Edit tour

Windows Analysis Report
SecureMessageAtt.html

Overview

General Information

Sample name:	SecureMessageAtt.html
Analysis ID:	1428977
MD5:	1d28aebc4cb2e6a1b2973430272e171b
SHA1:	849718ff3229686c9608c1a17e785e20222ce35b
SHA256:	bcff3b94d850c48c0bbd760791a4dd28b754d3e94d6e958ff54579284402d2c0
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Contains VNC / remote desktop functionality (version string found)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\SecureMessageAtt.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1996,i,3822043218176268392,2533187350089635544,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: SecureMessageAtt.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/SecureMessageAtt.html	HTTP Parser: No favicon
Source: https://securemail.americanfidelity.com/help/enus_encryption.htm	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49738 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.126.152:443 -> 192.168.2.6:49774 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49738 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 52.159.127.243
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93

Source: global traffic	HTTP traffic detected: GET /securereader/Image?c=logo&b=1&i=0&rnd=9.80372576023722 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /securereader/Image?c=lock&b=1&rnd=2.99930044764984 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /securereader/Image?c=logo&b=1&i=0&rnd=9.80372576023722 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /securereader/Image?c=lock&b=1&rnd=2.99930044764984 HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F9XHw517476Raza&MD=5DTCDzf+ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /securereader/help.jsf?lang=enus HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enusAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enusAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F9XHw517476Raza&MD=5DTCDzf+ HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
Source: global traffic	HTTP traffic detected: GET /help/enus_encryption.htm HTTP/1.1Host: securemail.americanfidelity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"8905-1418437582000"If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT

Source: unknown

DNS traffic detected: queries for: securemail.americanfidelity.com

Source: SecureMessageAtt.html	String found in binary or memory: https://securemail.americanfidelity.com/formpostdir/safeformpost.aspx
Source: SecureMessageAtt.html	String found in binary or memory: https://securemail.americanfidelity.com/securereader/Image?c=lock&b=1&rnd=2.99930044764984
Source: SecureMessageAtt.html	String found in binary or memory: https://securemail.americanfidelity.com/securereader/Image?c=logo&b=1&i=0&rnd=9.80372576023722
Source: SecureMessageAtt.html	String found in binary or memory: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.126.152:443 -> 192.168.2.6:49774 version: TLS 1.2

Source: classification engine

Classification label: sus21.troj.winHTML@45/11@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\SecureMessageAtt.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1996,i,3822043218176268392,2533187350089635544,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1996,i,3822043218176268392,2533187350089635544,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecureMessageAtt.html

Static file information: File size 2456635 > 1048576

Source: SecureMessageAtt.html	Binary or memory string: HOyHPh2NFYehlHjDxod6CMXQ1TIXGq3qfFvmcIVLTCDqu4lX5TWURBjV+SI2Hz4PzWpT57hqtRP5
Source: SecureMessageAtt.html	Binary or memory string: 3oDl/UihsSQGgfFzx0GIjeOfNynZF8Oo9sQRDMaOMBDCyVMCixyQ78rQ062SCc2+H3XfkfNdomTn
Source: SecureMessageAtt.html	Binary or memory string: li5TVnDQqEmUo08uu+HHOMY2PHqf8bDfY9oNOtxvM/kVFQOuRdQ+Cvy+U573Cxh6PowfJcwEBUPp
Source: SecureMessageAtt.html	Binary or memory string: 5UmHGfs9YYRVm+UVU405eTLic5D2czRYq9WI3Bf9ZzDcZpQmddoDErfvXsHr4rdTnGe0uDycIDX9
Source: SecureMessageAtt.html	Binary or memory string: wH91NAKqeMUnxMVOQSNn3hVQPTmyPgZhRefYe8/NSc/KV6jcBCxEeaEoUUHD6hnjCag7+xZecfOX
Source: SecureMessageAtt.html	Binary or memory string: du1R1v2w05ke8D1y2JJvY7nkJkNM58Au5gJf+mzqemU6F0qqnsMT179kDKvNIFJ4evTZviSx4A5O

Remote Access Functionality

Contains VNC / remote desktop functionality (version string found)

Source: SecureMessageAtt.html

String found in binary or memory: n8ZfPk16w3vnc32fSUsTuT0uZ491kkHbMnf8CB5v4ELb7LaFdu67Wy8bKuv/ZV19/OCwZlFUlypT

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Security Software Discovery	1 Remote Desktop Protocol	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	172.253.124.147	true	false	high
pe-0018f201.gslb.pphosted.com	67.231.149.122	true	false	high
securemail.americanfidelity.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
file:///C:/Users/user/Desktop/SecureMessageAtt.html	false	low
https://securemail.americanfidelity.com/help/enus_encryption.htm	false	high
https://securemail.americanfidelity.com/help/enus_encryption.htm#Reading_a_Secure_Message_on_a_Smart_Phone	false	high
https://securemail.americanfidelity.com/help/enus_encryption.htm#Troubleshooting	false	high
https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus	false	high
https://securemail.americanfidelity.com/help/enus_encryption.htm#Adding_Recipients	false	high
https://securemail.americanfidelity.com/favicon.ico	false	high
https://securemail.americanfidelity.com/securereader/Image?c=logo&b=1&i=0&rnd=9.80372576023722	false	high
https://securemail.americanfidelity.com/help/enus_encryption.htm#Replying_or_Forwarding	false	high
https://securemail.americanfidelity.com/securereader/Image?c=lock&b=1&rnd=2.99930044764984	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://securemail.americanfidelity.com/formpostdir/safeformpost.aspx	SecureMessageAtt.html	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
67.231.149.122	pe-0018f201.gslb.pphosted.com	United States	26211	PROOFPOINT-ASN-US-WESTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.124.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428977
Start date and time:	2024-04-20 00:05:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecureMessageAtt.html
Detection:	SUS
Classification:	sus21.troj.winHTML@45/11@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html Browse: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Replying_or_Forwarding Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Adding_Recipients Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Reading_a_Secure_Message_on_a_Smart_Phone Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Resetting_Your_Expired_Password Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Troubleshooting Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Adding_Recipients Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Reading_a_Secure_Message_on_a_Smart_Phone Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Resetting_Your_Expired_Password Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Troubleshooting Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Replying_or_Forwarding Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Reading_a_Secure_Message_on_a_Smart_Phone Browse: https://securemail.americanfidelity.com/help/enus_encryption.htm#Resetting_Your_Expired_Password

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.136.94, 64.233.176.84, 74.125.138.100, 74.125.138.139, 74.125.138.101, 74.125.138.102, 74.125.138.113, 74.125.138.138, 34.104.35.123, 172.253.124.95, 64.233.185.95, 172.217.215.95, 74.125.136.95, 108.177.122.95, 142.251.15.95, 64.233.176.95, 142.250.105.95, 64.233.177.95, 142.250.9.95, 74.125.138.95, 173.194.219.95, 192.229.211.108, 23.40.205.49, 142.250.9.94, 23.40.205.26, 64.233.177.139, 64.233.177.100, 64.233.177.138, 64.233.177.102, 64.233.177.101, 64.233.177.113
Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: SecureMessageAtt.html

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://allmylinkswebgt.z13.web.core.windows.net/index.html	Get hash	malicious	Unknown	Browse
	https://phrmacompliance-my.sharepoint.com/:b:/g/personal/jjessen_pharma-compliance_net/EQZ_BD-NnrNInOz6x58pqAABLCZuVkxMtPHJVQGDMcKQDA?e=as678X	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://estgirls-my.sharepoint.com/:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK	Get hash	malicious	HTMLPhisher	Browse
	https://estgirls-my.sharepoint.com/:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK	Get hash	malicious	HTMLPhisher	Browse
	https://runrun.it/share/portal/EfC1XUoTbGbNOUmd	Get hash	malicious	HTMLPhisher	Browse
	FFE Order details - Cincy v41720.xlsx	Get hash	malicious	Unknown	Browse
	FFE Order details - Cincy v41720.xlsx	Get hash	malicious	Unknown	Browse
	FFE Order details - Cincy v41720.xlsx	Get hash	malicious	Unknown	Browse
	https://sacbags.com.ar:443/swa	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse
	http://lumoleadership.com	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PROOFPOINT-ASN-US-WESTUS	S23UhdW5DH.exe	Get hash	malicious	LummaC, Glupteba, SmokeLoader, Socks5Systemz, Stealc	Browse	205.220.166.26
	v6SEx6rJ3E.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc, Vidar	Browse	67.231.145.181
	Message.scr.exe	Get hash	malicious	MyDoom	Browse	205.220.164.130
	https://digiturktv.app/ambershellpoint.html	Get hash	malicious	Unknown	Browse	67.231.145.92
	https://southlandsilica.com//pay-offsfiles.html	Get hash	malicious	HTMLPhisher	Browse	67.231.145.92
	https://applogyx.com//caltitle.html	Get hash	malicious	HTMLPhisher	Browse	67.231.145.92
	SecureMessageAtt.html	Get hash	malicious	Unknown	Browse	67.231.145.92
	IDzTyPghZg.exe	Get hash	malicious	Unknown	Browse	208.84.65.119
	newtpp.exe	Get hash	malicious	Phorpiex	Browse	148.163.157.242
	gEkl9O5tiu.exe	Get hash	malicious	Phorpiex	Browse	205.220.168.57

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://keenetownhall-my.sharepoint.com/:b:/g/personal/amanda_keenetownhall_org/ESKbqbSIMj5ElsbdsfaEg7oBgkFm5H_JqS97uaySzVhJDQ?e=KMMz4y	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
	https://www.canva.com/design/DAGC4eUhMw0/cKr_ImwjL8JW0nUMNMi5QA/view?utm_content=DAGC4eUhMw0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://app.box.com/s/hiphn6dvy4mquaedfrgoqd500cedhaza	Get hash	malicious	Unknown	Browse	173.222.162.64
	rTDN001-180424_PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	173.222.162.64
	rJlMhHdHP2mDzMGx.exe	Get hash	malicious	AgentTesla	Browse	173.222.162.64
	UPDATED SSTATEMENT OF ACCOUNT.exe	Get hash	malicious	AgentTesla	Browse	173.222.162.64
	REMITTANCE COPY.exe	Get hash	malicious	AgentTesla	Browse	173.222.162.64
	https://www.dropbox.com/l/scl/AADwcgxTbjuvzakz6kszZMzP6RXavhxhixQ	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
	eOU2MVDmTd.exe	Get hash	malicious	CredGrabber, Meduza Stealer, PureLog Stealer, zgRAT	Browse	173.222.162.64
	https://cionfacttalleriproj.norwayeast.cloudapp.azure.com/?finanzas.busqueda?q=Secretar%C3%ADa+de+Administraci%C3%B3n+y+Finanzas?30337974_3097_705331937556-157889157889770732479410588494105884	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
28a2c9bd18a11de089ef85a160da29e4	https://allmylinkswebgt.z13.web.core.windows.net/index.html	Get hash	malicious	Unknown	Browse	40.127.169.103 184.31.62.93
	https://phrmacompliance-my.sharepoint.com/:b:/g/personal/jjessen_pharma-compliance_net/EQZ_BD-NnrNInOz6x58pqAABLCZuVkxMtPHJVQGDMcKQDA?e=as678X	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	40.127.169.103 184.31.62.93
	https://estgirls-my.sharepoint.com/:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.31.62.93
	https://estgirls-my.sharepoint.com/:b:/g/personal/s7958766_estg_moe_gov_sa/EeCN0MAR0F5NufUZkT2Q-mcBn4v13Ov8FQ0oi798Dgtayg?e=zTKNmK	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.31.62.93
	https://runrun.it/share/portal/EfC1XUoTbGbNOUmd	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.31.62.93
	FFE Order details - Cincy v41720.xlsx	Get hash	malicious	Unknown	Browse	40.127.169.103 184.31.62.93
	https://keenetownhall-my.sharepoint.com/:b:/g/personal/amanda_keenetownhall_org/ESKbqbSIMj5ElsbdsfaEg7oBgkFm5H_JqS97uaySzVhJDQ?e=KMMz4y	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.31.62.93
	https://1drv.ms/o/s!BDwGtOL3Ob0ShA6L6a7ghGOEVOBw?e=-nVgacgL8k2GcXGT6ejjHg&at=9%22)%20and%20ContentType:(%221%22)	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	40.127.169.103 184.31.62.93
	Encrypted_PaymentAdvice_Reference.html	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.31.62.93
	https://www.canva.com/design/DAGC4eUhMw0/cKr_ImwjL8JW0nUMNMi5QA/view?utm_content=DAGC4eUhMw0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	40.127.169.103 184.31.62.93
3b5074b1b5d032e5620f69f9f700ff0e	https://keenetownhall-my.sharepoint.com/:b:/g/personal/amanda_keenetownhall_org/ESKbqbSIMj5ElsbdsfaEg7oBgkFm5H_JqS97uaySzVhJDQ?e=KMMz4y	Get hash	malicious	HTMLPhisher	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	https://www.canva.com/design/DAGC4eUhMw0/cKr_ImwjL8JW0nUMNMi5QA/view?utm_content=DAGC4eUhMw0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	z1E-catalogSamples.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	rTDN001-180424_PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	PO-095325.scr.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	Copy of Poseidon Marine 4th monthly Stores Apr 2024 R3 .xls.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	W4tW72sfAD.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	http://www.sushi-idea.com	Get hash	malicious	Unknown	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	Receipt_032114005.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	52.159.127.243 52.159.126.152 20.25.241.18
	DHL.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243 52.159.126.152 20.25.241.18

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 90 x 68
Category:	dropped
Size (bytes):	1984
Entropy (8bit):	7.69368813786086
Encrypted:	false
SSDEEP:	48:0iDSa/lZFiVs1W5mcGunaDYrBfPP3wk4HhbxuuXl80of:0iDSa/ToVs9woYBfnANb4d0w
MD5:	9440BB3FD1093DFE90F1220E35D4844B
SHA1:	24F5CCD4B4628350A46CBA41CE03C8AEBD20763C
SHA-256:	4234C8947994F3E0EE8831357FE39B0A7C27B82356ABFA3C075B46FA7B37D541
SHA-512:	9D0C74F7F17A07304CF31085CEEADE035B3754B0D1349BEBF39A8A4B6259C6644D1A27E1DAF9078D88FEF296B312A00874A01F9DD40D6C509B7F0B44862F9693
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	GIF89aZ.D........:^.:_.;`.;a.=`.<b.=c.>`.>c.>d.?e.?f.=b.@c.Ad.Ah.Bi.Bi.Bj.Ck.Cl.Dl.Dm.En.Fn.Fo.Gp.Hr.Is.@c.Ae.Ce.De.Df.Dg.Ch.Gi.Gj.Hh.Jl.Kw.Lx.My.Nz.O\|.P}.Q~.R. Mn!Nm"No$Oo%Qq%Rq&Rs'Tr)Ut+Vv.Xx4\{5^{7_}8_\|:b..S..T..U..X..Y..[..[..\..]..]..^..^.._..`..a..b..e..f..l..l..l..n..n..o..p..q..r..s..u..v.-_.`.)k.3f.9c.?f.)o.#t. w. x. x.!y.!z.!z."{."\|."\|."}."}."~.#~.#..@f.Di.Ej.Fl.Hm.Io.Jp.Lp.Mr.Qs.Rt.Vw.Wy.Yz.[\|.\}.]}.#..$..$..$..%..%..&..&..&..'..'..'..'..'..(..(..(..(..)....(..-.....1..1..3..9..1..5..8..:..;..<..=..?..?..>..d..h..i..j..l..p..q..s..v..z..\|..~..A..B..C..D..G..F..H..K..K..M..M..M..O..R..Q..S..V..T..V..Y..Z..X..\..].._..b..g..h..l..j..m..t..u..x..y..{...........................................................................................!.......,....Z.D........H......\....#J.H....3j.... C..I...(......0c.I.&...p.t.@..@...J.h..'Q.]...B#e.!......D.1.....].k...B>...Q...?....S.OB.k.%.....v."..g....e...S.AX....,p.P.?....T..Ay.b.........Pt4P.a

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 187 x 42
Category:	dropped
Size (bytes):	2197
Entropy (8bit):	7.772752509343987
Encrypted:	false
SSDEEP:	48:4AnBxIfxXQmp/HXqmg+pQLRB0ou+doAKV4NSV28AUHzdxOmzVH0LgBOO:pnBO5AGHBOvnuy8L2T40iF0EBOO
MD5:	3CA3F016E03015A849316751F7C87186
SHA1:	EF64CFC852462E46079820C238D303B44D753DCB
SHA-256:	7D7F289A00B24A4CCC2F4067EF7B5A664BE4390CFAC1945521691035F77A2F5D
SHA-512:	012F19F3F41A114B89407C7AAF7D734DCAF3D43CD3E74F94BDBE82B77FA58C0E836FCB3FDC1ACE1CD46900AA39EB7A3D79C0BC5DF0C24702E8045550820A817C
Malicious:	false
Reputation:	low
Preview:	GIF89a................................................................................................... !!!"""###$$$%%%&&&'''((()))*+++---///000111333444555666777888999:::;;;<<<>>>???@@@AAACCCDDDEEEFFFHHHJJJKKKLLLMMMNNNOOOPPPQQQRRRTTTVVVWWWXXXYYYZZZ[[[\\\^^^```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvxxxyyyzzz{{{\|\|\|~~~.............................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..............H......\....#J.H....3j.... C..I...(S.\...0G...E..K'...i'U.$...:...WD.h.x..Sd.J%.(.P'G.......`eXUz.+......Vj..,.e.j....\HqM..e._. ~.v../[..2...\B.D.4D..pCh.lA.xNqAdI...E/).D9h.<0.^..

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 90 x 68
Category:	downloaded
Size (bytes):	1984
Entropy (8bit):	7.69368813786086
Encrypted:	false
SSDEEP:	48:0iDSa/lZFiVs1W5mcGunaDYrBfPP3wk4HhbxuuXl80of:0iDSa/ToVs9woYBfnANb4d0w
MD5:	9440BB3FD1093DFE90F1220E35D4844B
SHA1:	24F5CCD4B4628350A46CBA41CE03C8AEBD20763C
SHA-256:	4234C8947994F3E0EE8831357FE39B0A7C27B82356ABFA3C075B46FA7B37D541
SHA-512:	9D0C74F7F17A07304CF31085CEEADE035B3754B0D1349BEBF39A8A4B6259C6644D1A27E1DAF9078D88FEF296B312A00874A01F9DD40D6C509B7F0B44862F9693
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://securemail.americanfidelity.com/securereader/Image?c=lock&b=1&rnd=2.99930044764984
Preview:	GIF89aZ.D........:^.:_.;`.;a.=`.<b.=c.>`.>c.>d.?e.?f.=b.@c.Ad.Ah.Bi.Bi.Bj.Ck.Cl.Dl.Dm.En.Fn.Fo.Gp.Hr.Is.@c.Ae.Ce.De.Df.Dg.Ch.Gi.Gj.Hh.Jl.Kw.Lx.My.Nz.O\|.P}.Q~.R. Mn!Nm"No$Oo%Qq%Rq&Rs'Tr)Ut+Vv.Xx4\{5^{7_}8_\|:b..S..T..U..X..Y..[..[..\..]..]..^..^.._..`..a..b..e..f..l..l..l..n..n..o..p..q..r..s..u..v.-_.`.)k.3f.9c.?f.)o.#t. w. x. x.!y.!z.!z."{."\|."\|."}."}."~.#~.#..@f.Di.Ej.Fl.Hm.Io.Jp.Lp.Mr.Qs.Rt.Vw.Wy.Yz.[\|.\}.]}.#..$..$..$..%..%..&..&..&..'..'..'..'..'..(..(..(..(..)....(..-.....1..1..3..9..1..5..8..:..;..<..=..?..?..>..d..h..i..j..l..p..q..s..v..z..\|..~..A..B..C..D..G..F..H..K..K..M..M..M..O..R..Q..S..V..T..V..Y..Z..X..\..].._..b..g..h..l..j..m..t..u..x..y..{...........................................................................................!.......,....Z.D........H......\....#J.H....3j.... C..I...(......0c.I.&...p.t.@..@...J.h..'Q.]...B#e.!......D.1.....].k...B>...Q...?....S.OB.k.%.....v."..g....e...S.AX....,p.P.?....T..Ay.b.........Pt4P.a

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (455), with CRLF line terminators
Category:	downloaded
Size (bytes):	8905
Entropy (8bit):	4.76884765493212
Encrypted:	false
SSDEEP:	192:VR+blWeX7ptGuV+WtLIVs5lWXagpHYz3PakCE8hkhOR:VIRptv7dIVs/3gpCPa48hkhOR
MD5:	08DE8B12D5A4C99013F3D304610F1FAB
SHA1:	31ABB8920F008C78F7630B22DC3A3A1A12389DB4
SHA-256:	19BD685266DE133E3FBD5997F67FBDAB0DBECA8A6692B9BE5A0883472204B690
SHA-512:	377AC006591EC286907113A5C33799CE6ABF61BFF0C4D8C7A5A2492F1125295DB4A63A138D611AD753790F4D44307DE4F23A0B1F3432A624E1EB7B1949A5BB61
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://securemail.americanfidelity.com/help/enus_encryption.htm
Preview:	<!DOCTYPE html>..<html><head>....<title>Proofpoint Encryption Help</title>..<style>..body..{..font-family:"Verdana";..}..</style>..</head>..<body>....<h1>Using Proofpoint Encryption</h1>..<p> <b>Contents</b></p>..<p><a href="#Receiving_Encrypted_Email">Receiving Encrypted Email</a></p>....<p> <a href="#Replying_or_Forwarding">Replying or Forwarding</a></p>....<p> <a href="#Adding_Recipients">Adding Recipients</a></p>....<p> <a href="#Adding_an_Attachment_to_Encrypted_Email">Adding an Attachment to .. Encrypted Email</a></p>....<p> <a href="#Reading_a_Secure_Message_on_a_Smart_Phone">Reading a Secure Message on a Smart Phone</a></p>....<p><a href="#Resetting_Your_Expired_Password">Resetting Your Expired Password</a></p>....<p> <a href="#Troubleshooting">Troubleshooting</a></p>....<h2><a name=Receiving_Encrypted_Email></a>Receiving Encrypted Email</h2>....<p>You have received a secure, encrypted message from the sender.</p>....<p>Click the attachment in the message to launch a browser to

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 187 x 42
Category:	downloaded
Size (bytes):	2197
Entropy (8bit):	7.772752509343987
Encrypted:	false
SSDEEP:	48:4AnBxIfxXQmp/HXqmg+pQLRB0ou+doAKV4NSV28AUHzdxOmzVH0LgBOO:pnBO5AGHBOvnuy8L2T40iF0EBOO
MD5:	3CA3F016E03015A849316751F7C87186
SHA1:	EF64CFC852462E46079820C238D303B44D753DCB
SHA-256:	7D7F289A00B24A4CCC2F4067EF7B5A664BE4390CFAC1945521691035F77A2F5D
SHA-512:	012F19F3F41A114B89407C7AAF7D734DCAF3D43CD3E74F94BDBE82B77FA58C0E836FCB3FDC1ACE1CD46900AA39EB7A3D79C0BC5DF0C24702E8045550820A817C
Malicious:	false
Reputation:	low
URL:	https://securemail.americanfidelity.com/securereader/Image?c=logo&b=1&i=0&rnd=9.80372576023722
Preview:	GIF89a................................................................................................... !!!"""###$$$%%%&&&'''((()))*+++---///000111333444555666777888999:::;;;<<<>>>???@@@AAACCCDDDEEEFFFHHHJJJKKKLLLMMMNNNOOOPPPQQQRRRTTTVVVWWWXXXYYYZZZ[[[\\\^^^```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvxxxyyyzzz{{{\|\|\|~~~.............................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..............H......\....#J.H....3j.... C..I...(S.\...0G...E..K'...i'U.$...:...WD.h.x..Sd.J%.(.P'G.......`eXUz.+......Vj..,.e.j....\HqM..e._. ~.v../[..2...\B.D.4D..pCh.lA.xNqAdI...E/).D9h.<0.^..

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	5.223148900731864
Encrypted:	false
SSDEEP:	24:tqAwGyTSQB24gTAhnsx1nD+o1NMTTJaz:tL+bgTinelDMd
MD5:	A05A05DCD6158CC4F8701173734F484A
SHA1:	FEEF99DC27E3DB5BF07A255B8EE509CCCACFF245
SHA-256:	CA9A42575D5AD76A2915ED24034A512413392423BC5EC029B4605AEE7EDF5D46
SHA-512:	635E76CBF85BC1E9AF0168A9B87D2085CBC68BEDEB07116DF062C2AAEA0F105D37378E37D881A8AED91EA3C0DFAF700BD6CD628620C5DCEEA6626EB3547E902C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	............ .h.......(....... ..... .............................................................................................D..................................................d.................................................P...................................................@.....S..K..0.......................................................f..........................................................P....................................6.....j...........................................n......................f............................I.............{........................................^.......................i................................!.....:............./...................................{..............j...........................................................................-..`..M..v...@.........

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	5.223148900731864
Encrypted:	false
SSDEEP:	24:tqAwGyTSQB24gTAhnsx1nD+o1NMTTJaz:tL+bgTinelDMd
MD5:	A05A05DCD6158CC4F8701173734F484A
SHA1:	FEEF99DC27E3DB5BF07A255B8EE509CCCACFF245
SHA-256:	CA9A42575D5AD76A2915ED24034A512413392423BC5EC029B4605AEE7EDF5D46
SHA-512:	635E76CBF85BC1E9AF0168A9B87D2085CBC68BEDEB07116DF062C2AAEA0F105D37378E37D881A8AED91EA3C0DFAF700BD6CD628620C5DCEEA6626EB3547E902C
Malicious:	false
URL:	https://securemail.americanfidelity.com/favicon.ico
Preview:	............ .h.......(....... ..... .............................................................................................D..................................................d.................................................P...................................................@.....S..K..0.......................................................f..........................................................P....................................6.....j...........................................n......................f............................I.............{........................................^.......................i................................!.....:............./...................................{..............j...........................................................................-..`..M..v...@.........

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	6.077024401281931
TrID:	HyperText Markup Language with DOCTYPE (12503/2) 26.88% HyperText Markup Language (11501/1) 24.73% HyperText Markup Language (11501/1) 24.73% HyperText Markup Language (11001/1) 23.66%
File name:	SecureMessageAtt.html
File size:	2'456'635 bytes
MD5:	1d28aebc4cb2e6a1b2973430272e171b
SHA1:	849718ff3229686c9608c1a17e785e20222ce35b
SHA256:	bcff3b94d850c48c0bbd760791a4dd28b754d3e94d6e958ff54579284402d2c0
SHA512:	398e9b8e53c0475a3f10c0df0e0f5bec61404a93e6c4a106d53093757724101485b9640653dc7263646e09083d9c0d97f66a55136f2a31ed695289eeda997cb2
SSDEEP:	24576:QsSEtwnnZAQQDor2MiinkFlbPAbd2i8wctNgeBV7B8G5osLTRSKwGuUebwqHeBmp:56ZN0G8CPGFNTE6Tub4ElOod
TLSH:	F1B51266F606ECB78803CE74FE4DED98552E92E12705BF8A12DDA5AB3076C400731DE6
File Content Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">.. Branding: You'll probably want to set the title. -->.. <title>Proo

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 20, 2024 00:06:28.087343931 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:28.087351084 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:28.368587971 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:34.974953890 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:34.975003958 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:34.975112915 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:34.976027012 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:34.976046085 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:35.476852894 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:35.477025986 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:35.482640982 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:35.482656956 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:35.483020067 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:35.484919071 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:35.485021114 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:35.485028028 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:35.485204935 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:35.528132915 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:35.607012033 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:35.607176065 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:35.607259035 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:35.607402086 CEST	49710	443	192.168.2.6	20.25.241.18
Apr 20, 2024 00:06:35.607422113 CEST	443	49710	20.25.241.18	192.168.2.6
Apr 20, 2024 00:06:37.696744919 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:37.696744919 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:37.977976084 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:39.424799919 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 20, 2024 00:06:39.424907923 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:43.082602024 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.082647085 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.082762957 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.083936930 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.083949089 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.455756903 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.455856085 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.502099037 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.502121925 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.502482891 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.523049116 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.523194075 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.523200035 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.523515940 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.564138889 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.644696951 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.644819975 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:43.644870043 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.645303965 CEST	49711	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:43.645319939 CEST	443	49711	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:44.598592043 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.598634005 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:44.598702908 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.598741055 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.598783016 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:44.598855019 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.599246979 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.599271059 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:44.599397898 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.599411964 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:44.680864096 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.680888891 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:44.680942059 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.681360960 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.681377888 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:44.681826115 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.681874990 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:44.681925058 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.682241917 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:44.682255983 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.114902020 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.115115881 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.115132093 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.116213083 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.116266012 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.116925001 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.117712975 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.117746115 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.118098021 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.118171930 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.118388891 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.118397951 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.121372938 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.121438980 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.121789932 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.121941090 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.121951103 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.121969938 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.194051027 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.194276094 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.194307089 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.195419073 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.195475101 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.196028948 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.196116924 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.197793007 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.198086977 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.198101044 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.201805115 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.201864958 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.202167034 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.202338934 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.223953962 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.223956108 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.223973989 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.295008898 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.295032978 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.295111895 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.295128107 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.295206070 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.295382977 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.295919895 CEST	49715	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.295938969 CEST	443	49715	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.302226067 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.302405119 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.302481890 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.303735018 CEST	49716	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.303746939 CEST	443	49716	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.324240923 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.324269056 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.355843067 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.355861902 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.461975098 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.517563105 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.555025101 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.555085897 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.555191994 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.555563927 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.555614948 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.555700064 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.556241035 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.556272984 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.556366920 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.556504965 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.556520939 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.556696892 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.556716919 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.556890011 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.556907892 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.895493031 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.897351027 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.897368908 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.898529053 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.900660038 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.900751114 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.903170109 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.903201103 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.903477907 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.903559923 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.903618097 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.903625011 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.906833887 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.906918049 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.907238960 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.907377958 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:45.907418013 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:45.944842100 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.053426027 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.053455114 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.153002024 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.155165911 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.155184984 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.156719923 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.156789064 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.157103062 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.157239914 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.163742065 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.210769892 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.210802078 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.257575989 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.272391081 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.272420883 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.272505045 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.272516012 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.272598028 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.272650957 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.273849010 CEST	49723	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.273863077 CEST	443	49723	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.274256945 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.274286032 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.274338961 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.274364948 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.274390936 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:46.274938107 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.276586056 CEST	49722	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:46.276602983 CEST	443	49722	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:48.301011086 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:48.301052094 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:48.301131010 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:48.303159952 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:48.303178072 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:48.598242044 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:06:48.598279953 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:48.598409891 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:06:48.599092007 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:06:48.599112034 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:48.818085909 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:48.818447113 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:06:48.818463087 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:48.819533110 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:48.819597006 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:06:48.821250916 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:06:48.821335077 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:48.868379116 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:06:48.868391991 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:48.911422014 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:48.911503077 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:48.914211035 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:48.914223909 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:48.914587021 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:48.915240049 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:06:48.962097883 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.260708094 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.304131031 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.652373075 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.652403116 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.652411938 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.652430058 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.652471066 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.652478933 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.652498007 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.652513027 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.652523041 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.652559996 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.653398991 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.653465986 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.653470993 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.653507948 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.653707027 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.664740086 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:49.664772034 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:49.664932013 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:49.666512966 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:49.666539907 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:49.667103052 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.667146921 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.667175055 CEST	49729	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:06:49.667191029 CEST	443	49729	40.127.169.103	192.168.2.6
Apr 20, 2024 00:06:49.887655020 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:49.887773037 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:49.898701906 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:49.898722887 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:49.899113894 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:49.946557045 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:49.990606070 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.036125898 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.096045971 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.096255064 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.096386909 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.102252007 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.102252007 CEST	49735	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.102274895 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.102286100 CEST	443	49735	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.209191084 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.209238052 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.209311008 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.209584951 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.209608078 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.429094076 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.429162025 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.430300951 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.430315018 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.430650949 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.434554100 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.476114988 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.621200085 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:50.621284962 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:50.621735096 CEST	49738	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:50.621782064 CEST	443	49738	173.222.162.64	192.168.2.6
Apr 20, 2024 00:06:50.621876955 CEST	49738	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:50.622087002 CEST	49738	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:50.622108936 CEST	443	49738	173.222.162.64	192.168.2.6
Apr 20, 2024 00:06:50.639058113 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.639228106 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.639403105 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.639867067 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.639882088 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.639894009 CEST	49737	443	192.168.2.6	184.31.62.93
Apr 20, 2024 00:06:50.639899969 CEST	443	49737	184.31.62.93	192.168.2.6
Apr 20, 2024 00:06:50.773917913 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 20, 2024 00:06:50.773974895 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 20, 2024 00:06:50.939125061 CEST	443	49738	173.222.162.64	192.168.2.6
Apr 20, 2024 00:06:50.939218998 CEST	49738	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:06:54.127871990 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.127911091 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.127983093 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.128390074 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.128432989 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.128505945 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.129564047 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.129586935 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.129607916 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.129626036 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.470881939 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.471508980 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.520992041 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.680123091 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.681529999 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.864725113 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.864748001 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.865094900 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.865127087 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.866094112 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.866158009 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:54.866400003 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:54.866478920 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.222043037 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.222137928 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.222196102 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.244004011 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.244081974 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.244170904 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.632208109 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.632405996 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.635746956 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.635915995 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.636183977 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.636204004 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.727798939 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.727833033 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.805850029 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.825244904 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.825736046 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.825825930 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.835912943 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.858026981 CEST	49743	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.858072042 CEST	443	49743	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.890290022 CEST	49718	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.890320063 CEST	443	49718	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.890345097 CEST	49717	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.890366077 CEST	443	49717	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.891199112 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.891237974 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.891303062 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.893196106 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.893214941 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:55.895252943 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:55.901788950 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:55.901824951 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:55.901911974 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:55.902699947 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:55.902712107 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:55.936129093 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.071639061 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.071808100 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.071912050 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.109497070 CEST	49742	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.109533072 CEST	443	49742	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.216943026 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.232177973 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.232500076 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.232526064 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.232909918 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.233295918 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.233376026 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.233449936 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.260123968 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.275527000 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:56.275727034 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:56.276120901 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.281124115 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:56.281152010 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:56.281424046 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:56.283169985 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:56.283169985 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:56.283186913 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:56.283361912 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:56.303853989 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.328121901 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:56.332521915 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.332617998 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.332658052 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.332715034 CEST	49724	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.332731009 CEST	443	49724	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.333291054 CEST	49746	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.333324909 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.333389044 CEST	49746	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.333698034 CEST	49746	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.333713055 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.404822111 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:56.404913902 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:56.405033112 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:56.405195951 CEST	49745	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:06:56.405219078 CEST	443	49745	52.159.127.243	192.168.2.6
Apr 20, 2024 00:06:56.611196041 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.611227989 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.611236095 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.611264944 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.611284018 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.611296892 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.611321926 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.611371994 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.611432076 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.612386942 CEST	49744	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.612401009 CEST	443	49744	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.672245979 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.672935009 CEST	49746	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.672955036 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.673305988 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.690507889 CEST	49746	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.690596104 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:56.693939924 CEST	49746	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:56.740118980 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:57.049410105 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:57.049491882 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:57.049576044 CEST	49746	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:57.050445080 CEST	49746	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:06:57.050477028 CEST	443	49746	67.231.149.122	192.168.2.6
Apr 20, 2024 00:06:58.834851027 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:58.835016012 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:06:58.835072994 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:07:00.619170904 CEST	49730	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:07:00.619209051 CEST	443	49730	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:04.951159954 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:04.951210976 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:04.951440096 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:04.951889992 CEST	49753	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:04.951925993 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:04.952013969 CEST	49753	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:04.957066059 CEST	49753	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:04.957092047 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:04.957370043 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:04.957381010 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.296401978 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.296516895 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.297034979 CEST	49753	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:05.297060013 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.297656059 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:05.297669888 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.297698021 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.298218012 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.298460960 CEST	49753	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:05.298557997 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.299577951 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:05.299662113 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:05.300034046 CEST	49753	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:05.339390993 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:05.344122887 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:06.611808062 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:06.611897945 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:06.611946106 CEST	49753	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:06.612272978 CEST	49753	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:06.612294912 CEST	443	49753	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:08.812016964 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:08.812061071 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:08.812125921 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:08.819087982 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:08.819130898 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:08.850219011 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:08.892112017 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:10.091598988 CEST	443	49738	173.222.162.64	192.168.2.6
Apr 20, 2024 00:07:10.095012903 CEST	49738	443	192.168.2.6	173.222.162.64
Apr 20, 2024 00:07:13.900006056 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:13.900094986 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:13.900196075 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:13.901025057 CEST	49752	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:13.901058912 CEST	443	49752	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:14.268125057 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.268152952 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.268232107 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.268794060 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.268807888 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.361203909 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:14.395474911 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:14.395503044 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:14.396063089 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:14.396831989 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:14.396951914 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:14.446635008 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:14.645775080 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.645883083 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.647989035 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.648000956 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.648243904 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.650530100 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.650708914 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.650716066 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.651051044 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.692127943 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.773530006 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.773616076 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:14.773724079 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.773914099 CEST	49755	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:14.773926020 CEST	443	49755	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:16.645497084 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.645543098 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.645772934 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.646043062 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.646059036 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.654639959 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.700118065 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.827049971 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.827133894 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.827244043 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.827445030 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.827445030 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.827469110 CEST	443	49754	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.827851057 CEST	49754	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.981920004 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.982281923 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.982297897 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.982642889 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:16.983031988 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:16.983084917 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:17.023792982 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.655503035 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.655544996 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.655623913 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.655895948 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.655913115 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.657165051 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.704116106 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.829832077 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.829932928 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.830028057 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.830266953 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.830276966 CEST	443	49756	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.830302954 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.830331087 CEST	49756	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.996198893 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.996475935 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.996505022 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.997054100 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:18.997378111 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:18.997450113 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:19.041471958 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.633524895 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.633610010 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.633728027 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.634176016 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.634215117 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.641448975 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.684127092 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.811371088 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.811727047 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.811799049 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.835031986 CEST	49757	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.835037947 CEST	443	49757	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.978669882 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.978960037 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.978976965 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.979274988 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:20.979644060 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:20.979706049 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:21.024223089 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:27.127604961 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:27.127644062 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:27.127783060 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:27.128654957 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:27.128669977 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:27.724997044 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:27.725116014 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:27.735371113 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:27.735394955 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:27.735665083 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:27.746486902 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:27.792113066 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:28.308753967 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:28.308785915 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:28.308804989 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:28.308890104 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:28.308907032 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:28.308968067 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:28.308969021 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:28.310972929 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:28.438220978 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:28.438246965 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:28.438256979 CEST	49759	443	192.168.2.6	40.127.169.103
Apr 20, 2024 00:07:28.438262939 CEST	443	49759	40.127.169.103	192.168.2.6
Apr 20, 2024 00:07:30.644476891 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.644558907 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.644643068 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.645675898 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.645710945 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.657303095 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.700126886 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.848947048 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.849539995 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.849586010 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.849622011 CEST	443	49758	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.849663973 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.849698067 CEST	49758	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.986274004 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.986583948 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.986619949 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.986984015 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:30.987313986 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:30.987394094 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:31.029319048 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.650608063 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.650665045 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.650918961 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.652702093 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.652734995 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.701826096 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.748119116 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.872956038 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.873039007 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.873121023 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.873435020 CEST	49760	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.873447895 CEST	443	49760	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.994330883 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.994610071 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.994649887 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.995110035 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:32.995413065 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:32.995526075 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:33.039166927 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:34.956907988 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.004117012 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.111552000 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.111591101 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.111656904 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.113653898 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.113670111 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.129194975 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.129283905 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.129542112 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.129759073 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.129759073 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.129780054 CEST	443	49761	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.129903078 CEST	49761	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.453969955 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.454721928 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.454745054 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.455116034 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.455693007 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:35.455759048 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:35.508744001 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:36.686889887 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:36.686928988 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:36.687068939 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:36.687988997 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:36.688009024 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:36.692898035 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:36.736116886 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:36.865803957 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:36.865912914 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:36.866079092 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:36.866225958 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:36.866236925 CEST	443	49762	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:36.866246939 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:36.866287947 CEST	49762	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:37.029145002 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:37.062814951 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:37.062827110 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:37.063235998 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:37.063599110 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:37.063659906 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:37.103312016 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:37.874591112 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:37.874635935 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:37.874913931 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:37.875823021 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:37.875843048 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:38.255551100 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:38.255665064 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:38.263453007 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:38.263473034 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:38.263715029 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:38.267601013 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:38.268115997 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:38.268125057 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:38.268583059 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:38.316119909 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:38.390223980 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:38.390548944 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:38.390620947 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:38.411751986 CEST	49764	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:07:38.411792040 CEST	443	49764	52.159.127.243	192.168.2.6
Apr 20, 2024 00:07:46.637777090 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.637816906 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:46.637886047 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.638437033 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.638465881 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:46.650125027 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.692123890 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:46.830418110 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:46.830815077 CEST	443	49763	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:46.831130981 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.831130981 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.831130981 CEST	49763	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.982959032 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:46.989846945 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.989859104 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:46.991017103 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:46.992938042 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:46.993110895 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:47.038954020 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.540205956 CEST	49767	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:07:48.540250063 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:48.540304899 CEST	49767	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:07:48.540640116 CEST	49767	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:07:48.540656090 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:48.640172958 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.640208006 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:48.640403032 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.648051023 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.648075104 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:48.655134916 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.700122118 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:48.753659010 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:48.753921986 CEST	49767	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:07:48.753940105 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:48.754268885 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:48.754568100 CEST	49767	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:07:48.754631996 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:48.807348013 CEST	49767	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:07:48.827805996 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:48.828000069 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:48.828051090 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.828252077 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.828252077 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.828274012 CEST	443	49766	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:48.828331947 CEST	49766	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:48.989202976 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:49.043008089 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:49.070939064 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:49.070950985 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:49.072026014 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:49.075042009 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:49.075233936 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:49.118513107 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.622313023 CEST	49770	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.622366905 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.622428894 CEST	49770	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.631576061 CEST	49770	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.631592035 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.645574093 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.692114115 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.817437887 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.817637920 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.817697048 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.817790031 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.817801952 CEST	443	49768	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.817811966 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.817863941 CEST	49768	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.969880104 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.970191002 CEST	49770	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.970257998 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.970650911 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:50.970954895 CEST	49770	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:50.971066952 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:07:51.030039072 CEST	49770	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:07:58.761905909 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:58.761965036 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:07:58.762018919 CEST	49767	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:08:00.615504026 CEST	49767	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:08:00.615523100 CEST	443	49767	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:01.140947104 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:08:01.141052961 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:08:01.147262096 CEST	49770	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:08:02.952419043 CEST	49770	443	192.168.2.6	67.231.149.122
Apr 20, 2024 00:08:02.952502966 CEST	443	49770	67.231.149.122	192.168.2.6
Apr 20, 2024 00:08:07.777461052 CEST	49704	80	192.168.2.6	72.21.81.240
Apr 20, 2024 00:08:07.882463932 CEST	80	49704	72.21.81.240	192.168.2.6
Apr 20, 2024 00:08:07.882546902 CEST	49704	80	192.168.2.6	72.21.81.240
Apr 20, 2024 00:08:10.502594948 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:10.502623081 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:10.502826929 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:10.503328085 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:10.503336906 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:10.874686956 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:10.875024080 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:10.878914118 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:10.878921986 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:10.879225969 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:10.881120920 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:10.881120920 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:10.881140947 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:10.881292105 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:10.924118996 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:11.002706051 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:11.002782106 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:11.003060102 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:11.003226995 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:11.003226995 CEST	49771	443	192.168.2.6	52.159.127.243
Apr 20, 2024 00:08:11.003241062 CEST	443	49771	52.159.127.243	192.168.2.6
Apr 20, 2024 00:08:48.604142904 CEST	49773	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:08:48.604180098 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:48.604376078 CEST	49773	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:08:48.605202913 CEST	49773	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:08:48.605225086 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:48.825220108 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:48.825640917 CEST	49773	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:08:48.825651884 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:48.825942039 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:48.826370001 CEST	49773	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:08:48.826428890 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:48.869041920 CEST	49773	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:08:54.608217955 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:54.608252048 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:54.608304977 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:54.609061003 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:54.609071970 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:54.980607986 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:54.980688095 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:54.982848883 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:54.982866049 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:54.983117104 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:54.984904051 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:54.984965086 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:54.984971046 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:54.985102892 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:55.032115936 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:55.106462002 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:55.106609106 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:55.106738091 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:55.106857061 CEST	49774	443	192.168.2.6	52.159.126.152
Apr 20, 2024 00:08:55.106868982 CEST	443	49774	52.159.126.152	192.168.2.6
Apr 20, 2024 00:08:58.875118971 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:58.875205040 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:08:58.875389099 CEST	49773	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:09:00.619848013 CEST	49773	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:09:00.619868040 CEST	443	49773	172.253.124.147	192.168.2.6
Apr 20, 2024 00:09:48.654159069 CEST	49775	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:09:48.654257059 CEST	443	49775	172.253.124.147	192.168.2.6
Apr 20, 2024 00:09:48.654346943 CEST	49775	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:09:48.654985905 CEST	49775	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:09:48.655016899 CEST	443	49775	172.253.124.147	192.168.2.6
Apr 20, 2024 00:09:48.876068115 CEST	443	49775	172.253.124.147	192.168.2.6
Apr 20, 2024 00:09:48.876383066 CEST	49775	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:09:48.876444101 CEST	443	49775	172.253.124.147	192.168.2.6
Apr 20, 2024 00:09:48.877671003 CEST	443	49775	172.253.124.147	192.168.2.6
Apr 20, 2024 00:09:48.878215075 CEST	49775	443	192.168.2.6	172.253.124.147
Apr 20, 2024 00:09:48.878447056 CEST	443	49775	172.253.124.147	192.168.2.6
Apr 20, 2024 00:09:48.930771112 CEST	49775	443	192.168.2.6	172.253.124.147

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 20, 2024 00:06:44.365895033 CEST	59109	53	192.168.2.6	1.1.1.1
Apr 20, 2024 00:06:44.366029024 CEST	53668	53	192.168.2.6	1.1.1.1
Apr 20, 2024 00:06:44.453891039 CEST	53	63813	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:44.469005108 CEST	53	62812	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:44.556688070 CEST	53	59109	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:44.642549992 CEST	53	53668	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:45.070204973 CEST	53	51832	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:45.303103924 CEST	64335	53	192.168.2.6	1.1.1.1
Apr 20, 2024 00:06:45.303245068 CEST	51646	53	192.168.2.6	1.1.1.1
Apr 20, 2024 00:06:45.501275063 CEST	53	64335	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:45.717449903 CEST	53	51646	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:48.491096973 CEST	50639	53	192.168.2.6	1.1.1.1
Apr 20, 2024 00:06:48.491259098 CEST	55788	53	192.168.2.6	1.1.1.1
Apr 20, 2024 00:06:48.596245050 CEST	53	50639	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:48.596409082 CEST	53	55788	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:48.806524992 CEST	53	56308	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:53.667052984 CEST	52126	53	192.168.2.6	1.1.1.1
Apr 20, 2024 00:06:53.667731047 CEST	55255	53	192.168.2.6	1.1.1.1
Apr 20, 2024 00:06:53.849178076 CEST	53	55255	1.1.1.1	192.168.2.6
Apr 20, 2024 00:06:53.918972969 CEST	53	52126	1.1.1.1	192.168.2.6
Apr 20, 2024 00:07:02.100353003 CEST	53	57866	1.1.1.1	192.168.2.6
Apr 20, 2024 00:07:20.990187883 CEST	53	58904	1.1.1.1	192.168.2.6
Apr 20, 2024 00:07:43.383687973 CEST	53	56474	1.1.1.1	192.168.2.6
Apr 20, 2024 00:07:43.933969975 CEST	53	64681	1.1.1.1	192.168.2.6
Apr 20, 2024 00:08:12.022659063 CEST	53	55404	1.1.1.1	192.168.2.6
Apr 20, 2024 00:08:57.632288933 CEST	53	62428	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 20, 2024 00:06:44.642630100 CEST	192.168.2.6	1.1.1.1	c259	(Port unreachable)	Destination Unreachable
Apr 20, 2024 00:06:45.717659950 CEST	192.168.2.6	1.1.1.1	c259	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 20, 2024 00:06:44.365895033 CEST	192.168.2.6	1.1.1.1	0xaf1a	Standard query (0)	securemail.americanfidelity.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:44.366029024 CEST	192.168.2.6	1.1.1.1	0xff43	Standard query (0)	securemail.americanfidelity.com	65	IN (0x0001)	false
Apr 20, 2024 00:06:45.303103924 CEST	192.168.2.6	1.1.1.1	0xa96f	Standard query (0)	securemail.americanfidelity.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:45.303245068 CEST	192.168.2.6	1.1.1.1	0xde33	Standard query (0)	securemail.americanfidelity.com	65	IN (0x0001)	false
Apr 20, 2024 00:06:48.491096973 CEST	192.168.2.6	1.1.1.1	0x5a9c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:48.491259098 CEST	192.168.2.6	1.1.1.1	0x6b1e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 20, 2024 00:06:53.667052984 CEST	192.168.2.6	1.1.1.1	0xaefb	Standard query (0)	securemail.americanfidelity.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:53.667731047 CEST	192.168.2.6	1.1.1.1	0x3bed	Standard query (0)	securemail.americanfidelity.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 20, 2024 00:06:44.556688070 CEST	1.1.1.1	192.168.2.6	0xaf1a	No error (0)	securemail.americanfidelity.com	pe-0018f201.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 00:06:44.556688070 CEST	1.1.1.1	192.168.2.6	0xaf1a	No error (0)	pe-0018f201.gslb.pphosted.com		67.231.149.122	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:44.642549992 CEST	1.1.1.1	192.168.2.6	0xff43	No error (0)	securemail.americanfidelity.com	pe-0018f201.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 00:06:45.501275063 CEST	1.1.1.1	192.168.2.6	0xa96f	No error (0)	securemail.americanfidelity.com	pe-0018f201.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 00:06:45.501275063 CEST	1.1.1.1	192.168.2.6	0xa96f	No error (0)	pe-0018f201.gslb.pphosted.com		67.231.149.122	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:45.717449903 CEST	1.1.1.1	192.168.2.6	0xde33	No error (0)	securemail.americanfidelity.com	pe-0018f201.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 00:06:48.596245050 CEST	1.1.1.1	192.168.2.6	0x5a9c	No error (0)	www.google.com		172.253.124.147	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:48.596245050 CEST	1.1.1.1	192.168.2.6	0x5a9c	No error (0)	www.google.com		172.253.124.103	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:48.596245050 CEST	1.1.1.1	192.168.2.6	0x5a9c	No error (0)	www.google.com		172.253.124.105	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:48.596245050 CEST	1.1.1.1	192.168.2.6	0x5a9c	No error (0)	www.google.com		172.253.124.104	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:48.596245050 CEST	1.1.1.1	192.168.2.6	0x5a9c	No error (0)	www.google.com		172.253.124.106	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:48.596245050 CEST	1.1.1.1	192.168.2.6	0x5a9c	No error (0)	www.google.com		172.253.124.99	A (IP address)	IN (0x0001)	false
Apr 20, 2024 00:06:48.596409082 CEST	1.1.1.1	192.168.2.6	0x6b1e	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 20, 2024 00:06:53.849178076 CEST	1.1.1.1	192.168.2.6	0x3bed	No error (0)	securemail.americanfidelity.com	pe-0018f201.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 00:06:53.918972969 CEST	1.1.1.1	192.168.2.6	0xaefb	No error (0)	securemail.americanfidelity.com	pe-0018f201.gslb.pphosted.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 00:06:53.918972969 CEST	1.1.1.1	192.168.2.6	0xaefb	No error (0)	pe-0018f201.gslb.pphosted.com		67.231.149.122	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

securemail.americanfidelity.com

slscr.update.microsoft.com

fs.microsoft.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49710	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:35 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 64 42 63 45 30 58 4b 41 30 65 73 36 51 37 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 63 62 62 37 65 39 30 35 39 61 66 31 34 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: CdBcE0XKA0es6Q7e.1Context: 36cbb7e9059af143
2024-04-19 22:06:35 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-19 22:06:35 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 43 64 42 63 45 30 58 4b 41 30 65 73 36 51 37 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 63 62 62 37 65 39 30 35 39 61 66 31 34 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 46 41 75 62 35 63 77 63 7a 61 49 64 30 76 44 37 68 66 77 6a 6e 6d 2b 69 30 32 69 30 63 56 57 70 44 63 7a 7a 38 67 62 59 44 4c 43 79 39 69 71 72 69 6c 71 36 6a 45 52 52 30 6d 4f 74 67 6b 37 79 71 79 37 78 62 46 4f 52 70 79 4b 4a 4f 7a 41 64 67 39 50 55 49 58 54 67 54 79 41 6e 6a 4e 31 30 64 77 79 79 2b 41 67 55 71 46 66 36 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: CdBcE0XKA0es6Q7e.2Context: 36cbb7e9059af143<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASFAub5cwczaId0vD7hfwjnm+i02i0cVWpDczz8gbYDLCy9iqrilq6jERR0mOtgk7yqy7xbFORpyKJOzAdg9PUIXTgTyAnjN10dwyy+AgUqFf6
2024-04-19 22:06:35 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 64 42 63 45 30 58 4b 41 30 65 73 36 51 37 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 63 62 62 37 65 39 30 35 39 61 66 31 34 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: CdBcE0XKA0es6Q7e.3Context: 36cbb7e9059af143<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-19 22:06:35 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-19 22:06:35 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 30 37 63 2b 4f 62 4a 37 74 6b 65 5a 45 55 6e 62 53 65 67 39 6c 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 07c+ObJ7tkeZEUnbSeg9lw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49711	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:43 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 65 2f 78 70 34 44 48 59 30 4f 7a 6f 4e 75 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 36 66 31 63 31 31 61 36 65 30 32 66 37 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 1e/xp4DHY0OzoNuV.1Context: 5b6f1c11a6e02f73
2024-04-19 22:06:43 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-19 22:06:43 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 31 65 2f 78 70 34 44 48 59 30 4f 7a 6f 4e 75 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 36 66 31 63 31 31 61 36 65 30 32 66 37 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 46 41 75 62 35 63 77 63 7a 61 49 64 30 76 44 37 68 66 77 6a 6e 6d 2b 69 30 32 69 30 63 56 57 70 44 63 7a 7a 38 67 62 59 44 4c 43 79 39 69 71 72 69 6c 71 36 6a 45 52 52 30 6d 4f 74 67 6b 37 79 71 79 37 78 62 46 4f 52 70 79 4b 4a 4f 7a 41 64 67 39 50 55 49 58 54 67 54 79 41 6e 6a 4e 31 30 64 77 79 79 2b 41 67 55 71 46 66 36 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 1e/xp4DHY0OzoNuV.2Context: 5b6f1c11a6e02f73<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASFAub5cwczaId0vD7hfwjnm+i02i0cVWpDczz8gbYDLCy9iqrilq6jERR0mOtgk7yqy7xbFORpyKJOzAdg9PUIXTgTyAnjN10dwyy+AgUqFf6
2024-04-19 22:06:43 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 31 65 2f 78 70 34 44 48 59 30 4f 7a 6f 4e 75 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 36 66 31 63 31 31 61 36 65 30 32 66 37 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 1e/xp4DHY0OzoNuV.3Context: 5b6f1c11a6e02f73<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-19 22:06:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-19 22:06:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4a 58 76 45 59 72 36 6b 38 6b 79 68 67 2b 50 47 4c 79 75 43 50 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: JXvEYr6k8kyhg+PGLyuCPg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49715	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:45 UTC	609	OUT	GET /securereader/Image?c=logo&b=1&i=0&rnd=9.80372576023722 HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 22:06:45 UTC	525	IN	HTTP/1.1 200 200 Date: Fri, 19 Apr 2024 22:06:45 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=2592000 Expires: Sun, 19 May 2024 22:06:45 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' X-UA-Compatible: IE=edge Connection: close Transfer-Encoding: chunked Content-Type: image/gif
2024-04-19 22:06:45 UTC	2204	IN	Data Raw: 38 39 35 0d 0a 47 49 46 38 39 61 bb 00 2a 00 f7 00 00 00 00 00 01 01 01 02 02 02 03 03 03 04 04 04 05 05 05 06 06 06 07 07 07 08 08 08 09 09 09 0a 0a 0a 0b 0b 0b 0c 0c 0c 0d 0d 0d 0e 0e 0e 0f 0f 0f 10 10 10 12 12 12 13 13 13 14 14 14 15 15 15 16 16 16 17 17 17 18 18 18 19 19 19 1a 1a 1a 1b 1b 1b 1c 1c 1c 1d 1d 1d 1e 1e 1e 1f 1f 1f 20 20 20 21 21 21 22 22 22 23 23 23 24 24 24 25 25 25 26 26 26 27 27 27 28 28 28 29 29 29 2a 2a 2a 2b 2b 2b 2d 2d 2d 2f 2f 2f 30 30 30 31 31 31 33 33 33 34 34 34 35 35 35 36 36 36 37 37 37 38 38 38 39 39 39 3a 3a 3a 3b 3b 3b 3c 3c 3c 3e 3e 3e 3f 3f 3f 40 40 40 41 41 41 43 43 43 44 44 44 45 45 45 46 46 46 48 48 48 4a 4a 4a 4b 4b 4b 4c 4c 4c 4d 4d 4d 4e 4e 4e 4f 4f 4f 50 50 50 51 51 51 52 52 52 54 54 54 56 56 56 57 57 57 58 58 58 Data Ascii: 895GIF89a* !!!"""###$$$%%%&&&'''((()))***+++---///000111333444555666777888999:::;;;<<<>>>???@@@AAACCCDDDEEEFFFHHHJJJKKKLLLMMMNNNOOOPPPQQQRRRTTTVVVWWWXXX
2024-04-19 22:06:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49716	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:45 UTC	605	OUT	GET /securereader/Image?c=lock&b=1&rnd=2.99930044764984 HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 22:06:45 UTC	525	IN	HTTP/1.1 200 200 Date: Fri, 19 Apr 2024 22:06:45 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=2592000 Expires: Sun, 19 May 2024 22:06:45 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' X-UA-Compatible: IE=edge Connection: close Transfer-Encoding: chunked Content-Type: image/gif
2024-04-19 22:06:45 UTC	1991	IN	Data Raw: 37 63 30 0d 0a 47 49 46 38 39 61 5a 00 44 00 f7 00 00 00 00 00 08 3a 5e 08 3a 5f 09 3b 60 09 3b 61 0a 3d 60 09 3c 62 0a 3d 63 0b 3e 60 0a 3e 63 0a 3e 64 0a 3f 65 0b 3f 66 0c 3d 62 0e 40 63 0f 41 64 0b 41 68 0b 42 69 0c 42 69 0c 42 6a 0c 43 6b 0d 43 6c 0d 44 6c 0d 44 6d 0d 45 6e 0d 46 6e 0d 46 6f 0d 47 70 0e 48 72 0e 49 73 10 40 63 11 41 65 12 43 65 13 44 65 15 44 66 14 44 67 10 43 68 18 47 69 1a 47 6a 19 48 68 1d 4a 6c 10 4b 77 10 4c 78 10 4d 79 10 4e 7a 11 4f 7c 11 50 7d 11 51 7e 12 52 7f 20 4d 6e 21 4e 6d 22 4e 6f 24 4f 6f 25 51 71 25 52 71 26 52 73 27 54 72 29 55 74 2b 56 76 2e 58 78 34 5c 7b 35 5e 7b 37 5f 7d 38 5f 7c 3a 62 7f 12 53 81 12 54 81 13 55 84 14 58 88 14 59 89 15 5b 8b 15 5b 8c 15 5c 8c 15 5d 8d 15 5d 8e 16 5e 8e 16 5e 90 16 5f 91 17 60 92 Data Ascii: 7c0GIF89aZD:^:_;`;a=`<b=c>`>c>d?e?f=b@cAdAhBiBiBjCkClDlDmEnFnFoGpHrIs@cAeCeDeDfDgChGiGjHhJlKwLxMyNzO\|P}Q~R Mn!Nm"No$Oo%Qq%Rq&Rs'Tr)Ut+Vv.Xx4\{5^{7_}8_\|:bSTUXY[[\]]^^_`
2024-04-19 22:06:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49723	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:45 UTC	409	OUT	GET /securereader/Image?c=logo&b=1&i=0&rnd=9.80372576023722 HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 22:06:46 UTC	525	IN	HTTP/1.1 200 200 Date: Fri, 19 Apr 2024 22:06:46 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=2592000 Expires: Sun, 19 May 2024 22:06:46 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' X-UA-Compatible: IE=edge Connection: close Transfer-Encoding: chunked Content-Type: image/gif
2024-04-19 22:06:46 UTC	2204	IN	Data Raw: 38 39 35 0d 0a 47 49 46 38 39 61 bb 00 2a 00 f7 00 00 00 00 00 01 01 01 02 02 02 03 03 03 04 04 04 05 05 05 06 06 06 07 07 07 08 08 08 09 09 09 0a 0a 0a 0b 0b 0b 0c 0c 0c 0d 0d 0d 0e 0e 0e 0f 0f 0f 10 10 10 12 12 12 13 13 13 14 14 14 15 15 15 16 16 16 17 17 17 18 18 18 19 19 19 1a 1a 1a 1b 1b 1b 1c 1c 1c 1d 1d 1d 1e 1e 1e 1f 1f 1f 20 20 20 21 21 21 22 22 22 23 23 23 24 24 24 25 25 25 26 26 26 27 27 27 28 28 28 29 29 29 2a 2a 2a 2b 2b 2b 2d 2d 2d 2f 2f 2f 30 30 30 31 31 31 33 33 33 34 34 34 35 35 35 36 36 36 37 37 37 38 38 38 39 39 39 3a 3a 3a 3b 3b 3b 3c 3c 3c 3e 3e 3e 3f 3f 3f 40 40 40 41 41 41 43 43 43 44 44 44 45 45 45 46 46 46 48 48 48 4a 4a 4a 4b 4b 4b 4c 4c 4c 4d 4d 4d 4e 4e 4e 4f 4f 4f 50 50 50 51 51 51 52 52 52 54 54 54 56 56 56 57 57 57 58 58 58 Data Ascii: 895GIF89a* !!!"""###$$$%%%&&&'''((()))***+++---///000111333444555666777888999:::;;;<<<>>>???@@@AAACCCDDDEEEFFFHHHJJJKKKLLLMMMNNNOOOPPPQQQRRRTTTVVVWWWXXX
2024-04-19 22:06:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49722	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:45 UTC	405	OUT	GET /securereader/Image?c=lock&b=1&rnd=2.99930044764984 HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 22:06:46 UTC	525	IN	HTTP/1.1 200 200 Date: Fri, 19 Apr 2024 22:06:46 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=2592000 Expires: Sun, 19 May 2024 22:06:46 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' X-UA-Compatible: IE=edge Connection: close Transfer-Encoding: chunked Content-Type: image/gif
2024-04-19 22:06:46 UTC	1991	IN	Data Raw: 37 63 30 0d 0a 47 49 46 38 39 61 5a 00 44 00 f7 00 00 00 00 00 08 3a 5e 08 3a 5f 09 3b 60 09 3b 61 0a 3d 60 09 3c 62 0a 3d 63 0b 3e 60 0a 3e 63 0a 3e 64 0a 3f 65 0b 3f 66 0c 3d 62 0e 40 63 0f 41 64 0b 41 68 0b 42 69 0c 42 69 0c 42 6a 0c 43 6b 0d 43 6c 0d 44 6c 0d 44 6d 0d 45 6e 0d 46 6e 0d 46 6f 0d 47 70 0e 48 72 0e 49 73 10 40 63 11 41 65 12 43 65 13 44 65 15 44 66 14 44 67 10 43 68 18 47 69 1a 47 6a 19 48 68 1d 4a 6c 10 4b 77 10 4c 78 10 4d 79 10 4e 7a 11 4f 7c 11 50 7d 11 51 7e 12 52 7f 20 4d 6e 21 4e 6d 22 4e 6f 24 4f 6f 25 51 71 25 52 71 26 52 73 27 54 72 29 55 74 2b 56 76 2e 58 78 34 5c 7b 35 5e 7b 37 5f 7d 38 5f 7c 3a 62 7f 12 53 81 12 54 81 13 55 84 14 58 88 14 59 89 15 5b 8b 15 5b 8c 15 5c 8c 15 5d 8d 15 5d 8e 16 5e 8e 16 5e 90 16 5f 91 17 60 92 Data Ascii: 7c0GIF89aZD:^:_;`;a=`<b=c>`>c>d?e?f=b@cAdAhBiBiBjCkClDlDmEnFnFoGpHrIs@cAeCeDeDfDgChGiGjHhJlKwLxMyNzO\|P}Q~R Mn!Nm"No$Oo%Qq%Rq&Rs'Tr)Ut+Vv.Xx4\{5^{7_}8_\|:bSTUXY[[\]]^^_`
2024-04-19 22:06:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49729	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:49 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F9XHw517476Raza&MD=5DTCDzf+ HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-19 22:06:49 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9b106522-848c-4cb7-a105-d8a141b7b383 MS-RequestId: f585941d-d3ca-499e-8c88-6e7949600084 MS-CV: A+jDXwefckig9MR2.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 19 Apr 2024 22:06:49 GMT Connection: close Content-Length: 24490
2024-04-19 22:06:49 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-19 22:06:49 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49735	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:49 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 22:06:50 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=118591 Date: Fri, 19 Apr 2024 22:06:50 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49737	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 22:06:50 UTC	805	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=118612 Date: Fri, 19 Apr 2024 22:06:50 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 22:06:50 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49743	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:55 UTC	685	OUT	GET /securereader/help.jsf?lang=enus HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 22:06:55 UTC	649	IN	HTTP/1.1 200 200 Date: Fri, 19 Apr 2024 22:06:55 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Set-Cookie: JSESSIONID=2B759DB3324A1C89F95DF79D5DD5CC34; Path=/securereader; Secure; HttpOnly Pragma: no-cache Cache-Control: no-store, max-age=0 Expires: Thu, 30 Sep 2021 23:59:59 GMT Content-Length: 224 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' X-UA-Compatible: IE=edge Connection: close Content-Type: text/html;charset=UTF-8
2024-04-19 22:06:55 UTC	224	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 09 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 09 3c 68 65 61 64 3e 0a 09 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 52 45 46 52 45 53 48 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 2f 68 65 6c 70 2f 65 6e 75 73 5f 65 6e 63 72 79 70 74 69 6f 6e 2e 68 74 6d 22 20 2f 3e 0a 09 09 3c 2f 68 65 61 64 3e 0a 09 09 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 0a 09 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8" /><meta http-equiv="REFRESH" content="0;url=/help/enus_encryption.htm" /></head><body></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49742	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:55 UTC	649	OUT	GET /favicon.ico HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 22:06:56 UTC	598	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 22:06:55 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Last-Modified: Fri, 09 Sep 2022 18:31:36 GMT ETag: "47e-5e842c188b200" Accept-Ranges: bytes Content-Length: 1150 Cache-Control: public, max-age=1550000 Expires: Fri, 19 Apr 2024 22:06:55 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close Content-Type: image/x-icon
2024-04-19 22:06:56 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 f3 0e 00 00 f3 0e 00 00 00 00 00 00 00 00 00 00 d7 8c 02 ff ec 92 00 ff ee 8f 00 ff d6 82 04 ff d6 86 0f ff eb 92 0c ff e6 86 00 ff ec 90 01 ff ef 90 00 ff e9 8d 00 ff e4 89 06 ff e4 88 0b ff e3 87 0a ff e3 88 05 ff e3 89 02 ff e4 8c 02 ff eb 8c 00 ff f5 8b 00 ff e5 8b 0f ff ef be 80 ff ff f0 d9 ff ff e8 bf ff ea a2 44 ff f1 88 01 ff d8 8b 10 ff e2 8e 0c ff e8 8d 03 ff eb 89 00 ff e9 8b 02 ff e6 8d 07 ff e1 8c 08 ff de 8a 08 ff d5 88 13 ff f0 8a 00 ff eb 8c 0d ff fc d4 a0 ff f1 fb ff ff fb fe ff ff dc a7 64 ff ef 8a 05 ff dd 88 0a ff e9 8c 01 ff ee 8b 00 ff eb 8b 00 ff e6 8e 01 ff df 8c 08 ff db 88 04 ff e2 89 03 ff c5 Data Ascii: h( Dd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49724	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:56 UTC	366	OUT	GET /favicon.ico HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49744	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:56 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://securemail.americanfidelity.com/securereader/help.jsf?lang=enus Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 22:06:56 UTC	600	IN	HTTP/1.1 200 200 Date: Fri, 19 Apr 2024 22:06:56 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-Ranges: bytes ETag: W/"8905-1418437582000" Last-Modified: Sat, 13 Dec 2014 02:26:22 GMT Content-Length: 8905 Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:06:56 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close Content-Type: text/html; charset=UTF-8
2024-04-19 22:06:56 UTC	7592	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 0d 0a 3c 74 69 74 6c 65 3e 50 72 6f 6f 66 70 6f 69 6e 74 20 45 6e 63 72 79 70 74 69 6f 6e 20 48 65 6c 70 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 62 6f 64 79 0d 0a 7b 0d 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 56 65 72 64 61 6e 61 22 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 68 31 3e 55 73 69 6e 67 20 50 72 6f 6f 66 70 6f 69 6e 74 20 45 6e 63 72 79 70 74 69 6f 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 20 3c 62 3e 43 6f 6e 74 65 6e 74 73 3c 2f 62 3e 3c 2f 70 3e 0d 0a 3c 70 3e 3c 61 20 68 72 65 66 3d 22 23 52 65 63 65 69 76 69 6e 67 5f 45 6e 63 72 79 70 74 65 64 5f 45 6d 61 69 6c 22 3e 52 65 Data Ascii: <!DOCTYPE html><html><head><title>Proofpoint Encryption Help</title><style>body{font-family:"Verdana";}</style></head><body><h1>Using Proofpoint Encryption</h1><p> <b>Contents</b></p><p><a href="#Receiving_Encrypted_Email">Re
2024-04-19 22:06:56 UTC	592	IN	Data Raw: 66 20 79 6f 75 20 73 74 69 6c 6c 20 63 61 6e 6e 6f 74 20 64 65 63 72 79 70 74 20 74 68 65 20 6d 65 73 73 61 67 65 2c 20 63 6f 6e 74 61 63 74 20 79 6f 75 72 20 65 6d 61 69 6c 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 0d 0a 0d 0a 3c 6c 69 3e 0d 0a 3c 62 3e 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 68 61 73 20 62 65 65 6e 20 64 69 73 61 62 6c 65 64 2e 3c 2f 62 3e 0d 0a 3c 62 72 3e 0d 0a 59 6f 75 72 20 65 6d 61 69 6c 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 68 61 73 20 64 69 73 61 62 6c 65 64 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 2e 0d 0a 3c 6c 69 3e 0d 0a 3c 62 3e 4c 6f 67 69 6e 20 44 69 73 61 62 6c 65 64 3c 2f 62 3e 0d 0a 3c 62 72 3e 59 6f 75 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 70 65 72 66 6f 72 6d 20 74 68 Data Ascii: f you still cannot decrypt the message, contact your email administrator.<li><b>Your account has been disabled.</b><br>Your email administrator has disabled your account.<li><b>Login Disabled</b><br>You do not have permission to perform th
2024-04-19 22:06:56 UTC	721	IN	Data Raw: 20 54 68 69 73 20 6c 69 6d 69 74 61 74 69 6f 6e 20 64 6f 65 73 20 6e 6f 74 20 61 70 70 6c 79 20 74 6f 20 70 6c 61 69 6e 20 74 65 78 74 2e 0d 0a 3c 70 3e 0d 0a 3c 69 3e 49 6e 74 65 72 6d 69 74 74 65 6e 74 20 50 72 6f 62 6c 65 6d 20 77 69 74 68 20 52 65 70 6c 79 69 6e 67 20 74 6f 20 6f 72 20 46 6f 72 77 61 72 64 69 6e 67 20 53 65 63 75 72 65 20 4d 65 73 73 61 67 65 73 3c 2f 69 3e 0d 0a 3c 70 3e 0d 0a 0d 0a 49 66 20 50 72 6f 6f 66 70 6f 69 6e 74 20 45 6e 63 72 79 70 74 69 6f 6e 20 68 61 6e 67 73 20 77 68 65 6e 20 79 6f 75 20 74 72 79 20 74 6f 20 63 6f 6d 70 6f 73 65 20 61 20 6d 65 73 73 61 67 65 20 61 6e 64 20 63 6c 69 63 6b 20 74 68 65 0d 0a 52 65 70 6c 79 2c 20 52 65 70 6c 79 20 41 6c 6c 2c 20 6f 72 20 46 6f 72 77 61 72 64 20 6c 69 6e 6b 73 2c 20 63 6c 69 Data Ascii: This limitation does not apply to plain text.<p><i>Intermittent Problem with Replying to or Forwarding Secure Messages</i><p>If Proofpoint Encryption hangs when you try to compose a message and click theReply, Reply All, or Forward links, cli

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49745	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:56 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 56 6f 49 30 77 62 71 65 55 36 6c 4a 7a 70 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 66 30 37 61 33 38 35 36 39 31 66 65 39 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: QVoI0wbqeU6lJzpe.1Context: b2f07a385691fe99
2024-04-19 22:06:56 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-19 22:06:56 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 51 56 6f 49 30 77 62 71 65 55 36 6c 4a 7a 70 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 66 30 37 61 33 38 35 36 39 31 66 65 39 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 46 41 75 62 35 63 77 63 7a 61 49 64 30 76 44 37 68 66 77 6a 6e 6d 2b 69 30 32 69 30 63 56 57 70 44 63 7a 7a 38 67 62 59 44 4c 43 79 39 69 71 72 69 6c 71 36 6a 45 52 52 30 6d 4f 74 67 6b 37 79 71 79 37 78 62 46 4f 52 70 79 4b 4a 4f 7a 41 64 67 39 50 55 49 58 54 67 54 79 41 6e 6a 4e 31 30 64 77 79 79 2b 41 67 55 71 46 66 36 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: QVoI0wbqeU6lJzpe.2Context: b2f07a385691fe99<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASFAub5cwczaId0vD7hfwjnm+i02i0cVWpDczz8gbYDLCy9iqrilq6jERR0mOtgk7yqy7xbFORpyKJOzAdg9PUIXTgTyAnjN10dwyy+AgUqFf6
2024-04-19 22:06:56 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 56 6f 49 30 77 62 71 65 55 36 6c 4a 7a 70 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 66 30 37 61 33 38 35 36 39 31 66 65 39 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: QVoI0wbqeU6lJzpe.3Context: b2f07a385691fe99<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-19 22:06:56 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-19 22:06:56 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 48 32 72 72 71 4e 65 56 72 45 69 34 58 30 68 32 2b 33 42 65 2f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: H2rrqNeVrEi4X0h2+3Be/w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49746	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:06:56 UTC	366	OUT	GET /favicon.ico HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 22:06:57 UTC	598	IN	HTTP/1.1 200 OK Date: Fri, 19 Apr 2024 22:06:56 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains Last-Modified: Fri, 09 Sep 2022 18:31:36 GMT ETag: "47e-5e842c188b200" Accept-Ranges: bytes Content-Length: 1150 Cache-Control: public, max-age=1550000 Expires: Fri, 19 Apr 2024 22:06:56 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close Content-Type: image/x-icon
2024-04-19 22:06:57 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 f3 0e 00 00 f3 0e 00 00 00 00 00 00 00 00 00 00 d7 8c 02 ff ec 92 00 ff ee 8f 00 ff d6 82 04 ff d6 86 0f ff eb 92 0c ff e6 86 00 ff ec 90 01 ff ef 90 00 ff e9 8d 00 ff e4 89 06 ff e4 88 0b ff e3 87 0a ff e3 88 05 ff e3 89 02 ff e4 8c 02 ff eb 8c 00 ff f5 8b 00 ff e5 8b 0f ff ef be 80 ff ff f0 d9 ff ff e8 bf ff ea a2 44 ff f1 88 01 ff d8 8b 10 ff e2 8e 0c ff e8 8d 03 ff eb 89 00 ff e9 8b 02 ff e6 8d 07 ff e1 8c 08 ff de 8a 08 ff d5 88 13 ff f0 8a 00 ff eb 8c 0d ff fc d4 a0 ff f1 fb ff ff fb fe ff ff dc a7 64 ff ef 8a 05 ff dd 88 0a ff e9 8c 01 ff ee 8b 00 ff eb 8b 00 ff e6 8e 01 ff df 8c 08 ff db 88 04 ff e2 89 03 ff c5 Data Ascii: h( Dd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49753	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:05 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:06 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:05 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:05 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49752	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:08 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:13 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:08 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:08 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49755	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 6a 31 4d 2f 45 67 6f 45 30 71 62 46 32 51 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 33 32 61 33 30 35 36 35 61 34 35 34 66 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: kj1M/EgoE0qbF2Qq.1Context: 1232a30565a454f8
2024-04-19 22:07:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-19 22:07:14 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6b 6a 31 4d 2f 45 67 6f 45 30 71 62 46 32 51 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 33 32 61 33 30 35 36 35 61 34 35 34 66 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 46 41 75 62 35 63 77 63 7a 61 49 64 30 76 44 37 68 66 77 6a 6e 6d 2b 69 30 32 69 30 63 56 57 70 44 63 7a 7a 38 67 62 59 44 4c 43 79 39 69 71 72 69 6c 71 36 6a 45 52 52 30 6d 4f 74 67 6b 37 79 71 79 37 78 62 46 4f 52 70 79 4b 4a 4f 7a 41 64 67 39 50 55 49 58 54 67 54 79 41 6e 6a 4e 31 30 64 77 79 79 2b 41 67 55 71 46 66 36 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: kj1M/EgoE0qbF2Qq.2Context: 1232a30565a454f8<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASFAub5cwczaId0vD7hfwjnm+i02i0cVWpDczz8gbYDLCy9iqrilq6jERR0mOtgk7yqy7xbFORpyKJOzAdg9PUIXTgTyAnjN10dwyy+AgUqFf6
2024-04-19 22:07:14 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 6a 31 4d 2f 45 67 6f 45 30 71 62 46 32 51 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 33 32 61 33 30 35 36 35 61 34 35 34 66 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: kj1M/EgoE0qbF2Qq.3Context: 1232a30565a454f8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-19 22:07:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-19 22:07:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 57 44 33 76 66 34 59 44 30 2b 33 71 68 35 4c 74 55 7a 4a 32 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: wWD3vf4YD0+3qh5LtUzJ2A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49754	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:16 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:16 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:16 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:16 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49756	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:18 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:18 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:18 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:18 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49757	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:20 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:20 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:20 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:20 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49759	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:27 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F9XHw517476Raza&MD=5DTCDzf+ HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-19 22:07:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: d33ae444-df57-4e80-b7f2-8bf1d38c90a9 MS-RequestId: 670564b0-e9db-4803-97b9-5d05f7174c87 MS-CV: mTMZFKift0OcvvMH.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 19 Apr 2024 22:07:27 GMT Connection: close Content-Length: 25457
2024-04-19 22:07:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-19 22:07:28 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49758	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:30 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:30 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:30 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:30 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49760	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:32 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:32 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:32 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:32 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	49761	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:34 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:35 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:35 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:35 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	49762	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:36 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:36 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:36 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:36 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.6	49764	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:38 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6d 73 33 71 31 63 47 34 65 45 4b 55 41 68 71 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 38 34 37 34 35 39 39 64 61 36 61 30 33 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ms3q1cG4eEKUAhqh.1Context: 9a8474599da6a036
2024-04-19 22:07:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-19 22:07:38 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6d 73 33 71 31 63 47 34 65 45 4b 55 41 68 71 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 38 34 37 34 35 39 39 64 61 36 61 30 33 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 46 41 75 62 35 63 77 63 7a 61 49 64 30 76 44 37 68 66 77 6a 6e 6d 2b 69 30 32 69 30 63 56 57 70 44 63 7a 7a 38 67 62 59 44 4c 43 79 39 69 71 72 69 6c 71 36 6a 45 52 52 30 6d 4f 74 67 6b 37 79 71 79 37 78 62 46 4f 52 70 79 4b 4a 4f 7a 41 64 67 39 50 55 49 58 54 67 54 79 41 6e 6a 4e 31 30 64 77 79 79 2b 41 67 55 71 46 66 36 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: ms3q1cG4eEKUAhqh.2Context: 9a8474599da6a036<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASFAub5cwczaId0vD7hfwjnm+i02i0cVWpDczz8gbYDLCy9iqrilq6jERR0mOtgk7yqy7xbFORpyKJOzAdg9PUIXTgTyAnjN10dwyy+AgUqFf6
2024-04-19 22:07:38 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6d 73 33 71 31 63 47 34 65 45 4b 55 41 68 71 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 38 34 37 34 35 39 39 64 61 36 61 30 33 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ms3q1cG4eEKUAhqh.3Context: 9a8474599da6a036<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-19 22:07:38 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-19 22:07:38 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 47 61 39 75 2f 73 32 64 4e 55 65 55 31 52 78 4a 46 6a 66 49 2f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Ga9u/s2dNUeU1RxJFjfI/A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	49763	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:46 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:46 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:46 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:46 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49766	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:48 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:48 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:48 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:48 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49768	67.231.149.122	443	5160	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:07:50 UTC	767	OUT	GET /help/enus_encryption.htm HTTP/1.1 Host: securemail.americanfidelity.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"8905-1418437582000" If-Modified-Since: Sat, 13 Dec 2014 02:26:22 GMT
2024-04-19 22:07:50 UTC	470	IN	HTTP/1.1 304 304 Date: Fri, 19 Apr 2024 22:07:50 GMT Server: Strict-Transport-Security: max-age=31536000; includeSubDomains ETag: W/"8905-1418437582000" Cache-Control: max-age=0 Expires: Fri, 19 Apr 2024 22:07:50 GMT X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Expect-CT: max-age=86400, enforce Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	49771	52.159.127.243	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:08:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 30 38 34 53 52 48 45 58 55 79 46 62 7a 61 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 30 33 33 38 35 31 30 37 65 61 34 64 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: D084SRHEXUyFbzaj.1Context: a6403385107ea4de
2024-04-19 22:08:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-19 22:08:10 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 44 30 38 34 53 52 48 45 58 55 79 46 62 7a 61 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 30 33 33 38 35 31 30 37 65 61 34 64 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 46 41 75 62 35 63 77 63 7a 61 49 64 30 76 44 37 68 66 77 6a 6e 6d 2b 69 30 32 69 30 63 56 57 70 44 63 7a 7a 38 67 62 59 44 4c 43 79 39 69 71 72 69 6c 71 36 6a 45 52 52 30 6d 4f 74 67 6b 37 79 71 79 37 78 62 46 4f 52 70 79 4b 4a 4f 7a 41 64 67 39 50 55 49 58 54 67 54 79 41 6e 6a 4e 31 30 64 77 79 79 2b 41 67 55 71 46 66 36 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: D084SRHEXUyFbzaj.2Context: a6403385107ea4de<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASFAub5cwczaId0vD7hfwjnm+i02i0cVWpDczz8gbYDLCy9iqrilq6jERR0mOtgk7yqy7xbFORpyKJOzAdg9PUIXTgTyAnjN10dwyy+AgUqFf6
2024-04-19 22:08:10 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 30 38 34 53 52 48 45 58 55 79 46 62 7a 61 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 30 33 33 38 35 31 30 37 65 61 34 64 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: D084SRHEXUyFbzaj.3Context: a6403385107ea4de<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-19 22:08:10 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-19 22:08:10 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 5a 37 65 75 2b 75 6f 74 30 75 79 50 62 59 6a 6c 46 79 31 63 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 9Z7eu+uot0uyPbYjlFy1cQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	49774	52.159.126.152	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 22:08:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 59 55 75 32 33 63 73 55 6b 57 75 62 58 50 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 34 36 36 35 62 39 63 63 38 64 32 39 65 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: UYUu23csUkWubXPC.1Context: 1c4665b9cc8d29e4
2024-04-19 22:08:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-19 22:08:54 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 55 59 55 75 32 33 63 73 55 6b 57 75 62 58 50 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 34 36 36 35 62 39 63 63 38 64 32 39 65 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 46 41 75 62 35 63 77 63 7a 61 49 64 30 76 44 37 68 66 77 6a 6e 6d 2b 69 30 32 69 30 63 56 57 70 44 63 7a 7a 38 67 62 59 44 4c 43 79 39 69 71 72 69 6c 71 36 6a 45 52 52 30 6d 4f 74 67 6b 37 79 71 79 37 78 62 46 4f 52 70 79 4b 4a 4f 7a 41 64 67 39 50 55 49 58 54 67 54 79 41 6e 6a 4e 31 30 64 77 79 79 2b 41 67 55 71 46 66 36 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: UYUu23csUkWubXPC.2Context: 1c4665b9cc8d29e4<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASFAub5cwczaId0vD7hfwjnm+i02i0cVWpDczz8gbYDLCy9iqrilq6jERR0mOtgk7yqy7xbFORpyKJOzAdg9PUIXTgTyAnjN10dwyy+AgUqFf6
2024-04-19 22:08:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 59 55 75 32 33 63 73 55 6b 57 75 62 58 50 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 34 36 36 35 62 39 63 63 38 64 32 39 65 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: UYUu23csUkWubXPC.3Context: 1c4665b9cc8d29e4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-19 22:08:55 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-19 22:08:55 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6a 6e 43 49 41 64 4d 45 61 55 65 42 39 4a 72 6b 47 4d 2f 54 64 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: jnCIAdMEaUeB9JrkGM/TdQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 7072, Parent PID: 5268

General

Target ID:	0
Start time:	00:06:39
Start date:	20/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\SecureMessageAtt.html"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5160, Parent PID: 7072

General

Target ID:	2
Start time:	00:06:42
Start date:	20/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1996,i,3822043218176268392,2533187350089635544,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Tactics:	Lateral Movement
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecureMessageAtt.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7072, Parent PID: 5268

General

Chronological Activities

Analysis Process: chrome.exePID: 5160, Parent PID: 7072

Windows Analysis Report
SecureMessageAtt.html