Click to jump to signature section
| Source: Town Of Castle Rock Life Insurance Benefits Open Enrollment Plan.shtml | HTTP Parser: No favicon |
| Source: file:///C:/Users/user/Desktop/Town%20Of%20Castle%20Rock%20Life%20Insurance%20Benefits%20Open%20Enrollment%20Plan.shtml | HTTP Parser: No favicon |
| Source: unknown | HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49822 version: TLS 1.0 |
| Source: unknown | HTTPS traffic detected: 20.190.177.22:443 -> 192.168.2.5:49713 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49714 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49715 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49718 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.5:49736 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.5:49744 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.5:49750 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49752 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49753 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49799 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49800 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.5:49851 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49862 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49863 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49918 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49919 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49987 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:49986 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:50040 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.5:50039 version: TLS 1.2 |
| Source: Joe Sandbox View | IP Address: 205.139.111.117 205.139.111.117 |
| Source: Joe Sandbox View | IP Address: 239.255.255.250 239.255.255.250 |
| Source: Joe Sandbox View | JA3 fingerprint: 1138de370e523e824bbca92d049a3777 |
| Source: Joe Sandbox View | JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
| Source: Joe Sandbox View | JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e |
| Source: unknown | HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49822 version: TLS 1.0 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.1.237.91 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.22 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.22 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.22 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.177.149 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.198.118.190 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.198.118.190 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.198.118.190 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.198.118.190 |
| Source: global traffic | HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=+sKDTGr+xuGkknW&MD=XHUmss4+ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
| Source: global traffic | HTTP traffic detected: GET /s/bsrcCxkw9pCLRZmZS8foHypG0I?domain=sherwin.cw1.ro HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net |
| Source: global traffic | HTTP traffic detected: GET /r/i8y2r7ZsgyInosyoQR7z1Aiw5oRPpAGnbzcNYkwt_nR-NedUWV6D3xovyi2pcXUHYYsEGB7I5HkHAUuX1qr5c7LNS0pD3cPEjfdxVHk7wlGWcn_q_zEE4xmTxjVf4SHy98XMsK-E6xcsuUas-55gBKXdKTOx7RL9FxYkLl4IGKrHLjhoraBFy58bt8BRawBVBkXSvBKEemVsi83E5tnydAyD_eDXPlX0Uco4gOeglyn5z3o9oOWoea9RbLAeREW4iHRajynUuR9VIoIir7xd3opO-hUuJujLCyg-HyPX3a5bTe7nbxde87B51PrSEs7i4iIRHAUZ2pXU6fQRCXv9o4X57RxtAb8wi-57VIC4NqB6y4GR-R9E0lDt-OlKBbk73WdHoFE4BqcXRZ_HkNZnaZFDgzsUNwCgpSjU_nznMBMgsOxpI_IYeWjjIeS4vACiGosEBMZCBih3jACJMJbzDamukId7ZGXHlOtODCJqgrlYvAjPaY_5w-wOdlEcpe9HVPaMHJXKV2pOIoLp3ui58lmhVh1AnnyDOgsdDU7xnQ5EQTJIC--o7wlXs2VJEyLB2eFTQu9kTgyvNOf1jBEJxYrolvRzp7P-Qq7Fs4qS1D9gAapr0pundMq1Wr0U76ao0d73DjPEd1YSVEZnbVQHYu5N_PI9B31vQZPNjqeAKp_qD3Lr5DbL6Mm_xH8Zy_RyrXldNJWRImMbWmv2H_-qPXKZAZpLHB8eHTWTov4q8yV4JLjExpzbNtG-3FCEqWrigAumI2mO88txIkL_7gEYhe6vxwa3tlSnK0aqEoFgGvTKLBY2M4tinASSa6-WvXr_pEiaO5FMDI--JZEMuxPpVbbhD6f7wf4-cqxIJQI_qVTqSmhg1zu-2zpe3KBlLTGkY_kaz75o08_VemYmEZg4ovmf5CAcrYNkat7A0cI56-QD5mDvyxF1Jv9l5uz2-QSXIndWeP3oepHi9VmzrW932885xrAM6yCK77oh9KD6fiL6jIfERs1Zs00Ps5cxDJZT8lIsADqXY4VX9TYLxNch_dAxgBiNdDKKBrn1U3DmYdH2CVKAbeF0MkxHWKsuWI8co2xrgu160HmfgvQ8Ui0_S_mOp5EVkmyfiIdogdmzJlfmoqtPtK3TyYOGd33khXs3deiq11J0QjTtPOToBiQ_SywQLx4YuGK-78sGGS7VLasdbEuddK5PQNzqzZL-QA3xo_0SSi2cwXsajCjTobLwIT-dChb5thmz5zWy4zW4CqOT6E2ycoDJOpqjGVX55drmfo6VlYOP9YDrL2NO0Jh70h8B75H1jmZwATERdqbliyOZG8rCbilsJkifaMc2NY7-5hkvP7vY2tWLgBRuPL3ElYlwkmtXoO116j0a4kChhvdHbPIcxTkW59gLogK_Z1ehHpTs0HcjmlNaQtDfdN_NYD_xSaT4Kl4kon3TlC2MCe10z3W77FlWRkIg0FY1rRF6ge85ALpeqLGLAWRNeaeEfIGXSGw_79j-tVUMMYO1z8c68Xrp3_bMeb5iYnHV_0aCP4h6Xbkgzpvmk0hz88hzMBnLqyao_1uVdVtzr8B0ha_w-LzUFOVPXMlVUACy1MZD6ujKel05D7YN3DCsI_Ny_U49e6ghr8Tx7rVzYerHgOWhJ8RHfxAButd671EKMEwnLqKHnMzzD8pOdQqBiY5epBx2hwgUP50yLtfu_FVOn6CPY84jZ13H8C4rjEOGtMVx64mNb12ptm7vpu_WTes-4gdDLK4xriEA1uBLhjXGH8tX6X4Cu5y2-w1EivUgrEZArSYC_E3LySxwG96ZhvJORRcIZvbkOvLEr15RiuZiF6Nls8C4hsnxTnwIpd4XkZbiAJ1zoteTnH7yF46-SHLuUbSoIy4FqkQd3gkkZulrIgltoUye3NCsSgMywYrBHS-dJftrB2WIul58CLm4M1jJlMXKQZdso3jT1aDccZBTDRJcCPRpqNyq1E1B2OlaeJMgqhpadkE6K6d5rnQV3i39jU5rarSS4dWbUpp_3pmOjzC_SjaHXhnDNdFlWm4-aCpk7ryBZq9OdwqPNpgMLxBFCdv-zuxOS7NZ-CECX7qtwsM8ZNl12mRAEFySh8FYwsxd3HsPKoXbj26iXWQ6JBgdjdprdyp4kz0yhbxvpurq4DUtbDaPl7REzNrfuuWR7lLJofvhM2goNK7VMo9zn0m1nHlop09spBXrb7NP9CDTHoYC8QVpnrmkf-lQz5v8TzkdgahgQdqDunoaNcKJFLC3FhmknL54xY1Y7vtlCzTkurNeJOJ60tBMJOxCFBIeXh3mmG6y698ORcbkDwiPcQebE2hvjosfUg6qtyF_QYU5gJjErVSEfQoJhHo-YF61ONbo2uvdo4XHO8PPMH7_ACs2Ootf7fvXG7GSTDdgiJZwRBDJ5ehVNM6O0F7NJoZByqd1uvqNhU0bIaG5FHJpZUzlS |
Edit tour
chrome.exe (PID: 3576 cmdline: 
