsrE+LdciT.0
                      X-Microsoft-SLSClientCache: 2160
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Fri, 19 Apr 2024 22:07:27 GMT
                      Connection: close
                      Content-Length: 25457
                      2024-04-19 22:07:28 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                      Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                      2024-04-19 22:07:28 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                      Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      17192.168.2.54973667.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:30 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:30 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:30 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:30 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      18192.168.2.54973867.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:32 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:32 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:32 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:32 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      19192.168.2.54973967.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:34 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:34 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:34 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:34 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      20192.168.2.54974167.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:38 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:38 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:38 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:38 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      21192.168.2.54974367.231.149.1224436192C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 22:07:48 UTC767OUTGET /help/enus_encryption.htm HTTP/1.1
                      Host: securemail.americanfidelity.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      If-None-Match: W/"8905-1418437582000"
                      If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
                      2024-04-19 22:07:48 UTC470INHTTP/1.1 304 304
                      Date: Fri, 19 Apr 2024 22:07:48 GMT
                      Server:
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      ETag: W/"8905-1418437582000"
                      Cache-Control: max-age=0
                      Expires: Fri, 19 Apr 2024 22:07:48 GMT
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      X-Content-Type-Options: nosniff
                      Expect-CT: max-age=86400, enforce
                      Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:00:06:29
                      Start date:20/04/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff715980000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:2
                      Start time:00:06:31
                      Start date:20/04/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2084,i,8693577889849474165,13308520653726380572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff715980000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:3
                      Start time:00:06:34
                      Start date:20/04/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus"
                      Imagebase:0x7ff715980000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      No disassembly