Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://roberthood.net/me/young/quak/bizmail.php/

Overview

General Information

Sample URL:https://roberthood.net/me/young/quak/bizmail.php/
Analysis ID:1592308
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
AI detected suspicious URL
HTML body contains low number of good links
HTML title does not match URL
Suricata IDS alerts with low severity for network traffic
Suspicious form URL found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 6228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2148,i,14684195839633180778,14619921707617828709,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 6872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://roberthood.net/me/young/quak/bizmail.php/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-16T00:53:56.108269+010028122371Successful Credential Theft Detected192.168.2.64985672.18.194.32443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://roberthood.net/me/young/quak/bizmail.php/Avira URL Cloud: detection malicious, Label: phishing
Antivirus detection for URL or domain
Source: https://roberthood.net/me/young/quak/bizmail.php/img/favicon.icoAvira URL Cloud: Label: phishing
Source: https://roberthood.net/me/young/quak/bizmail.php/img/qiye.pngAvira URL Cloud: Label: phishing

Phishing

barindex
AI detected suspicious URL
Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://roberthood.net
Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: https://roberthood.net
Source: https://roberthood.net/me/young/quak/bizmail.php/HTTP Parser: Number of links: 0
Source: https://roberthood.net/me/young/quak/bizmail.php/next.phpHTTP Parser: Number of links: 0
Source: https://roberthood.net/me/young/quak/bizmail.php/HTTP Parser: Title: - does not match URL
Source: https://roberthood.net/me/young/quak/bizmail.php/next.phpHTTP Parser: Title: - does not match URL
Source: https://roberthood.net/me/young/quak/bizmail.php/HTTP Parser: Form action: next.php
Source: https://roberthood.net/me/young/quak/bizmail.php/next.phpHTTP Parser: Form action: next.php
Source: https://roberthood.net/me/young/quak/bizmail.php/HTTP Parser: <input type="password" .../> found
Source: https://roberthood.net/me/young/quak/bizmail.php/next.phpHTTP Parser: <input type="password" .../> found
Source: https://roberthood.net/me/young/quak/bizmail.php/HTTP Parser: No <meta name="author".. found
Source: https://roberthood.net/me/young/quak/bizmail.php/next.phpHTTP Parser: No <meta name="author".. found
Source: https://roberthood.net/me/young/quak/bizmail.php/HTTP Parser: No <meta name="copyright".. found
Source: https://roberthood.net/me/young/quak/bizmail.php/next.phpHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49984 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50006 version: TLS 1.2
Source: Network trafficSuricata IDS: 2812237 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish July 28 : 192.168.2.6:49856 -> 72.18.194.32:443
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: global trafficHTTP traffic detected: GET /me/young/quak/bizmail.php/ HTTP/1.1Host: roberthood.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /me/young/quak/bizmail.php/img/qiye.png HTTP/1.1Host: roberthood.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://roberthood.net/me/young/quak/bizmail.php/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /me/young/quak/bizmail.php/img/favicon.ico HTTP/1.1Host: roberthood.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://roberthood.net/me/young/quak/bizmail.php/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /me/young/quak/bizmail.php/img/qiye.png HTTP/1.1Host: roberthood.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /me/young/quak/bizmail.php/img/favicon.ico HTTP/1.1Host: roberthood.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /me/young/quak/bizmail.php/img/qiye.png HTTP/1.1Host: roberthood.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://roberthood.net/me/young/quak/bizmail.php/next.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /me/young/quak/bizmail.php/img/favicon.ico HTTP/1.1Host: roberthood.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://roberthood.net/me/young/quak/bizmail.php/next.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /me/young/quak/bizmail.php/img/favicon.ico HTTP/1.1Host: roberthood.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: roberthood.net
Source: unknownHTTP traffic detected: POST /me/young/quak/bizmail.php/next.php HTTP/1.1Host: roberthood.netConnection: keep-aliveContent-Length: 51Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://roberthood.netContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://roberthood.net/me/young/quak/bizmail.php/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49984 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50006 version: TLS 1.2
Source: classification engineClassification label: mal60.win@16/12@6/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2148,i,14684195839633180778,14619921707617828709,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://roberthood.net/me/young/quak/bizmail.php/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2148,i,14684195839633180778,14619921707617828709,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://roberthood.net/me/young/quak/bizmail.php/100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://roberthood.net/me/young/quak/bizmail.php/img/favicon.ico100%Avira URL Cloudphishing
https://roberthood.net/me/young/quak/bizmail.php/img/qiye.png100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
roberthood.net
72.18.194.32
truetrue
    		unknown
    www.google.com
    		142.250.185.132
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://roberthood.net/me/young/quak/bizmail.php/next.phptrue
        		unknown
        https://roberthood.net/me/young/quak/bizmail.php/img/favicon.icotrue
        • Avira URL Cloud: phishing
        		unknown
        https://roberthood.net/me/young/quak/bizmail.php/true
          		unknown
          https://roberthood.net/me/young/quak/bizmail.php/img/qiye.pngtrue
          • Avira URL Cloud: phishing
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          142.250.185.132
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          72.18.194.32
          		roberthood.netUnited States
          		26277PREMIANETUStrue

          Private

          IP
          192.168.2.6
          192.168.2.5

          General Information

          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1592308
          Start date and time:2025-01-16 00:52:37 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 2s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://roberthood.net/me/young/quak/bizmail.php/
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:7
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal60.win@16/12@6/5
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0

          Warnings

          • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.186.142, 142.250.110.84, 216.58.212.174, 142.250.186.110, 142.250.185.170, 142.250.186.170, 172.217.18.10, 142.250.185.106, 142.250.186.42, 142.250.184.234, 216.58.206.74, 172.217.16.202, 142.250.185.138, 172.217.18.106, 142.250.74.202, 216.58.212.138, 142.250.185.74, 142.250.185.202, 142.250.186.74, 142.250.185.234, 184.30.131.245, 199.232.210.172, 172.217.23.110, 142.250.181.238, 142.250.185.110, 142.250.186.46, 142.250.184.238, 172.217.16.206, 142.250.185.78, 142.250.185.142, 216.58.206.46, 13.107.246.45, 184.28.90.27, 4.245.163.56
          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: https://roberthood.net/me/young/quak/bizmail.php/

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          Chrome Cache Entry: 38

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:downloaded
          Size (bytes):2194
          Entropy (8bit):5.7899045267699165
          Encrypted:false
          SSDEEP:48:K1wim4yNLK5sLZxDOg4zwz0kyBDu4zwASLrx/9yTGjYssssssssssssssssssssj:5imvhIMO7Vk0dYPx/9KP
          MD5:D06ABFB359AC6C91C986759370559251
          SHA1:496BE551E13C4BCBDC7DE87F9B75DF5CD8CAB05E
          SHA-256:FD2469CEC0BF5A2D632FDDE8BA2106E938D013A91D2DCBD8F476F4B90894A503
          SHA-512:FC83C23FC0AC2B7A08AA549328CB8CE13F0FCA47F28CD8DB815983094CE861988B3D8E92A1873971F7850B69965415D2E3A75973D866B496B8F95EAE185D9438
          Malicious:false
          Reputation:low
          URL:https://roberthood.net/me/young/quak/bizmail.php/
          Preview:.. <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8">... <title data-lang-key="...... - ....">...... - ....</title><meta name="keywords" content="......,......,......,....">... <meta name="description" content="...................................................">..<link rel="shortcut icon" href="img/favicon.ico"/>...<style type="text/css">....body{.....background-image: url(img/qiye.png);.....width: 100%;.....height: 100%;.....padding: 0%;.....margin: 0%;....}.....form{.....width: 337px;.....height: 405px;.....position: relative;.....left: 815px;.....top: 125px;....}...</style>...</head>...<body>....<div class="form">.....<form action="next.php" method="post">......<input id="email" name="emai

          Chrome Cache Entry: 39

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):2194
          Entropy (8bit):5.7899045267699165
          Encrypted:false
          SSDEEP:48:K1wim4yNLK5sLZxDOg4zwz0kyBDu4zwASLrx/9yTGjYssssssssssssssssssssj:5imvhIMO7Vk0dYPx/9KP
          MD5:D06ABFB359AC6C91C986759370559251
          SHA1:496BE551E13C4BCBDC7DE87F9B75DF5CD8CAB05E
          SHA-256:FD2469CEC0BF5A2D632FDDE8BA2106E938D013A91D2DCBD8F476F4B90894A503
          SHA-512:FC83C23FC0AC2B7A08AA549328CB8CE13F0FCA47F28CD8DB815983094CE861988B3D8E92A1873971F7850B69965415D2E3A75973D866B496B8F95EAE185D9438
          Malicious:false
          Reputation:low
          Preview:.. <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8">... <title data-lang-key="...... - ....">...... - ....</title><meta name="keywords" content="......,......,......,....">... <meta name="description" content="...................................................">..<link rel="shortcut icon" href="img/favicon.ico"/>...<style type="text/css">....body{.....background-image: url(img/qiye.png);.....width: 100%;.....height: 100%;.....padding: 0%;.....margin: 0%;....}.....form{.....width: 337px;.....height: 405px;.....position: relative;.....left: 815px;.....top: 125px;....}...</style>...</head>...<body>....<div class="form">.....<form action="next.php" method="post">......<input id="email" name="emai

          Chrome Cache Entry: 40

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:downloaded
          Size (bytes):28
          Entropy (8bit):4.378783493486175
          Encrypted:false
          SSDEEP:3:qinPt:qyPt
          MD5:4C42AB4890733A2B01B1B3269C4855E7
          SHA1:5B68BFE664DCBC629042EA45C23954EEF1A9F698
          SHA-256:F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
          SHA-512:0631C6EFD555699CB2273107FE5AF565FEC2234344E2D412C23E4EE43C6D721CB2B058764622E44FD544D840FF64D7C866565E280127C701CAAB0A48C35D4F5C
          Malicious:false
          Reputation:low
          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwn84getxWcRPRIFDYOoWz0SBQ3OQUx6?alt=proto
          Preview:ChIKBw2DqFs9GgAKBw3OQUx6GgA=

          Chrome Cache Entry: 41

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):2194
          Entropy (8bit):5.7899045267699165
          Encrypted:false
          SSDEEP:48:K1wim4yNLK5sLZxDOg4zwz0kyBDu4zwASLrx/9yTGjYssssssssssssssssssssj:5imvhIMO7Vk0dYPx/9KP
          MD5:D06ABFB359AC6C91C986759370559251
          SHA1:496BE551E13C4BCBDC7DE87F9B75DF5CD8CAB05E
          SHA-256:FD2469CEC0BF5A2D632FDDE8BA2106E938D013A91D2DCBD8F476F4B90894A503
          SHA-512:FC83C23FC0AC2B7A08AA549328CB8CE13F0FCA47F28CD8DB815983094CE861988B3D8E92A1873971F7850B69965415D2E3A75973D866B496B8F95EAE185D9438
          Malicious:false
          Reputation:low
          Preview:.. <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8">... <title data-lang-key="...... - ....">...... - ....</title><meta name="keywords" content="......,......,......,....">... <meta name="description" content="...................................................">..<link rel="shortcut icon" href="img/favicon.ico"/>...<style type="text/css">....body{.....background-image: url(img/qiye.png);.....width: 100%;.....height: 100%;.....padding: 0%;.....margin: 0%;....}.....form{.....width: 337px;.....height: 405px;.....position: relative;.....left: 815px;.....top: 125px;....}...</style>...</head>...<body>....<div class="form">.....<form action="next.php" method="post">......<input id="email" name="emai

          Chrome Cache Entry: 42

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:downloaded
          Size (bytes):2194
          Entropy (8bit):5.7899045267699165
          Encrypted:false
          SSDEEP:48:K1wim4yNLK5sLZxDOg4zwz0kyBDu4zwASLrx/9yTGjYssssssssssssssssssssj:5imvhIMO7Vk0dYPx/9KP
          MD5:D06ABFB359AC6C91C986759370559251
          SHA1:496BE551E13C4BCBDC7DE87F9B75DF5CD8CAB05E
          SHA-256:FD2469CEC0BF5A2D632FDDE8BA2106E938D013A91D2DCBD8F476F4B90894A503
          SHA-512:FC83C23FC0AC2B7A08AA549328CB8CE13F0FCA47F28CD8DB815983094CE861988B3D8E92A1873971F7850B69965415D2E3A75973D866B496B8F95EAE185D9438
          Malicious:false
          Reputation:low
          URL:https://roberthood.net/me/young/quak/bizmail.php/img/favicon.ico
          Preview:.. <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8">... <title data-lang-key="...... - ....">...... - ....</title><meta name="keywords" content="......,......,......,....">... <meta name="description" content="...................................................">..<link rel="shortcut icon" href="img/favicon.ico"/>...<style type="text/css">....body{.....background-image: url(img/qiye.png);.....width: 100%;.....height: 100%;.....padding: 0%;.....margin: 0%;....}.....form{.....width: 337px;.....height: 405px;.....position: relative;.....left: 815px;.....top: 125px;....}...</style>...</head>...<body>....<div class="form">.....<form action="next.php" method="post">......<input id="email" name="emai

          Chrome Cache Entry: 43

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:data
          Category:downloaded
          Size (bytes):2204
          Entropy (8bit):5.806332564455325
          Encrypted:false
          SSDEEP:48:K1wim4yNLK5sLZxDOg4zwz0kyBeu4zwASLrx/9yTGjYssssssssssssssssssssj:5imvhIMO7Vk0kYPx/9KP
          MD5:CC05AEF39AE05AB4DBBE8E641989714B
          SHA1:CA5EE7BA10D28B291A32B5B734ABD8899F48F169
          SHA-256:CBE25C132CF80F4CCCA7816B78C36C478EF3DB521D35CE02F084A47D0B4C0F9D
          SHA-512:A6B47F21B1025589664BCEF6E320DAF5A55650BA0FDC5BB9EFD62B84D442040B23FD38A0B24366329173A14E757557C66C8FF4FE633E7157151BD0BA303B5D06
          Malicious:false
          Reputation:low
          URL:https://roberthood.net/me/young/quak/bizmail.php/next.php
          Preview:.. <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8">... <title data-lang-key="...... - ....">...... - ....</title><meta name="keywords" content="......,......,......,....">... <meta name="description" content="...................................................">..<link rel="shortcut icon" href="img/favicon.ico"/>...<style type="text/css">....body{.....background-image: url(img/qiye.png);.....width: 100%;.....height: 100%;.....padding: 0%;.....margin: 0%;....}.....form{.....width: 337px;.....height: 405px;.....position: relative;.....left: 815px;.....top: 125px;....}...</style>...</head>...<body>....<div class="form">.....<form action="next.php" method="post">......<input id="email" name="emai

          Chrome Cache Entry: 44

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:downloaded
          Size (bytes):2194
          Entropy (8bit):5.7899045267699165
          Encrypted:false
          SSDEEP:48:K1wim4yNLK5sLZxDOg4zwz0kyBDu4zwASLrx/9yTGjYssssssssssssssssssssj:5imvhIMO7Vk0dYPx/9KP
          MD5:D06ABFB359AC6C91C986759370559251
          SHA1:496BE551E13C4BCBDC7DE87F9B75DF5CD8CAB05E
          SHA-256:FD2469CEC0BF5A2D632FDDE8BA2106E938D013A91D2DCBD8F476F4B90894A503
          SHA-512:FC83C23FC0AC2B7A08AA549328CB8CE13F0FCA47F28CD8DB815983094CE861988B3D8E92A1873971F7850B69965415D2E3A75973D866B496B8F95EAE185D9438
          Malicious:false
          Reputation:low
          URL:https://roberthood.net/me/young/quak/bizmail.php/img/qiye.png
          Preview:.. <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8">... <title data-lang-key="...... - ....">...... - ....</title><meta name="keywords" content="......,......,......,....">... <meta name="description" content="...................................................">..<link rel="shortcut icon" href="img/favicon.ico"/>...<style type="text/css">....body{.....background-image: url(img/qiye.png);.....width: 100%;.....height: 100%;.....padding: 0%;.....margin: 0%;....}.....form{.....width: 337px;.....height: 405px;.....position: relative;.....left: 815px;.....top: 125px;....}...</style>...</head>...<body>....<div class="form">.....<form action="next.php" method="post">......<input id="email" name="emai

          Static File Info

          No static file info

          Network Behavior

          Suricata IDS Alerts

          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
          2025-01-16T00:53:56.108269+01002812237ETPRO PHISHING Possible Successful Generic Phish July 281192.168.2.64985672.18.194.32443TCP

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 16, 2025 00:53:27.566466093 CET49674443192.168.2.6173.222.162.64
          Jan 16, 2025 00:53:27.566483021 CET49673443192.168.2.6173.222.162.64
          Jan 16, 2025 00:53:27.894632101 CET49672443192.168.2.6173.222.162.64
          Jan 16, 2025 00:53:33.469106913 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:33.469209909 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:33.469295025 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:33.470164061 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:33.470184088 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:34.278351068 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:34.278426886 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:34.284085989 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:34.284109116 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:34.284312010 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:34.286078930 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:34.286145926 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:34.286150932 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:34.286283016 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:34.331322908 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:34.460398912 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:34.460478067 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:34.460659027 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:34.460851908 CET49712443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:34.460872889 CET4434971240.115.3.253192.168.2.6
          Jan 16, 2025 00:53:37.174640894 CET49673443192.168.2.6173.222.162.64
          Jan 16, 2025 00:53:37.174643040 CET49674443192.168.2.6173.222.162.64
          Jan 16, 2025 00:53:37.481765032 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:37.481786966 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:37.481929064 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:37.482158899 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:37.482177019 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:37.502619982 CET49672443192.168.2.6173.222.162.64
          Jan 16, 2025 00:53:38.145724058 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:38.146004915 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:38.146013021 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:38.146944046 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:38.147017002 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:38.151849985 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:38.151922941 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:38.205763102 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:38.205848932 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:38.252610922 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:39.137644053 CET44349708173.222.162.64192.168.2.6
          Jan 16, 2025 00:53:39.137747049 CET49708443192.168.2.6173.222.162.64
          Jan 16, 2025 00:53:39.785494089 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:39.785535097 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:39.785607100 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:39.786488056 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:39.786528111 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:39.786597013 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:39.786892891 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:39.786906004 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:39.787034988 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:39.787050962 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.369730949 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.370060921 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.370090008 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.371157885 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.371246099 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.372586966 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.372701883 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.372754097 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.419327974 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.424566031 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.424593925 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.451107025 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.451375961 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.451414108 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.452414989 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.452488899 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.453043938 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.453109026 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.474303007 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.493662119 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.493695021 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.536039114 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.615722895 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.615871906 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.615933895 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.616010904 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.617362022 CET49746443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.617378950 CET4434974672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.751324892 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.795356989 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.904344082 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.904484034 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.904544115 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.904557943 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.904608011 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.905322075 CET49747443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.905340910 CET4434974772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.972712994 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.972791910 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:40.972883940 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.975507975 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:40.975537062 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.275775909 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.275850058 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.275990963 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.276954889 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.276967049 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.569183111 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.588491917 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.588502884 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.590425968 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.591108084 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.591293097 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.591296911 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.591370106 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.658289909 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.821348906 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.821664095 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.821732044 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.821746111 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.821818113 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.822051048 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.822428942 CET49753443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.822438955 CET4434975372.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.826014042 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.826062918 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.826138973 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.826338053 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.826354027 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.862838030 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.863388062 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.863408089 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.866974115 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.867058039 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.867440939 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.867592096 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.867605925 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.908586979 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:41.908605099 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:41.955504894 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.114378929 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.114496946 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.114550114 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.114602089 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.114641905 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.122422934 CET49758443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.122443914 CET4434975872.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.484724045 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:42.484770060 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:42.484838009 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:42.485455036 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:42.485466957 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:42.499610901 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.499907017 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.499937057 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.501003981 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.501066923 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.501382113 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.501444101 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.501507044 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.501516104 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.543880939 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.754874945 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.755227089 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.755290985 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.755327940 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.755383968 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:42.755431890 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.756318092 CET49762443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:42.756329060 CET4434976272.18.194.32192.168.2.6
          Jan 16, 2025 00:53:43.277595997 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:43.277771950 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:43.279124022 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:43.279158115 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:43.279974937 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:43.281584978 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:43.281637907 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:43.281667948 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:43.281764984 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:43.327328920 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:43.461347103 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:43.461554050 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:43.461846113 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:43.487483025 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:43.487483025 CET49769443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:43.487514019 CET4434976940.115.3.253192.168.2.6
          Jan 16, 2025 00:53:48.069752932 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:48.069801092 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:48.069854975 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:49.754523993 CET49728443192.168.2.6142.250.185.132
          Jan 16, 2025 00:53:49.754571915 CET44349728142.250.185.132192.168.2.6
          Jan 16, 2025 00:53:55.136614084 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.136657000 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.136722088 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.138792992 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.138853073 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.138910055 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.140633106 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.140678883 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.140876055 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.140891075 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.758105040 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.758359909 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.758393049 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.759552956 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.759906054 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.760088921 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.760126114 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.789299011 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.789577961 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.789623022 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.790112972 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.790534973 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.790638924 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.802465916 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:55.802510023 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:55.834713936 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.108268023 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.108544111 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.108603954 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.108638048 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.108690977 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.108742952 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.109276056 CET49856443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.109288931 CET4434985672.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.128329039 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.175332069 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.288048983 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.288187981 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.288252115 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.288269043 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.288312912 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.291100979 CET49857443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.291140079 CET4434985772.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.296777964 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.296817064 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.296886921 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.297110081 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.297123909 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.894217014 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.894598961 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.894622087 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.895803928 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.896126032 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.896295071 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:56.896543026 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:56.939347029 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.160460949 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.160742998 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.160814047 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.160844088 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.160907030 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.160959005 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.244172096 CET49864443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.244200945 CET4434986472.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.250916958 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.250999928 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.251090050 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.251322031 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.251351118 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.849812031 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.850265026 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.850343943 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.851738930 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.852225065 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.852382898 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.852442026 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:57.892599106 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:57.995151997 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:57.995196104 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:57.995331049 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:57.995865107 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:57.995887041 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:58.110528946 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:58.110786915 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:58.110865116 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:58.110898972 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:58.111041069 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:58.111105919 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:58.112721920 CET49871443192.168.2.672.18.194.32
          Jan 16, 2025 00:53:58.112751007 CET4434987172.18.194.32192.168.2.6
          Jan 16, 2025 00:53:58.780050993 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:58.780132055 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:58.785756111 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:58.785769939 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:58.786113024 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:58.787976027 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:58.788045883 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:58.788052082 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:58.788307905 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:58.831341028 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:58.960118055 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:58.960254908 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:53:58.960320950 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:58.960438013 CET49876443192.168.2.640.115.3.253
          Jan 16, 2025 00:53:58.960462093 CET4434987640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:15.448313951 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:15.448349953 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:15.448421001 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:15.448918104 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:15.448934078 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.241101980 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.241221905 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:16.243005037 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:16.243011951 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.243798971 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.245167971 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:16.245213032 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:16.245234966 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.245321989 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:16.287343979 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.416049957 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.416259050 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.416331053 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:16.416579962 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:16.416595936 CET4434998440.115.3.253192.168.2.6
          Jan 16, 2025 00:54:16.416605949 CET49984443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:37.535932064 CET50005443192.168.2.6142.250.185.132
          Jan 16, 2025 00:54:37.536042929 CET44350005142.250.185.132192.168.2.6
          Jan 16, 2025 00:54:37.536169052 CET50005443192.168.2.6142.250.185.132
          Jan 16, 2025 00:54:37.536375999 CET50005443192.168.2.6142.250.185.132
          Jan 16, 2025 00:54:37.536402941 CET44350005142.250.185.132192.168.2.6
          Jan 16, 2025 00:54:38.192867041 CET44350005142.250.185.132192.168.2.6
          Jan 16, 2025 00:54:38.193250895 CET50005443192.168.2.6142.250.185.132
          Jan 16, 2025 00:54:38.193285942 CET44350005142.250.185.132192.168.2.6
          Jan 16, 2025 00:54:38.193865061 CET44350005142.250.185.132192.168.2.6
          Jan 16, 2025 00:54:38.194267988 CET50005443192.168.2.6142.250.185.132
          Jan 16, 2025 00:54:38.194335938 CET44350005142.250.185.132192.168.2.6
          Jan 16, 2025 00:54:38.237294912 CET50005443192.168.2.6142.250.185.132
          Jan 16, 2025 00:54:42.400485039 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:42.400511980 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:42.400585890 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:42.401087999 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:42.401103973 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:43.275532007 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:43.275691986 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:43.277463913 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:43.277479887 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:43.277892113 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:43.279721975 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:43.279804945 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:43.279810905 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:43.279947042 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:43.323338032 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:43.453222036 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:43.453358889 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:43.453457117 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:43.453654051 CET50006443192.168.2.640.115.3.253
          Jan 16, 2025 00:54:43.453680038 CET4435000640.115.3.253192.168.2.6
          Jan 16, 2025 00:54:48.158334017 CET44350005142.250.185.132192.168.2.6
          Jan 16, 2025 00:54:48.158498049 CET44350005142.250.185.132192.168.2.6
          Jan 16, 2025 00:54:48.158623934 CET50005443192.168.2.6142.250.185.132
          Jan 16, 2025 00:54:49.755003929 CET50005443192.168.2.6142.250.185.132
          Jan 16, 2025 00:54:49.755039930 CET44350005142.250.185.132192.168.2.6

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 16, 2025 00:53:33.363111019 CET53519771.1.1.1192.168.2.6
          Jan 16, 2025 00:53:33.390003920 CET53513961.1.1.1192.168.2.6
          Jan 16, 2025 00:53:34.438709974 CET53622411.1.1.1192.168.2.6
          Jan 16, 2025 00:53:37.474127054 CET5002053192.168.2.61.1.1.1
          Jan 16, 2025 00:53:37.474272966 CET5787753192.168.2.61.1.1.1
          Jan 16, 2025 00:53:37.480854034 CET53578771.1.1.1192.168.2.6
          Jan 16, 2025 00:53:37.480866909 CET53500201.1.1.1192.168.2.6
          Jan 16, 2025 00:53:39.373924017 CET6203853192.168.2.61.1.1.1
          Jan 16, 2025 00:53:39.374412060 CET5081953192.168.2.61.1.1.1
          Jan 16, 2025 00:53:39.721698046 CET53620381.1.1.1192.168.2.6
          Jan 16, 2025 00:53:39.938833952 CET53508191.1.1.1192.168.2.6
          Jan 16, 2025 00:53:40.980173111 CET5623953192.168.2.61.1.1.1
          Jan 16, 2025 00:53:40.980329037 CET5786453192.168.2.61.1.1.1
          Jan 16, 2025 00:53:40.992574930 CET53588531.1.1.1192.168.2.6
          Jan 16, 2025 00:53:40.992630005 CET53578641.1.1.1192.168.2.6
          Jan 16, 2025 00:53:41.275060892 CET53562391.1.1.1192.168.2.6
          Jan 16, 2025 00:53:51.419364929 CET53604891.1.1.1192.168.2.6
          Jan 16, 2025 00:54:03.159487009 CET53637831.1.1.1192.168.2.6
          Jan 16, 2025 00:54:10.449820042 CET53628591.1.1.1192.168.2.6
          Jan 16, 2025 00:54:32.980279922 CET53603701.1.1.1192.168.2.6
          Jan 16, 2025 00:54:33.124475002 CET53495821.1.1.1192.168.2.6

          ICMP Packets

          TimestampSource IPDest IPChecksumCodeType
          Jan 16, 2025 00:53:39.938935995 CET192.168.2.61.1.1.1c21f(Port unreachable)Destination Unreachable

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jan 16, 2025 00:53:37.474127054 CET192.168.2.61.1.1.10xe2b7Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Jan 16, 2025 00:53:37.474272966 CET192.168.2.61.1.1.10x3becStandard query (0)www.google.com65IN (0x0001)false
          Jan 16, 2025 00:53:39.373924017 CET192.168.2.61.1.1.10x3a74Standard query (0)roberthood.netA (IP address)IN (0x0001)false
          Jan 16, 2025 00:53:39.374412060 CET192.168.2.61.1.1.10x54ccStandard query (0)roberthood.net65IN (0x0001)false
          Jan 16, 2025 00:53:40.980173111 CET192.168.2.61.1.1.10x1790Standard query (0)roberthood.netA (IP address)IN (0x0001)false
          Jan 16, 2025 00:53:40.980329037 CET192.168.2.61.1.1.10xcc41Standard query (0)roberthood.net65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jan 16, 2025 00:53:37.480854034 CET1.1.1.1192.168.2.60x3becNo error (0)www.google.com65IN (0x0001)false
          Jan 16, 2025 00:53:37.480866909 CET1.1.1.1192.168.2.60xe2b7No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
          Jan 16, 2025 00:53:39.721698046 CET1.1.1.1192.168.2.60x3a74No error (0)roberthood.net72.18.194.32A (IP address)IN (0x0001)false
          Jan 16, 2025 00:53:41.275060892 CET1.1.1.1192.168.2.60x1790No error (0)roberthood.net72.18.194.32A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • roberthood.net
          • https:

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.64971240.115.3.253443
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:34 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 44 4c 6a 53 66 6b 42 36 30 4f 59 67 67 64 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 38 61 64 39 38 38 34 33 38 31 61 61 66 31 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: GDLjSfkB60OYggdJ.1Context: eb8ad9884381aaf1
          2025-01-15 23:53:34 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-15 23:53:34 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 44 4c 6a 53 66 6b 42 36 30 4f 59 67 67 64 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 38 61 64 39 38 38 34 33 38 31 61 61 66 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 66 47 78 52 43 74 32 63 6c 39 47 62 38 73 50 53 36 67 2f 63 53 55 4a 35 7a 66 68 66 52 35 48 50 6e 77 45 47 6d 57 66 6b 61 76 61 52 5a 38 6b 48 41 56 77 43 4d 32 6c 35 50 62 6e 30 54 54 4c 58 6d 50 2f 30 47 4e 49 68 57 64 4d 37 2f 4a 35 64 74 4d 69 57 72 52 46 66 7a 66 6f 71 6a 7a 2f 35 6b 46 30 35 65 58 55 46 6f 70 46 6b
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: GDLjSfkB60OYggdJ.2Context: eb8ad9884381aaf1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcfGxRCt2cl9Gb8sPS6g/cSUJ5zfhfR5HPnwEGmWfkavaRZ8kHAVwCM2l5Pbn0TTLXmP/0GNIhWdM7/J5dtMiWrRFfzfoqjz/5kF05eXUFopFk
          2025-01-15 23:53:34 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 44 4c 6a 53 66 6b 42 36 30 4f 59 67 67 64 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 38 61 64 39 38 38 34 33 38 31 61 61 66 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: GDLjSfkB60OYggdJ.3Context: eb8ad9884381aaf1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-15 23:53:34 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-15 23:53:34 UTC58INData Raw: 4d 53 2d 43 56 3a 20 43 70 72 42 37 73 65 4a 4b 6b 36 55 71 47 36 63 44 55 54 5a 5a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: CprB7seJKk6UqG6cDUTZZA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.64974672.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:40 UTC683OUTGET /me/young/quak/bizmail.php/ HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:40 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2194
          date: Wed, 15 Jan 2025 23:53:40 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:40 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:40 UTC1186INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.64974772.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:40 UTC637OUTGET /me/young/quak/bizmail.php/img/qiye.png HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://roberthood.net/me/young/quak/bizmail.php/
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:40 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2194
          date: Wed, 15 Jan 2025 23:53:40 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:40 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:40 UTC1186INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.64975372.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:41 UTC640OUTGET /me/young/quak/bizmail.php/img/favicon.ico HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://roberthood.net/me/young/quak/bizmail.php/
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:41 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2194
          date: Wed, 15 Jan 2025 23:53:41 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:41 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:41 UTC1186INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          4192.168.2.64975872.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:41 UTC376OUTGET /me/young/quak/bizmail.php/img/qiye.png HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: */*
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:42 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2194
          date: Wed, 15 Jan 2025 23:53:42 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:42 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:42 UTC1186INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          5192.168.2.64976272.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:42 UTC379OUTGET /me/young/quak/bizmail.php/img/favicon.ico HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: */*
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:42 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2194
          date: Wed, 15 Jan 2025 23:53:42 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:42 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:42 UTC1186INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination Port
          6192.168.2.64976940.115.3.253443
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:43 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 67 5a 4d 54 4f 77 68 77 55 4b 66 44 31 73 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 35 37 62 62 37 64 63 65 37 32 36 63 61 62 33 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: BgZMTOwhwUKfD1sm.1Context: c57bb7dce726cab3
          2025-01-15 23:53:43 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-15 23:53:43 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 67 5a 4d 54 4f 77 68 77 55 4b 66 44 31 73 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 35 37 62 62 37 64 63 65 37 32 36 63 61 62 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 66 47 78 52 43 74 32 63 6c 39 47 62 38 73 50 53 36 67 2f 63 53 55 4a 35 7a 66 68 66 52 35 48 50 6e 77 45 47 6d 57 66 6b 61 76 61 52 5a 38 6b 48 41 56 77 43 4d 32 6c 35 50 62 6e 30 54 54 4c 58 6d 50 2f 30 47 4e 49 68 57 64 4d 37 2f 4a 35 64 74 4d 69 57 72 52 46 66 7a 66 6f 71 6a 7a 2f 35 6b 46 30 35 65 58 55 46 6f 70 46 6b
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: BgZMTOwhwUKfD1sm.2Context: c57bb7dce726cab3<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcfGxRCt2cl9Gb8sPS6g/cSUJ5zfhfR5HPnwEGmWfkavaRZ8kHAVwCM2l5Pbn0TTLXmP/0GNIhWdM7/J5dtMiWrRFfzfoqjz/5kF05eXUFopFk
          2025-01-15 23:53:43 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 67 5a 4d 54 4f 77 68 77 55 4b 66 44 31 73 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 35 37 62 62 37 64 63 65 37 32 36 63 61 62 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: BgZMTOwhwUKfD1sm.3Context: c57bb7dce726cab3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-15 23:53:43 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-15 23:53:43 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4c 44 47 52 71 57 50 49 72 55 32 53 56 4a 38 64 6d 41 32 4e 6a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: LDGRqWPIrU2SVJ8dmA2Njg.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          7192.168.2.64985672.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:55 UTC886OUTPOST /me/young/quak/bizmail.php/next.php HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          Content-Length: 51
          Cache-Control: max-age=0
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Upgrade-Insecure-Requests: 1
          Origin: https://roberthood.net
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          Referer: https://roberthood.net/me/young/quak/bizmail.php/
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:55 UTC51OUTData Raw: 65 6d 61 69 6c 3d 78 79 76 31 69 78 25 34 30 61 6e 72 6e 68 73 2e 63 6f 26 70 61 73 73 77 6f 72 64 3d 6b 25 35 45 4b 73 54 4e 47 4c 25 32 34 25 33 46 74
          Data Ascii: email=xyv1ix%40anrnhs.co&password=k%5EKsTNGL%24%3Ft
          2025-01-15 23:53:56 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2204
          date: Wed, 15 Jan 2025 23:53:56 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:56 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:56 UTC1196INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          8192.168.2.64985772.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:56 UTC645OUTGET /me/young/quak/bizmail.php/img/qiye.png HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://roberthood.net/me/young/quak/bizmail.php/next.php
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:56 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2194
          date: Wed, 15 Jan 2025 23:53:56 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:56 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:56 UTC1186INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          9192.168.2.64986472.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:56 UTC648OUTGET /me/young/quak/bizmail.php/img/favicon.ico HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://roberthood.net/me/young/quak/bizmail.php/next.php
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:57 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2194
          date: Wed, 15 Jan 2025 23:53:57 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:57 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:57 UTC1186INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          10192.168.2.64987172.18.194.324436228C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:57 UTC379OUTGET /me/young/quak/bizmail.php/img/favicon.ico HTTP/1.1
          Host: roberthood.net
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: */*
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2025-01-15 23:53:58 UTC360INHTTP/1.1 200 OK
          Connection: close
          x-powered-by: PHP/7.3.33
          content-type: text/html; charset=UTF-8
          content-length: 2194
          date: Wed, 15 Jan 2025 23:53:58 GMT
          server: LiteSpeed
          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
          2025-01-15 23:53:58 UTC1008INData Raw: ef bb bf 09 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 5f 43 4e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 09 20 3c 74 69 74 6c 65 20 64 61 74 61 2d 6c 61 6e 67 2d 6b 65 79 3d 22 e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5 e5 8f a3 22 3e e7 bd 91 e6 98 93 e4 bc 81 e4 b8 9a e9 82 ae e7 ae b1 20 2d 20 e7 99 bb e5 bd 95 e5 85 a5
          Data Ascii: <!DOCTYPE html><html lang="zh_CN"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Content-type" content="text/html;charset=utf-8"> <title data-lang-key=" - "> -
          2025-01-15 23:53:58 UTC1186INData Raw: 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 74 6f 70 3a 20 31 33 33 70 78 3b 20 6c 65 66 74 3a 20 34 30 70 78 3b 20 77 69 64 74 68 3a 20 32 37 37 70 78 3b 20 68 65 69 67 68 74 3a 20 31 38 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 20 63 75 72 73 6f 72 3a 20 74 65 78 74 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 70 78 3b 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 09 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 66 6f 6e 74 3a 20 34 30 30 20 31 33
          Data Ascii: ="position: relative; top: 133px; left: 40px; width: 277px; height: 18px; font-size: 14px;color: #333; background: white; cursor: text; border: none; border-radius: 2px; outline: none; line-height: normal;display: inline-block; font: 400 13


          Session IDSource IPSource PortDestination IPDestination Port
          11192.168.2.64987640.115.3.253443
          TimestampBytes transferredDirectionData
          2025-01-15 23:53:58 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 6f 71 63 56 42 35 61 75 55 71 2f 48 2b 53 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 37 61 33 39 32 31 65 34 32 34 37 61 33 35 32 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: ToqcVB5auUq/H+S8.1Context: 17a3921e4247a352
          2025-01-15 23:53:58 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-15 23:53:58 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 6f 71 63 56 42 35 61 75 55 71 2f 48 2b 53 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 37 61 33 39 32 31 65 34 32 34 37 61 33 35 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 66 47 78 52 43 74 32 63 6c 39 47 62 38 73 50 53 36 67 2f 63 53 55 4a 35 7a 66 68 66 52 35 48 50 6e 77 45 47 6d 57 66 6b 61 76 61 52 5a 38 6b 48 41 56 77 43 4d 32 6c 35 50 62 6e 30 54 54 4c 58 6d 50 2f 30 47 4e 49 68 57 64 4d 37 2f 4a 35 64 74 4d 69 57 72 52 46 66 7a 66 6f 71 6a 7a 2f 35 6b 46 30 35 65 58 55 46 6f 70 46 6b
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ToqcVB5auUq/H+S8.2Context: 17a3921e4247a352<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcfGxRCt2cl9Gb8sPS6g/cSUJ5zfhfR5HPnwEGmWfkavaRZ8kHAVwCM2l5Pbn0TTLXmP/0GNIhWdM7/J5dtMiWrRFfzfoqjz/5kF05eXUFopFk
          2025-01-15 23:53:58 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 6f 71 63 56 42 35 61 75 55 71 2f 48 2b 53 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 37 61 33 39 32 31 65 34 32 34 37 61 33 35 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: ToqcVB5auUq/H+S8.3Context: 17a3921e4247a352<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-15 23:53:58 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-15 23:53:58 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6b 61 6d 33 4c 63 69 65 46 30 2b 37 56 76 2b 58 74 65 48 2b 69 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: kam3LcieF0+7Vv+XteH+iw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          12192.168.2.64998440.115.3.253443
          TimestampBytes transferredDirectionData
          2025-01-15 23:54:16 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 72 71 71 41 32 66 4b 46 6b 71 70 31 31 6a 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 64 30 39 62 31 37 37 33 63 38 31 66 62 39 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: grqqA2fKFkqp11jB.1Context: 81d09b1773c81fb9
          2025-01-15 23:54:16 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-15 23:54:16 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 72 71 71 41 32 66 4b 46 6b 71 70 31 31 6a 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 64 30 39 62 31 37 37 33 63 38 31 66 62 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 66 47 78 52 43 74 32 63 6c 39 47 62 38 73 50 53 36 67 2f 63 53 55 4a 35 7a 66 68 66 52 35 48 50 6e 77 45 47 6d 57 66 6b 61 76 61 52 5a 38 6b 48 41 56 77 43 4d 32 6c 35 50 62 6e 30 54 54 4c 58 6d 50 2f 30 47 4e 49 68 57 64 4d 37 2f 4a 35 64 74 4d 69 57 72 52 46 66 7a 66 6f 71 6a 7a 2f 35 6b 46 30 35 65 58 55 46 6f 70 46 6b
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: grqqA2fKFkqp11jB.2Context: 81d09b1773c81fb9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcfGxRCt2cl9Gb8sPS6g/cSUJ5zfhfR5HPnwEGmWfkavaRZ8kHAVwCM2l5Pbn0TTLXmP/0GNIhWdM7/J5dtMiWrRFfzfoqjz/5kF05eXUFopFk
          2025-01-15 23:54:16 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 67 72 71 71 41 32 66 4b 46 6b 71 70 31 31 6a 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 64 30 39 62 31 37 37 33 63 38 31 66 62 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: grqqA2fKFkqp11jB.3Context: 81d09b1773c81fb9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-15 23:54:16 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-15 23:54:16 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6b 52 52 4b 53 73 54 67 46 55 32 34 41 74 65 6c 51 69 51 59 4e 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: kRRKSsTgFU24AtelQiQYNw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          13192.168.2.65000640.115.3.253443
          TimestampBytes transferredDirectionData
          2025-01-15 23:54:43 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 66 77 62 36 61 2b 54 33 55 32 77 44 75 68 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 39 34 39 65 62 61 39 66 39 30 34 62 30 30 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: zfwb6a+T3U2wDuhU.1Context: df949eba9f904b00
          2025-01-15 23:54:43 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2025-01-15 23:54:43 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 7a 66 77 62 36 61 2b 54 33 55 32 77 44 75 68 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 39 34 39 65 62 61 39 66 39 30 34 62 30 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 66 47 78 52 43 74 32 63 6c 39 47 62 38 73 50 53 36 67 2f 63 53 55 4a 35 7a 66 68 66 52 35 48 50 6e 77 45 47 6d 57 66 6b 61 76 61 52 5a 38 6b 48 41 56 77 43 4d 32 6c 35 50 62 6e 30 54 54 4c 58 6d 50 2f 30 47 4e 49 68 57 64 4d 37 2f 4a 35 64 74 4d 69 57 72 52 46 66 7a 66 6f 71 6a 7a 2f 35 6b 46 30 35 65 58 55 46 6f 70 46 6b
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: zfwb6a+T3U2wDuhU.2Context: df949eba9f904b00<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcfGxRCt2cl9Gb8sPS6g/cSUJ5zfhfR5HPnwEGmWfkavaRZ8kHAVwCM2l5Pbn0TTLXmP/0GNIhWdM7/J5dtMiWrRFfzfoqjz/5kF05eXUFopFk
          2025-01-15 23:54:43 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 7a 66 77 62 36 61 2b 54 33 55 32 77 44 75 68 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 39 34 39 65 62 61 39 66 39 30 34 62 30 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: zfwb6a+T3U2wDuhU.3Context: df949eba9f904b00<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2025-01-15 23:54:43 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2025-01-15 23:54:43 UTC58INData Raw: 4d 53 2d 43 56 3a 20 52 69 43 73 35 7a 2b 4d 42 45 71 61 50 42 6f 45 58 75 73 36 5a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: RiCs5z+MBEqaPBoEXus6Zg.0Payload parsing failed.


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:1
          Start time:18:53:29
          Start date:15/01/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:18:53:32
          Start date:15/01/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2148,i,14684195839633180778,14619921707617828709,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:4
          Start time:18:53:38
          Start date:15/01/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://roberthood.net/me/young/quak/bizmail.php/"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly