Edit tour

Windows Analysis Report
https://zigzag.notairequebec.com/

Overview

General Information

Sample URL:	https://zigzag.notairequebec.com/
Analysis ID:	1522206
Tags:	urlscan
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=148,i,8323613118405139887,17831181471390966475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zigzag.notairequebec.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://zigzag.notairequebec.com/	HTTP Parser: No favicon
Source: https://zigzag.notairequebec.com/?MA	HTTP Parser: No favicon
Source: https://zigzag.notairequebec.com/cgi-bin/	HTTP Parser: No favicon
Source: https://zigzag.notairequebec.com/?ND	HTTP Parser: No favicon
Source: https://zigzag.notairequebec.com/?SA	HTTP Parser: No favicon
Source: https://zigzag.notairequebec.com/?MD	HTTP Parser: No favicon
Source: https://zigzag.notairequebec.com/?SD	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_autoindex/assets/css/autoindex.css HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://zigzag.notairequebec.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_autoindex/assets/js/tablesort.js HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zigzag.notairequebec.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_autoindex/assets/js/tablesort.number.js HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zigzag.notairequebec.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_autoindex/assets/icons/folder-fill.svg HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zigzag.notairequebec.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zigzag.notairequebec.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_autoindex/assets/js/tablesort.js HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_autoindex/assets/js/tablesort.number.js HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_autoindex/assets/icons/folder-fill.svg HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?MA HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-bin/ HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?ND HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?SA HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?MD HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?NA HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?SD HTTP/1.1Host: zigzag.notairequebec.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: zigzag.notairequebec.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 29 Sep 2024 12:36:38 GMTserver: LiteSpeedreferrer-policy: alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1242date: Sun, 29 Sep 2024 12:36:51 GMTserver: LiteSpeedreferrer-policy: alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@23/25@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=148,i,8323613118405139887,17831181471390966475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zigzag.notairequebec.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=148,i,8323613118405139887,17831181471390966475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
zigzag.notairequebec.com	173.209.33.163	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://zigzag.notairequebec.com/?SA	false	unknown
https://zigzag.notairequebec.com/_autoindex/assets/js/tablesort.number.js	false	unknown
https://zigzag.notairequebec.com/_autoindex/assets/js/tablesort.js	false	unknown
https://zigzag.notairequebec.com/_autoindex/assets/icons/folder-fill.svg	false	unknown
https://zigzag.notairequebec.com/	false	unknown
https://zigzag.notairequebec.com/?ND	false	unknown
https://zigzag.notairequebec.com/?MA	false	unknown
https://zigzag.notairequebec.com/?NA	false	unknown
https://zigzag.notairequebec.com/?SD	false	unknown
https://zigzag.notairequebec.com/_autoindex/assets/css/autoindex.css	false	unknown
https://zigzag.notairequebec.com/?MD	false	unknown
https://zigzag.notairequebec.com/favicon.ico	false	unknown
https://zigzag.notairequebec.com/cgi-bin/	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
173.209.33.163	zigzag.notairequebec.com	Canada	36666	GTCOMMCA	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522206
Start date and time:	2024-09-29 14:35:38 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://zigzag.notairequebec.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@23/25@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://zigzag.notairequebec.com/?MA Browse: https://zigzag.notairequebec.com/cgi-bin/ Browse: https://zigzag.notairequebec.com/?ND Browse: https://zigzag.notairequebec.com/?SA Browse: https://zigzag.notairequebec.com/?MD Browse: https://zigzag.notairequebec.com/?NA Browse: https://zigzag.notairequebec.com/?SD

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.185.174, 142.251.168.84, 34.104.35.123, 4.175.87.197, 199.232.210.172, 192.229.221.95, 52.165.164.15, 40.69.42.241, 142.250.186.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://zigzag.notairequebec.com/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://zigzag.notairequebec.com/cgi-bin/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://zigzag.notairequebec.com/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7706
Entropy (8bit):	4.392532656268659
Encrypted:	false
SSDEEP:	192:ZYm7/XhkJFQYhxzXqCs8PycPCrpjj0vORHjPh4dwy0GpgfdlsgjjO8:MJlX+rpjj0vORHrWdhpgDO8
MD5:	0FA71BF6CB125DDAC365683EA3352CB0
SHA1:	B94EEAC8764B23AB614D148007C360FD2AB46F58
SHA-256:	6A6B3FD328D213B1C6211581FC0DD5B56DD9DB878E4FEE73D33F5DD699ACED3E
SHA-512:	1264A894FD5F92C26087B5B67BCDEA3068E763C2F2E6E0036370355EC75517838D31A85D4CDD9924DEC0382E01C07D4CB3FF054E7C9404DE74DCAB7B8C9A5261
Malicious:	false
Reputation:	low
Preview:	;(function() {. function Tablesort(el, options) {. if (!(this instanceof Tablesort)) return new Tablesort(el, options);.. if (!el \|\| el.tagName !== 'TABLE') {. throw new Error('Element must be a table');. }. this.init(el, options \|\| {});. }.. var sortOptions = [];.. var createEvent = function(name) {. var evt;.. if (!window.CustomEvent \|\| typeof window.CustomEvent !== 'function') {. evt = document.createEvent('CustomEvent');. evt.initCustomEvent(name, false, false, undefined);. } else {. evt = new CustomEvent(name);. }.. return evt;. };.. var getInnerText = function(el) {. return el.getAttribute('data-sort') \|\| el.textContent \|\| el.innerText \|\| '';. };.. // Default sort method if no better sort method is found. var caseInsensitiveSort = function(a, b) {. a = a.trim().toLowerCase();. b = b.trim().toLowerCase();.. if (a === b) return 0;. if (a < b) return 1;.. return -1;. };.. var getCellByKey = function(cells, k

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	1376
Entropy (8bit):	5.065108828085407
Encrypted:	false
SSDEEP:	24:haHkMndLVMAVGMLVjvJRA3ZO+7XyTv8iq3wI3hyMkajSOwwcwWAXHMRRkS:WdHz+7Xyb8iq3wIWMDDR3HMl
MD5:	F20BFC8A1C83B256E540D35053BE27FF
SHA1:	4AC8F153029F8CEEB30EC516E8797B4466FA8D74
SHA-256:	54515E48EC1A5F1598903B278EAB4A5C62EF7AA15F01AA0138218ACB2C523860
SHA-512:	DEF2F87600E2D00E928661E33BFD1C3F7D534BC66D2A6B7DA6937AED4AB008A56AF0CD510ACA5AB73D801D2C4EF2EFFF9516295A7F0D2F29C2AE249C36D784E5
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/
Preview:	<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_autoindex/assets/js/tablesort.js"></script><script src="/_autoindex/assets/js/tablesort.number.js"></script><title>Index of /</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body><div class="content"><h1 style="color: #555;">Index of /</h1>.<div id="table-list"><table id="table-content"><thead class="t-header"><tr><th class="colname" aria-sort="ascending"><a class="name" href="?ND" onclick="return false"">Name</a></th><th class="colname" data-sort-method="number"><a href="?MA" onclick="return false"">Last Modified</a></th><th class="colname" data-sort-method="number"><a href="?SA" onclick="return false"">Size</a></th></tr></thead>.<tr><td data-sort="*cgi-bin"><a href="/cgi-bin/"><i

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	1377
Entropy (8bit):	5.064519391629991
Encrypted:	false
SSDEEP:	24:haHkMndLVMAVGMLVjvJRA3ZO+7X8m8iq3wI3hyMkajSOwwcwWAXHMRRkS:WdHz+7X8m8iq3wIWMDDR3HMl
MD5:	A1DD863E73FB81424CBB18227B722939
SHA1:	277A9CE0170A49EC382A540DBF00E45C6F50B78F
SHA-256:	CAF0B6EC4AE1528F921CC9A09CD46B79B8F9663A86F0599F963FB3662651AC72
SHA-512:	685675C70066FFA37FE181AA59BB23DF54D4C5DBBCE6E5606F644542D8ECB871EF8BB8BED4050E342B5A1829DC6C708325E52DF7A393582BDAB979B7ADD7D963
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/?ND
Preview:	<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_autoindex/assets/js/tablesort.js"></script><script src="/_autoindex/assets/js/tablesort.number.js"></script><title>Index of /</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body><div class="content"><h1 style="color: #555;">Index of /</h1>.<div id="table-list"><table id="table-content"><thead class="t-header"><tr><th class="colname" aria-sort="descending"><a class="name" href="?NA" onclick="return false"">Name</a></th><th class="colname" data-sort-method="number"><a href="?MA" onclick="return false"">Last Modified</a></th><th class="colname" data-sort-method="number"><a href="?SA" onclick="return false"">Size</a></th></tr></thead>.<tr><td data-sort="*cgi-bin"><a href="/cgi-bin/"><

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	1376
Entropy (8bit):	5.065108828085407
Encrypted:	false
SSDEEP:	24:haHkMndLVMAVGMLVjvJRA3ZO+7XyTv8iq3wI3hyMkajSOwwcwWAXHMRRkS:WdHz+7Xyb8iq3wIWMDDR3HMl
MD5:	F20BFC8A1C83B256E540D35053BE27FF
SHA1:	4AC8F153029F8CEEB30EC516E8797B4466FA8D74
SHA-256:	54515E48EC1A5F1598903B278EAB4A5C62EF7AA15F01AA0138218ACB2C523860
SHA-512:	DEF2F87600E2D00E928661E33BFD1C3F7D534BC66D2A6B7DA6937AED4AB008A56AF0CD510ACA5AB73D801D2C4EF2EFFF9516295A7F0D2F29C2AE249C36D784E5
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/?NA
Preview:	<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_autoindex/assets/js/tablesort.js"></script><script src="/_autoindex/assets/js/tablesort.number.js"></script><title>Index of /</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body><div class="content"><h1 style="color: #555;">Index of /</h1>.<div id="table-list"><table id="table-content"><thead class="t-header"><tr><th class="colname" aria-sort="ascending"><a class="name" href="?ND" onclick="return false"">Name</a></th><th class="colname" data-sort-method="number"><a href="?MA" onclick="return false"">Last Modified</a></th><th class="colname" data-sort-method="number"><a href="?SA" onclick="return false"">Size</a></th></tr></thead>.<tr><td data-sort="*cgi-bin"><a href="/cgi-bin/"><i

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	682
Entropy (8bit):	5.148248640408019
Encrypted:	false
SSDEEP:	12:2QHT5y6gYfmEdj9Wpw/CQKfbRj9WCh/Uvjva9Uvj0arfPqCuF6tNKl:2Qz5y6gYfmE3uZAEQiyjbPq0b4
MD5:	377B82A88AEDA884475D40FA1051C70A
SHA1:	E7619035DB4C628248B82237F3A99683E29ED7A4
SHA-256:	5FF78B7EA9124AD40C205B606048C819DBBDC9C708105961D89859F79092CD07
SHA-512:	52E763C2F178F312382198012C5822788264093B797D2B8EDB01777E234CE693B78DC6AAD86CDCAA92B72E1158834C20FA82351C1C738DD63BEE2E20C93B79FC
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/_autoindex/assets/js/tablesort.number.js
Preview:	(function(){. var cleanNumber = function(i) {. return i.replace(/[^\-?0-9.]/g, '');. },.. compareNumber = function(a, b) {. a = parseFloat(a);. b = parseFloat(b);.. a = isNaN(a) ? 0 : a;. b = isNaN(b) ? 0 : b;.. return a - b;. };.. Tablesort.extend('number', function(item) {. return item.match(/^[-+]?[.\x24....]?\d+\s([,\.]\d{0,2})/) \|\| // Prefixed currency. item.match(/^[-+]?\d+\s([,\.]\d{0,2})?[.\x24....]/) \|\| // Suffixed currency. item.match(/^[-+]?(\d)*-?([,\.]){0,1}-?(\d)+([E,e][\-+][\d]+)?%?$/); // Number. }, function(a, b) {. a = cleanNumber(a);. b = cleanNumber(b);.. return compareNumber(b, a);. });.}());.

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	591
Entropy (8bit):	5.443126363785019
Encrypted:	false
SSDEEP:	12:TMHdPpNi/nzVJ/KYf3nCDHuYZuNkb3Ao4:2d7ATLf3CrFT4
MD5:	5D0E817DCA10AAB2CB58087551767A9C
SHA1:	9286A744DE09B180F4D29750E5B16613280A2A09
SHA-256:	E52EA75A526A963A5D7371795D5DACB4CEAABFE6C77BDD9649F0B457B0D6009E
SHA-512:	9358D6857631857030FC8D09F0EC2A4EA9FF3C2BB8EF87B79889043D9D9AFC420A2A444FBA6C12D978B115DDB679124A5B05E59B5076F5C9F63E600A4B41BB7A
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/_autoindex/assets/icons/folder-fill.svg
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 25.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 24 24" style="enable-background:new 0 0 24 24;" xml:space="preserve">.<style type="text/css">...st0{fill:#0047AB;stroke:#0047AB;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;}.</style>.<path class="st0" d="M22,19c0,1.1-0.9,2-2,2H4c-1.1,0-2-0.9-2-2V5c0-1.1,0.9-2,2-2h5l2,3h9c1.1,0,2,0.9,2,2V19z"/>.</svg>.

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	1376
Entropy (8bit):	5.065108828085407
Encrypted:	false
SSDEEP:	24:haHkMndLVMAVGMLVjvJRA3ZO+7XZmXfq3wI3hyMkajSOwwcwWAXHMRRkS:WdHz+7XZmXfq3wIWMDDR3HMl
MD5:	6D8074775D9D38D808D56317863720DA
SHA1:	7CE434B9BB69A2BBD5E267B1DE20465394C5171E
SHA-256:	8408E18BE98CF255C31E7C5EF94AE080F220A1324397D6650BCA3E9C10E99EF2
SHA-512:	FF5369CA2CF8C5429BB8B1DAD7F8E62FD2F599DF173288FED30EF7625AF88176BFDBA0A08F7EBD31F2A6DD239743BF8E8565E3BD96F04AD7072D77DA71954FAE
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/?MA
Preview:	<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_autoindex/assets/js/tablesort.js"></script><script src="/_autoindex/assets/js/tablesort.number.js"></script><title>Index of /</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body><div class="content"><h1 style="color: #555;">Index of /</h1>.<div id="table-list"><table id="table-content"><thead class="t-header"><tr><th class="colname"><a class="name" href="?NA" onclick="return false"">Name</a></th><th class="colname" data-sort-method="number" aria-sort="ascending"><a href="?MD" onclick="return false"">Last Modified</a></th><th class="colname" data-sort-method="number"><a href="?SA" onclick="return false"">Size</a></th></tr></thead>.<tr><td data-sort="*cgi-bin"><a href="/cgi-bin/"><i

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	7706
Entropy (8bit):	4.392532656268659
Encrypted:	false
SSDEEP:	192:ZYm7/XhkJFQYhxzXqCs8PycPCrpjj0vORHjPh4dwy0GpgfdlsgjjO8:MJlX+rpjj0vORHrWdhpgDO8
MD5:	0FA71BF6CB125DDAC365683EA3352CB0
SHA1:	B94EEAC8764B23AB614D148007C360FD2AB46F58
SHA-256:	6A6B3FD328D213B1C6211581FC0DD5B56DD9DB878E4FEE73D33F5DD699ACED3E
SHA-512:	1264A894FD5F92C26087B5B67BCDEA3068E763C2F2E6E0036370355EC75517838D31A85D4CDD9924DEC0382E01C07D4CB3FF054E7C9404DE74DCAB7B8C9A5261
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/_autoindex/assets/js/tablesort.js
Preview:	;(function() {. function Tablesort(el, options) {. if (!(this instanceof Tablesort)) return new Tablesort(el, options);.. if (!el \|\| el.tagName !== 'TABLE') {. throw new Error('Element must be a table');. }. this.init(el, options \|\| {});. }.. var sortOptions = [];.. var createEvent = function(name) {. var evt;.. if (!window.CustomEvent \|\| typeof window.CustomEvent !== 'function') {. evt = document.createEvent('CustomEvent');. evt.initCustomEvent(name, false, false, undefined);. } else {. evt = new CustomEvent(name);. }.. return evt;. };.. var getInnerText = function(el) {. return el.getAttribute('data-sort') \|\| el.textContent \|\| el.innerText \|\| '';. };.. // Default sort method if no better sort method is found. var caseInsensitiveSort = function(a, b) {. a = a.trim().toLowerCase();. b = b.trim().toLowerCase();.. if (a === b) return 0;. if (a < b) return 1;.. return -1;. };.. var getCellByKey = function(cells, k

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	1376
Entropy (8bit):	5.065108828085407
Encrypted:	false
SSDEEP:	24:haHkMndLVMAVGMLVjvJRA3ZO+7XZm8iB1I3hyMkajSOwwcwWAXHMRRkS:WdHz+7XZm8iB1IWMDDR3HMl
MD5:	FA14C621D06BD76129D00444A192B618
SHA1:	C66ADB6181D6BD36232710019BAA9FE4EA6D15EC
SHA-256:	27946E48FB4BA9C3926C60DFFEBBAA4BA24D76F54D79DA496BB8479E96D592AD
SHA-512:	381F7EF3DD77147972278547691CFF2D84A421838C183C2B4914A70855C8C163AD44CC73CF3F52D7EA44A371B683E9EBB4A099E6269CACDE0A6ECEC0EBBD5FBE
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/?SA
Preview:	<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_autoindex/assets/js/tablesort.js"></script><script src="/_autoindex/assets/js/tablesort.number.js"></script><title>Index of /</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body><div class="content"><h1 style="color: #555;">Index of /</h1>.<div id="table-list"><table id="table-content"><thead class="t-header"><tr><th class="colname"><a class="name" href="?NA" onclick="return false"">Name</a></th><th class="colname" data-sort-method="number"><a href="?MA" onclick="return false"">Last Modified</a></th><th class="colname" data-sort-method="number" aria-sort="ascending"><a href="?SD" onclick="return false"">Size</a></th></tr></thead>.<tr><td data-sort="*cgi-bin"><a href="/cgi-bin/"><i

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	591
Entropy (8bit):	5.443126363785019
Encrypted:	false
SSDEEP:	12:TMHdPpNi/nzVJ/KYf3nCDHuYZuNkb3Ao4:2d7ATLf3CrFT4
MD5:	5D0E817DCA10AAB2CB58087551767A9C
SHA1:	9286A744DE09B180F4D29750E5B16613280A2A09
SHA-256:	E52EA75A526A963A5D7371795D5DACB4CEAABFE6C77BDD9649F0B457B0D6009E
SHA-512:	9358D6857631857030FC8D09F0EC2A4EA9FF3C2BB8EF87B79889043D9D9AFC420A2A444FBA6C12D978B115DDB679124A5B05E59B5076F5C9F63E600A4B41BB7A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 25.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 24 24" style="enable-background:new 0 0 24 24;" xml:space="preserve">.<style type="text/css">...st0{fill:#0047AB;stroke:#0047AB;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;}.</style>.<path class="st0" d="M22,19c0,1.1-0.9,2-2,2H4c-1.1,0-2-0.9-2-2V5c0-1.1,0.9-2,2-2h5l2,3h9c1.1,0,2,0.9,2,2V19z"/>.</svg>.

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3562
Entropy (8bit):	5.174152297008417
Encrypted:	false
SSDEEP:	48:QOwwZPyWJb9gj5teeelwIlodDM17/soFsssZUgjyh6yBp/7uFEtoiBopTKOZ3Kzp:J/1u5tebKdI19lzk4ht
MD5:	590DB3A115B1E82A26B09F98964030A5
SHA1:	E792179B620700C09BD763EBF3B5F163FD18F213
SHA-256:	37E1E1CBB4256D8006CCFCC7C7C8E891276191714768291589B40483D3F0FE46
SHA-512:	7D79D3B49A4F691D56A8C27B123EB2B5E70EFF7FC2E370B8D507C07E0BB37881F815F34A3590F6BBEC81DA5994CA163B02CA95D8C42DFE784FDDEBD36C5AFAF6
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/_autoindex/assets/css/autoindex.css
Preview:	html {..background: #edeff0;.}...content {..max-width: 1000px;..margin: 35px auto 35px auto;..font-family: Lato, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji;..padding-left: 1em;..padding-right: 1em;.}..h1 {..margin-bottom: 32px;..word-break: break-all;.}..@media only screen and (max-width: 640px) {..h1 {...font-size: 1.5em;..}.}...name {..padding-left: 1.5em;.}...colname:not(.no-sort) a {..position: relative;..display: inline-block;.}...colname:not(.no-sort) a:after,..colname:not(.no-sort) a:before {..content: "";..float: right;..margin-top: 7px;..border-color: #404040 transparent;..border-style: solid;..border-width: 0 4px 4px;..visibility: visible;..opacity: .4;..-webkit-user-select: none;..-moz-user-select: none;..-ms-user-select: none;..user-select: none;.}...colname:not(.no-sort) a:after {..position: relative;..margin-top: 11px;..right: -8px;..transform: rota

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	682
Entropy (8bit):	5.148248640408019
Encrypted:	false
SSDEEP:	12:2QHT5y6gYfmEdj9Wpw/CQKfbRj9WCh/Uvjva9Uvj0arfPqCuF6tNKl:2Qz5y6gYfmE3uZAEQiyjbPq0b4
MD5:	377B82A88AEDA884475D40FA1051C70A
SHA1:	E7619035DB4C628248B82237F3A99683E29ED7A4
SHA-256:	5FF78B7EA9124AD40C205B606048C819DBBDC9C708105961D89859F79092CD07
SHA-512:	52E763C2F178F312382198012C5822788264093B797D2B8EDB01777E234CE693B78DC6AAD86CDCAA92B72E1158834C20FA82351C1C738DD63BEE2E20C93B79FC
Malicious:	false
Reputation:	low
Preview:	(function(){. var cleanNumber = function(i) {. return i.replace(/[^\-?0-9.]/g, '');. },.. compareNumber = function(a, b) {. a = parseFloat(a);. b = parseFloat(b);.. a = isNaN(a) ? 0 : a;. b = isNaN(b) ? 0 : b;.. return a - b;. };.. Tablesort.extend('number', function(item) {. return item.match(/^[-+]?[.\x24....]?\d+\s([,\.]\d{0,2})/) \|\| // Prefixed currency. item.match(/^[-+]?\d+\s([,\.]\d{0,2})?[.\x24....]/) \|\| // Suffixed currency. item.match(/^[-+]?(\d)*-?([,\.]){0,1}-?(\d)+([E,e][\-+][\d]+)?%?$/); // Number. }, function(a, b) {. a = cleanNumber(a);. b = cleanNumber(b);.. return compareNumber(b, a);. });.}());.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	1377
Entropy (8bit):	5.064519391629991
Encrypted:	false
SSDEEP:	24:haHkMndLVMAVGMLVjvJRA3ZO+7XZm8ib3wI3hyMkajSOwwcwWAXHMRRkS:WdHz+7XZm8ib3wIWMDDR3HMl
MD5:	7A029023E5B1E9CA43C87F31C81107C2
SHA1:	F06501070798551670F856DB495ED2DB196D19ED
SHA-256:	DC11EED62189D004A67C22B83EA30933DE9427D9D448C642C3B73B6DFDE24704
SHA-512:	B99171EB0788175A6134F9A169E9FCB3386D56D8FFAE0C11B4F8AB7FA6E4AD88C0FA2B5FF1E0C6EFC65BB4037F11B2AC397274A52DE19ADFEE8DF78B205D257E
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/?SD
Preview:	<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_autoindex/assets/js/tablesort.js"></script><script src="/_autoindex/assets/js/tablesort.number.js"></script><title>Index of /</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body><div class="content"><h1 style="color: #555;">Index of /</h1>.<div id="table-list"><table id="table-content"><thead class="t-header"><tr><th class="colname"><a class="name" href="?NA" onclick="return false"">Name</a></th><th class="colname" data-sort-method="number"><a href="?MA" onclick="return false"">Last Modified</a></th><th class="colname" data-sort-method="number" aria-sort="descending"><a href="?SA" onclick="return false"">Size</a></th></tr></thead>.<tr><td data-sort="*cgi-bin"><a href="/cgi-bin/"><

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (547)
Category:	downloaded
Size (bytes):	1377
Entropy (8bit):	5.064519391629991
Encrypted:	false
SSDEEP:	24:haHkMndLVMAVGMLVjvJRA3ZO+7XZmNiq3wI3hyMkajSOwwcwWAXHMRRkS:WdHz+7XZmNiq3wIWMDDR3HMl
MD5:	CA3CB34D2C678384E276E283CF55B893
SHA1:	219F4185AEBC51FBA74741BED8F015020C1C1618
SHA-256:	B529605F09C437C36CF1478929CBF1172AFB5B199E22609D5B4907D243912BD1
SHA-512:	1E508A542D269E2BABBB7EE21E247F523883EAFC4C1F201ED9D46CE3CF716B882DED9A0EEB3B03DC0702F0106C94F0BA04354FFCB8DF57AAF518B24485034195
Malicious:	false
Reputation:	low
URL:	https://zigzag.notairequebec.com/?MD
Preview:	<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_autoindex/assets/js/tablesort.js"></script><script src="/_autoindex/assets/js/tablesort.number.js"></script><title>Index of /</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body><div class="content"><h1 style="color: #555;">Index of /</h1>.<div id="table-list"><table id="table-content"><thead class="t-header"><tr><th class="colname"><a class="name" href="?NA" onclick="return false"">Name</a></th><th class="colname" data-sort-method="number" aria-sort="descending"><a href="?MA" onclick="return false"">Last Modified</a></th><th class="colname" data-sort-method="number"><a href="?SA" onclick="return false"">Size</a></th></tr></thead>.<tr><td data-sort="*cgi-bin"><a href="/cgi-bin/"><

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 14:36:34.736399889 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:34.736458063 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:34.736526012 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:34.736732006 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:34.736745119 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:35.388890028 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:35.428740978 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:35.428767920 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:35.429876089 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:35.430042982 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:35.434660912 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:35.434732914 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:35.488797903 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:35.488815069 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:35.531802893 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:35.716027021 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:35.716065884 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:35.716150045 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:35.716391087 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:35.716398001 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:35.716453075 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:35.716598988 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:35.716608047 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:35.716809988 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:35.716818094 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.188851118 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.193670034 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.193698883 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.194788933 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.194864988 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.194873095 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.194916964 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.196619987 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.196696997 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.196820974 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.196827888 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.223728895 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.223978043 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.223987103 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.224875927 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.224958897 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.224963903 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.225009918 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.225409031 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.225460052 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.241262913 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.273418903 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.273443937 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.321182966 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.375363111 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.375557899 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.375638962 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.381525993 CEST	49737	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.381582022 CEST	443	49737	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.473439932 CEST	49740	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.473490000 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.473581076 CEST	49740	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.474473000 CEST	49741	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.474509001 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.474582911 CEST	49741	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.475282907 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.475290060 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.475344896 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.475550890 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.484087944 CEST	49740	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.484102964 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.485117912 CEST	49741	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.485130072 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.486093998 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.486104012 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.523396015 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.583900928 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.583990097 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.584037066 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.584038019 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.584074974 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.590729952 CEST	49738	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.590744972 CEST	443	49738	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.966156960 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.967183113 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.967269897 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.968368053 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.968430996 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.968452930 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.968502998 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.969501019 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.969589949 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.970192909 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.970210075 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.970248938 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.970707893 CEST	49741	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.970741987 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.971108913 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.971782923 CEST	49741	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.971860886 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.972122908 CEST	49741	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.984042883 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.984668970 CEST	49740	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.984688044 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.985044956 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.986542940 CEST	49740	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:36.986613035 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:36.987042904 CEST	49740	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.010835886 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.015396118 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.031402111 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.122504950 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.122821093 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.122842073 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.122879028 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.122905970 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.122917891 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.123024940 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.123071909 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.136218071 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.136301041 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.136358023 CEST	49741	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.146101952 CEST	49742	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.146136999 CEST	443	49742	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.151758909 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.151803970 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.151854992 CEST	49740	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.162323952 CEST	49741	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.162354946 CEST	443	49741	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:37.240303040 CEST	49740	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:37.240328074 CEST	443	49740	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.121551991 CEST	49743	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.121598959 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.121766090 CEST	49743	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.123145103 CEST	49743	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.123157024 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.471576929 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:38.471621990 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:38.471695900 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:38.474992037 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:38.475002050 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:38.569628954 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.569684982 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.569750071 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.569938898 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.569986105 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.570034981 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.570250988 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.570321083 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.570388079 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.571063995 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.571098089 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.571417093 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.571438074 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.571609020 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.571624041 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.601342916 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.613449097 CEST	49743	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.613471031 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.613890886 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.615812063 CEST	49743	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.615881920 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.615969896 CEST	49743	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.659400940 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.763818979 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.764014006 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:38.764050961 CEST	49743	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.815336943 CEST	49743	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:38.815366983 CEST	443	49743	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.107254028 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.107748985 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.107814074 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.108985901 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.109059095 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.109080076 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.109126091 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.109709024 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.109982967 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.110043049 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.110409021 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.110435009 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.110594988 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.110599995 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.110883951 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.111093044 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.111114979 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.111412048 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.111479044 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.111489058 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.111531019 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.111943007 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.111995935 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.112211943 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.112216949 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.112217903 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.112271070 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.112279892 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.112317085 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.112566948 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.112629890 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.112766027 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.112776041 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.132635117 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.132704973 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.136307001 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.136317015 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.136523008 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.164279938 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.164290905 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.164370060 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.179902077 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.187681913 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.235411882 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.261029959 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.261288881 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.261296988 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.261322975 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.261471033 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.261471033 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.261538982 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.261611938 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.261657953 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.268409014 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.268568039 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.268671036 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.273119926 CEST	49747	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.273140907 CEST	443	49747	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.273874998 CEST	49748	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.273941040 CEST	443	49748	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.285331964 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.285409927 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.285466909 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.286130905 CEST	49746	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:39.286175966 CEST	443	49746	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:39.408337116 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.408400059 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.408451080 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.408586979 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.408608913 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.408644915 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.408651114 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.450805902 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.450925112 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:39.451009989 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.451307058 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:39.451339006 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:40.106832027 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:40.106955051 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:41.067682028 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:41.067723989 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:41.068130970 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:41.071208000 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:41.115417957 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:41.258193016 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:41.258291960 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:41.258457899 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:41.261476040 CEST	49749	443	192.168.2.4	184.28.90.27
Sep 29, 2024 14:36:41.261524916 CEST	443	49749	184.28.90.27	192.168.2.4
Sep 29, 2024 14:36:45.288120031 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:45.288196087 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:45.288244963 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:45.613147974 CEST	49735	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:36:45.613177061 CEST	443	49735	142.250.184.196	192.168.2.4
Sep 29, 2024 14:36:47.678493977 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:47.678546906 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:47.678714991 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:47.679342031 CEST	49754	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:47.679356098 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:47.679460049 CEST	49754	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:47.695588112 CEST	49754	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:47.695616007 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:47.696271896 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:47.696289062 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.176332951 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.176851034 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.178689957 CEST	49754	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:48.178715944 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.178896904 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:48.178905010 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.179061890 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.179287910 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.180727959 CEST	49754	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:48.180797100 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.186184883 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:48.186275005 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.186691999 CEST	49754	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:48.227408886 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.229401112 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:48.343292952 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.343449116 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:48.343497992 CEST	49754	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:48.429465055 CEST	49754	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:48.429485083 CEST	443	49754	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:50.355859041 CEST	49723	80	192.168.2.4	2.16.100.168
Sep 29, 2024 14:36:50.360897064 CEST	80	49723	2.16.100.168	192.168.2.4
Sep 29, 2024 14:36:50.361011028 CEST	49723	80	192.168.2.4	2.16.100.168
Sep 29, 2024 14:36:51.685319901 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:51.685368061 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:51.685448885 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:51.687803984 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:51.687818050 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:51.767867088 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:51.815406084 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:51.873039961 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:51.873214006 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:51.873265028 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:51.920903921 CEST	49753	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:51.920926094 CEST	443	49753	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:52.161609888 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:52.170780897 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:52.170794964 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:52.171200037 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:52.172054052 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:52.172115088 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:52.215270042 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:53.847620010 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:53.847686052 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:53.847804070 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:53.851457119 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:53.851483107 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:53.854146957 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:53.895406008 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:53.967461109 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:53.967658997 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:53.967737913 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:53.968312979 CEST	49758	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:53.968332052 CEST	443	49758	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:54.374295950 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:54.374581099 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:54.374651909 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:54.375063896 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:54.375488043 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:54.375565052 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:54.430048943 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:55.625900984 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:55.625965118 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:55.626082897 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:55.626384020 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:55.626400948 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:55.635124922 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:55.679399967 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:55.740881920 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:55.741065979 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:55.741116047 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:55.741756916 CEST	49759	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:55.741780043 CEST	443	49759	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:56.115607023 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:56.157290936 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:56.181746006 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:56.181761026 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:56.182121038 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:56.184895992 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:36:56.184945107 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:36:56.235485077 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:05.636997938 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:05.637036085 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:05.637160063 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:05.637675047 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:05.637687922 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:05.638540983 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:05.679404974 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:05.761439085 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:05.761622906 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:05.761696100 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:05.762777090 CEST	49760	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:05.762799025 CEST	443	49760	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:06.126765966 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:06.127631903 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:06.127646923 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:06.128866911 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:06.131372929 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:06.131448030 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:06.195364952 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:07.907906055 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:07.907953024 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:07.908025980 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:07.926227093 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:07.926249027 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:07.955271006 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:07.999408960 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:08.066801071 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:08.067050934 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:08.067110062 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:08.067861080 CEST	49761	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:08.067879915 CEST	443	49761	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:08.429553032 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:08.429853916 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:08.429868937 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:08.430207968 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:08.430665016 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:08.430743933 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:08.470618963 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:17.716741085 CEST	49763	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:17.716792107 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:17.716856003 CEST	49763	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:17.751105070 CEST	49763	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:17.751138926 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:17.752157927 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:17.799402952 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:17.867561102 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:17.867752075 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:17.868089914 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:17.870784044 CEST	49762	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:17.870804071 CEST	443	49762	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:18.230205059 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:18.230771065 CEST	49763	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:18.230798960 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:18.231158972 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:18.232378006 CEST	49763	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:18.232439041 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:18.274651051 CEST	49763	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:29.151158094 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:29.151259899 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:29.151298046 CEST	49763	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:29.608917952 CEST	49763	443	192.168.2.4	173.209.33.163
Sep 29, 2024 14:37:29.608966112 CEST	443	49763	173.209.33.163	192.168.2.4
Sep 29, 2024 14:37:34.791619062 CEST	49766	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:37:34.791671991 CEST	443	49766	142.250.184.196	192.168.2.4
Sep 29, 2024 14:37:34.791763067 CEST	49766	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:37:34.792212963 CEST	49766	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:37:34.792228937 CEST	443	49766	142.250.184.196	192.168.2.4
Sep 29, 2024 14:37:35.438961983 CEST	443	49766	142.250.184.196	192.168.2.4
Sep 29, 2024 14:37:35.439721107 CEST	49766	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:37:35.439738989 CEST	443	49766	142.250.184.196	192.168.2.4
Sep 29, 2024 14:37:35.440028906 CEST	443	49766	142.250.184.196	192.168.2.4
Sep 29, 2024 14:37:35.440489054 CEST	49766	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:37:35.440548897 CEST	443	49766	142.250.184.196	192.168.2.4
Sep 29, 2024 14:37:35.493486881 CEST	49766	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:37:39.493633032 CEST	49724	80	192.168.2.4	199.232.214.172
Sep 29, 2024 14:37:39.499656916 CEST	80	49724	199.232.214.172	192.168.2.4
Sep 29, 2024 14:37:39.499706984 CEST	49724	80	192.168.2.4	199.232.214.172
Sep 29, 2024 14:37:45.371740103 CEST	443	49766	142.250.184.196	192.168.2.4
Sep 29, 2024 14:37:45.371803999 CEST	443	49766	142.250.184.196	192.168.2.4
Sep 29, 2024 14:37:45.371896029 CEST	49766	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:37:45.610996008 CEST	49766	443	192.168.2.4	142.250.184.196
Sep 29, 2024 14:37:45.611031055 CEST	443	49766	142.250.184.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 14:36:33.374037027 CEST	53	58942	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:33.426268101 CEST	53	50674	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:34.403491974 CEST	53	57883	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:34.728483915 CEST	55808	53	192.168.2.4	1.1.1.1
Sep 29, 2024 14:36:34.728617907 CEST	55747	53	192.168.2.4	1.1.1.1
Sep 29, 2024 14:36:34.735143900 CEST	53	55808	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:34.735584974 CEST	53	55747	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:35.516954899 CEST	52214	53	192.168.2.4	1.1.1.1
Sep 29, 2024 14:36:35.517093897 CEST	52486	53	192.168.2.4	1.1.1.1
Sep 29, 2024 14:36:35.715224981 CEST	53	52214	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:35.715485096 CEST	53	52486	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:38.467104912 CEST	58111	53	192.168.2.4	1.1.1.1
Sep 29, 2024 14:36:38.467627048 CEST	54000	53	192.168.2.4	1.1.1.1
Sep 29, 2024 14:36:38.564560890 CEST	53	54000	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:38.565936089 CEST	53	58111	1.1.1.1	192.168.2.4
Sep 29, 2024 14:36:51.062185049 CEST	138	138	192.168.2.4	192.168.2.255
Sep 29, 2024 14:36:51.610555887 CEST	53	52455	1.1.1.1	192.168.2.4
Sep 29, 2024 14:37:10.754884005 CEST	53	55483	1.1.1.1	192.168.2.4
Sep 29, 2024 14:37:33.019531965 CEST	53	53319	1.1.1.1	192.168.2.4
Sep 29, 2024 14:37:33.563807011 CEST	53	62562	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 14:36:34.728483915 CEST	192.168.2.4	1.1.1.1	0xaaf2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:34.728617907 CEST	192.168.2.4	1.1.1.1	0xfe85	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 14:36:35.516954899 CEST	192.168.2.4	1.1.1.1	0xb075	Standard query (0)	zigzag.notairequebec.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:35.517093897 CEST	192.168.2.4	1.1.1.1	0xe288	Standard query (0)	zigzag.notairequebec.com	65	IN (0x0001)	false
Sep 29, 2024 14:36:38.467104912 CEST	192.168.2.4	1.1.1.1	0x1715	Standard query (0)	zigzag.notairequebec.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:38.467627048 CEST	192.168.2.4	1.1.1.1	0x90ca	Standard query (0)	zigzag.notairequebec.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 14:36:34.735143900 CEST	1.1.1.1	192.168.2.4	0xaaf2	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:34.735584974 CEST	1.1.1.1	192.168.2.4	0xfe85	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 14:36:35.715224981 CEST	1.1.1.1	192.168.2.4	0xb075	No error (0)	zigzag.notairequebec.com		173.209.33.163	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:38.565936089 CEST	1.1.1.1	192.168.2.4	0x1715	No error (0)	zigzag.notairequebec.com		173.209.33.163	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:46.954938889 CEST	1.1.1.1	192.168.2.4	0x6ff0	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:46.954938889 CEST	1.1.1.1	192.168.2.4	0x6ff0	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:36:48.641693115 CEST	1.1.1.1	192.168.2.4	0xc00d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:36:48.641693115 CEST	1.1.1.1	192.168.2.4	0xc00d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:37:01.688138962 CEST	1.1.1.1	192.168.2.4	0xff6f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:37:01.688138962 CEST	1.1.1.1	192.168.2.4	0xff6f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:37:25.846982956 CEST	1.1.1.1	192.168.2.4	0xa8bd	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:37:25.846982956 CEST	1.1.1.1	192.168.2.4	0xa8bd	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 14:37:46.097157955 CEST	1.1.1.1	192.168.2.4	0x22a9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 14:37:46.097157955 CEST	1.1.1.1	192.168.2.4	0x22a9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

zigzag.notairequebec.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:36 UTC	667	OUT	GET / HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:36 UTC	334	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 1376 date: Sun, 29 Sep 2024 12:36:36 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:36 UTC	1034	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 5f 61 75 74 6f 69 6e 64 65 78 2f 61 73 73 65 74 73 2f 63 73 73 2f 61 75 74 6f 69 6e 64 65 78 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 61 75 74 Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_aut
2024-09-29 12:36:36 UTC	342	IN	Data Raw: 73 73 65 74 73 2f 69 63 6f 6e 73 2f 66 6f 6c 64 65 72 2d 66 69 6c 6c 2e 73 76 67 22 20 61 6c 74 3d 22 44 69 72 65 63 74 6f 72 79 22 3e 63 67 69 2d 62 69 6e 3c 2f 61 3e 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 31 35 30 34 38 34 30 32 32 22 3e 32 30 32 34 2d 30 39 2d 32 35 20 31 37 3a 30 37 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 2d 31 22 3e 2d 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 3c 2f 64 69 76 3e 0a 3c 61 64 64 72 65 73 73 3e 50 72 6f 75 64 6c 79 20 53 65 72 76 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 20 61 74 20 7a 69 67 7a 61 67 2e 6e 6f 74 61 69 72 65 71 75 65 62 65 63 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 64 69 76 3e 3c Data Ascii: ssets/icons/folder-fill.svg" alt="Directory">cgi-bin</a></td><td data-sort="150484022">2024-09-25 17:07</td><td data-sort="-1">-</td></tr></table></div><address>Proudly Served by LiteSpeed Web Server at zigzag.notairequebec.com Port 443</address></div><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:36 UTC	582	OUT	GET /_autoindex/assets/css/autoindex.css HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://zigzag.notairequebec.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:36 UTC	465	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Sun, 06 Oct 2024 12:36:36 GMT content-type: text/css last-modified: Wed, 31 Jul 2024 17:11:12 GMT accept-ranges: bytes content-length: 3562 date: Sun, 29 Sep 2024 12:36:36 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:36 UTC	903	IN	Data Raw: 68 74 6d 6c 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 64 65 66 66 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 65 6e 74 20 7b 0a 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 30 30 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 20 33 35 70 78 20 61 75 74 6f 20 33 35 70 78 20 61 75 74 6f 3b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4c 61 74 6f 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 53 65 67 6f 65 20 55 49 2c 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 20 41 72 69 61 6c 2c 20 4e 6f 74 6f 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 20 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 20 53 65 67 6f 65 20 55 49 Data Ascii: html {background: #edeff0;}.content {max-width: 1000px;margin: 35px auto 35px auto;font-family: Lato, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI
2024-09-29 12:36:36 UTC	2659	IN	Data Raw: 6d 65 3a 6e 6f 74 28 2e 6e 6f 2d 73 6f 72 74 29 20 61 3a 61 66 74 65 72 20 7b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 31 70 78 3b 0a 09 72 69 67 68 74 3a 20 2d 38 70 78 3b 0a 09 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 2d 31 38 30 64 65 67 29 3b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 35 70 78 3b 0a 7d 0a 0a 2e 63 6f 6c 6e 61 6d 65 3a 6e 6f 74 28 2e 6e 6f 2d 73 6f 72 74 29 20 61 3a 62 65 66 6f 72 65 20 7b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 70 78 3b 0a 7d 0a 0a 2e 63 6f 6c 6e 61 6d 65 5b 61 72 69 61 2d 73 6f 72 74 3d 61 73 63 65 6e 64 69 6e 67 5d 3a 6e 6f 74 28 2e 6e 6f 2d 73 6f 72 74 29 20 61 3a 62 65 66 6f 72 65 2c 0a 2e 63 6f 6c 6e 61 6d 65 5b 61 72 69 61 2d Data Ascii: me:not(.no-sort) a:after {position: relative;margin-top: 11px;right: -8px;transform: rotate(-180deg);margin-left: 5px;}.colname:not(.no-sort) a:before {margin-top: 5px;}.colname[aria-sort=ascending]:not(.no-sort) a:before,.colname[aria-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:36 UTC	566	OUT	GET /_autoindex/assets/js/tablesort.js HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://zigzag.notairequebec.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:37 UTC	393	IN	HTTP/1.1 200 OK Connection: close content-type: text/javascript last-modified: Wed, 31 Jul 2024 17:11:12 GMT accept-ranges: bytes content-length: 7706 date: Sun, 29 Sep 2024 12:36:37 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:37 UTC	975	IN	Data Raw: 3b 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 54 61 62 6c 65 73 6f 72 74 28 65 6c 2c 20 6f 70 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 69 66 20 28 21 28 74 68 69 73 20 69 6e 73 74 61 6e 63 65 6f 66 20 54 61 62 6c 65 73 6f 72 74 29 29 20 72 65 74 75 72 6e 20 6e 65 77 20 54 61 62 6c 65 73 6f 72 74 28 65 6c 2c 20 6f 70 74 69 6f 6e 73 29 3b 0a 0a 20 20 20 20 69 66 20 28 21 65 6c 20 7c 7c 20 65 6c 2e 74 61 67 4e 61 6d 65 20 21 3d 3d 20 27 54 41 42 4c 45 27 29 20 7b 0a 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 27 45 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 61 20 74 61 62 6c 65 27 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 74 68 69 73 2e 69 6e 69 74 28 65 6c 2c 20 6f 70 74 69 6f 6e 73 20 7c 7c 20 7b 7d 29 3b Data Ascii: ;(function() { function Tablesort(el, options) { if (!(this instanceof Tablesort)) return new Tablesort(el, options); if (!el \|\| el.tagName !== 'TABLE') { throw new Error('Element must be a table'); } this.init(el, options \|\| {});
2024-09-29 12:36:37 UTC	6731	IN	Data Raw: 42 79 4b 65 79 20 3d 20 66 75 6e 63 74 69 6f 6e 28 63 65 6c 6c 73 2c 20 6b 65 79 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 63 65 6c 6c 73 29 2e 66 69 6e 64 28 66 75 6e 63 74 69 6f 6e 28 63 65 6c 6c 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 63 65 6c 6c 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 73 6f 72 74 2d 63 6f 6c 75 6d 6e 2d 6b 65 79 27 29 20 3d 3d 3d 20 6b 65 79 3b 0a 20 20 20 20 7d 29 3b 0a 20 20 7d 3b 0a 0a 20 20 2f 2f 20 53 74 61 62 6c 65 20 73 6f 72 74 20 66 75 6e 63 74 69 6f 6e 0a 20 20 2f 2f 20 49 66 20 74 77 6f 20 65 6c 65 6d 65 6e 74 73 20 61 72 65 20 65 71 75 61 6c 20 75 6e 64 65 72 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 73 6f 72 74 20 66 75 6e 63 74 69 6f 6e 2c 0a 20 Data Ascii: ByKey = function(cells, key) { return [].slice.call(cells).find(function(cell) { return cell.getAttribute('data-sort-column-key') === key; }); }; // Stable sort function // If two elements are equal under the original sort function,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:36 UTC	573	OUT	GET /_autoindex/assets/js/tablesort.number.js HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://zigzag.notairequebec.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:37 UTC	392	IN	HTTP/1.1 200 OK Connection: close content-type: text/javascript last-modified: Wed, 31 Jul 2024 17:11:12 GMT accept-ranges: bytes content-length: 682 date: Sun, 29 Sep 2024 12:36:37 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:37 UTC	682	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 76 61 72 20 63 6c 65 61 6e 4e 75 6d 62 65 72 20 3d 20 66 75 6e 63 74 69 6f 6e 28 69 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 69 2e 72 65 70 6c 61 63 65 28 2f 5b 5e 5c 2d 3f 30 2d 39 2e 5d 2f 67 2c 20 27 27 29 3b 0a 20 20 7d 2c 0a 0a 20 20 63 6f 6d 70 61 72 65 4e 75 6d 62 65 72 20 3d 20 66 75 6e 63 74 69 6f 6e 28 61 2c 20 62 29 20 7b 0a 20 20 20 20 61 20 3d 20 70 61 72 73 65 46 6c 6f 61 74 28 61 29 3b 0a 20 20 20 20 62 20 3d 20 70 61 72 73 65 46 6c 6f 61 74 28 62 29 3b 0a 0a 20 20 20 20 61 20 3d 20 69 73 4e 61 4e 28 61 29 20 3f 20 30 20 3a 20 61 3b 0a 20 20 20 20 62 20 3d 20 69 73 4e 61 4e 28 62 29 20 3f 20 30 20 3a 20 62 3b 0a 0a 20 20 20 20 72 65 74 75 72 6e 20 61 20 2d 20 62 3b 0a 20 20 7d 3b 0a 0a 20 20 Data Ascii: (function(){ var cleanNumber = function(i) { return i.replace(/[^\-?0-9.]/g, ''); }, compareNumber = function(a, b) { a = parseFloat(a); b = parseFloat(b); a = isNaN(a) ? 0 : a; b = isNaN(b) ? 0 : b; return a - b; };

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:36 UTC	632	OUT	GET /_autoindex/assets/icons/folder-fill.svg HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://zigzag.notairequebec.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:37 UTC	469	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Sun, 06 Oct 2024 12:36:37 GMT content-type: image/svg+xml last-modified: Wed, 31 Jul 2024 17:11:12 GMT accept-ranges: bytes content-length: 591 date: Sun, 29 Sep 2024 12:36:37 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:37 UTC	591	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 35 2e 33 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 3d 22 30 70 78 22 20 79 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 25.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:38 UTC	604	OUT	GET /favicon.ico HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://zigzag.notairequebec.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:38 UTC	435	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Sun, 29 Sep 2024 12:36:38 GMT server: LiteSpeed referrer-policy: alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:38 UTC	933	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
2024-09-29 12:36:38 UTC	318	IN	Data Raw: 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f Data Ascii: olor:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no co

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:39 UTC	381	OUT	GET /_autoindex/assets/js/tablesort.js HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:39 UTC	393	IN	HTTP/1.1 200 OK Connection: close content-type: text/javascript last-modified: Wed, 31 Jul 2024 17:11:12 GMT accept-ranges: bytes content-length: 7706 date: Sun, 29 Sep 2024 12:36:39 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:39 UTC	975	IN	Data Raw: 3b 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 54 61 62 6c 65 73 6f 72 74 28 65 6c 2c 20 6f 70 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 69 66 20 28 21 28 74 68 69 73 20 69 6e 73 74 61 6e 63 65 6f 66 20 54 61 62 6c 65 73 6f 72 74 29 29 20 72 65 74 75 72 6e 20 6e 65 77 20 54 61 62 6c 65 73 6f 72 74 28 65 6c 2c 20 6f 70 74 69 6f 6e 73 29 3b 0a 0a 20 20 20 20 69 66 20 28 21 65 6c 20 7c 7c 20 65 6c 2e 74 61 67 4e 61 6d 65 20 21 3d 3d 20 27 54 41 42 4c 45 27 29 20 7b 0a 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 27 45 6c 65 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 61 20 74 61 62 6c 65 27 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 74 68 69 73 2e 69 6e 69 74 28 65 6c 2c 20 6f 70 74 69 6f 6e 73 20 7c 7c 20 7b 7d 29 3b Data Ascii: ;(function() { function Tablesort(el, options) { if (!(this instanceof Tablesort)) return new Tablesort(el, options); if (!el \|\| el.tagName !== 'TABLE') { throw new Error('Element must be a table'); } this.init(el, options \|\| {});
2024-09-29 12:36:39 UTC	6731	IN	Data Raw: 42 79 4b 65 79 20 3d 20 66 75 6e 63 74 69 6f 6e 28 63 65 6c 6c 73 2c 20 6b 65 79 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 63 65 6c 6c 73 29 2e 66 69 6e 64 28 66 75 6e 63 74 69 6f 6e 28 63 65 6c 6c 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 63 65 6c 6c 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 73 6f 72 74 2d 63 6f 6c 75 6d 6e 2d 6b 65 79 27 29 20 3d 3d 3d 20 6b 65 79 3b 0a 20 20 20 20 7d 29 3b 0a 20 20 7d 3b 0a 0a 20 20 2f 2f 20 53 74 61 62 6c 65 20 73 6f 72 74 20 66 75 6e 63 74 69 6f 6e 0a 20 20 2f 2f 20 49 66 20 74 77 6f 20 65 6c 65 6d 65 6e 74 73 20 61 72 65 20 65 71 75 61 6c 20 75 6e 64 65 72 20 74 68 65 20 6f 72 69 67 69 6e 61 6c 20 73 6f 72 74 20 66 75 6e 63 74 69 6f 6e 2c 0a 20 Data Ascii: ByKey = function(cells, key) { return [].slice.call(cells).find(function(cell) { return cell.getAttribute('data-sort-column-key') === key; }); }; // Stable sort function // If two elements are equal under the original sort function,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:39 UTC	388	OUT	GET /_autoindex/assets/js/tablesort.number.js HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:39 UTC	392	IN	HTTP/1.1 200 OK Connection: close content-type: text/javascript last-modified: Wed, 31 Jul 2024 17:11:12 GMT accept-ranges: bytes content-length: 682 date: Sun, 29 Sep 2024 12:36:39 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:39 UTC	682	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 76 61 72 20 63 6c 65 61 6e 4e 75 6d 62 65 72 20 3d 20 66 75 6e 63 74 69 6f 6e 28 69 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 69 2e 72 65 70 6c 61 63 65 28 2f 5b 5e 5c 2d 3f 30 2d 39 2e 5d 2f 67 2c 20 27 27 29 3b 0a 20 20 7d 2c 0a 0a 20 20 63 6f 6d 70 61 72 65 4e 75 6d 62 65 72 20 3d 20 66 75 6e 63 74 69 6f 6e 28 61 2c 20 62 29 20 7b 0a 20 20 20 20 61 20 3d 20 70 61 72 73 65 46 6c 6f 61 74 28 61 29 3b 0a 20 20 20 20 62 20 3d 20 70 61 72 73 65 46 6c 6f 61 74 28 62 29 3b 0a 0a 20 20 20 20 61 20 3d 20 69 73 4e 61 4e 28 61 29 20 3f 20 30 20 3a 20 61 3b 0a 20 20 20 20 62 20 3d 20 69 73 4e 61 4e 28 62 29 20 3f 20 30 20 3a 20 62 3b 0a 0a 20 20 20 20 72 65 74 75 72 6e 20 61 20 2d 20 62 3b 0a 20 20 7d 3b 0a 0a 20 20 Data Ascii: (function(){ var cleanNumber = function(i) { return i.replace(/[^\-?0-9.]/g, ''); }, compareNumber = function(a, b) { a = parseFloat(a); b = parseFloat(b); a = isNaN(a) ? 0 : a; b = isNaN(b) ? 0 : b; return a - b; };

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49746	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:39 UTC	387	OUT	GET /_autoindex/assets/icons/folder-fill.svg HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:39 UTC	469	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Sun, 06 Oct 2024 12:36:39 GMT content-type: image/svg+xml last-modified: Wed, 31 Jul 2024 17:11:12 GMT accept-ranges: bytes content-length: 591 date: Sun, 29 Sep 2024 12:36:39 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:39 UTC	591	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 35 2e 33 2e 31 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 3d 22 30 70 78 22 20 79 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 25.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:39 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 12:36:39 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=101303 Date: Sun, 29 Sep 2024 12:36:39 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49749	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:41 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 12:36:41 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=101331 Date: Sun, 29 Sep 2024 12:36:41 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 12:36:41 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49754	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:48 UTC	650	OUT	GET /?MA HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:48 UTC	334	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 1376 date: Sun, 29 Sep 2024 12:36:48 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:48 UTC	1034	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 5f 61 75 74 6f 69 6e 64 65 78 2f 61 73 73 65 74 73 2f 63 73 73 2f 61 75 74 6f 69 6e 64 65 78 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 61 75 74 Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_aut
2024-09-29 12:36:48 UTC	342	IN	Data Raw: 73 73 65 74 73 2f 69 63 6f 6e 73 2f 66 6f 6c 64 65 72 2d 66 69 6c 6c 2e 73 76 67 22 20 61 6c 74 3d 22 44 69 72 65 63 74 6f 72 79 22 3e 63 67 69 2d 62 69 6e 3c 2f 61 3e 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 31 35 30 34 38 34 30 32 32 22 3e 32 30 32 34 2d 30 39 2d 32 35 20 31 37 3a 30 37 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 2d 31 22 3e 2d 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 3c 2f 64 69 76 3e 0a 3c 61 64 64 72 65 73 73 3e 50 72 6f 75 64 6c 79 20 53 65 72 76 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 20 61 74 20 7a 69 67 7a 61 67 2e 6e 6f 74 61 69 72 65 71 75 65 62 65 63 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 64 69 76 3e 3c Data Ascii: ssets/icons/folder-fill.svg" alt="Directory">cgi-bin</a></td><td data-sort="150484022">2024-09-25 17:07</td><td data-sort="-1">-</td></tr></table></div><address>Proudly Served by LiteSpeed Web Server at zigzag.notairequebec.com Port 443</address></div><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49753	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:51 UTC	655	OUT	GET /cgi-bin/ HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:51 UTC	435	IN	HTTP/1.1 403 Forbidden Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1242 date: Sun, 29 Sep 2024 12:36:51 GMT server: LiteSpeed referrer-policy: alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:51 UTC	933	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 403 Forbidden</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
2024-09-29 12:36:51 UTC	309	IN	Data Raw: 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 Data Ascii: 747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control ove

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49758	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:53 UTC	650	OUT	GET /?ND HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:53 UTC	334	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 1377 date: Sun, 29 Sep 2024 12:36:54 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:53 UTC	1034	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 5f 61 75 74 6f 69 6e 64 65 78 2f 61 73 73 65 74 73 2f 63 73 73 2f 61 75 74 6f 69 6e 64 65 78 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 61 75 74 Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_aut
2024-09-29 12:36:53 UTC	343	IN	Data Raw: 61 73 73 65 74 73 2f 69 63 6f 6e 73 2f 66 6f 6c 64 65 72 2d 66 69 6c 6c 2e 73 76 67 22 20 61 6c 74 3d 22 44 69 72 65 63 74 6f 72 79 22 3e 63 67 69 2d 62 69 6e 3c 2f 61 3e 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 31 35 30 34 38 34 30 32 32 22 3e 32 30 32 34 2d 30 39 2d 32 35 20 31 37 3a 30 37 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 2d 31 22 3e 2d 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 3c 2f 64 69 76 3e 0a 3c 61 64 64 72 65 73 73 3e 50 72 6f 75 64 6c 79 20 53 65 72 76 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 20 61 74 20 7a 69 67 7a 61 67 2e 6e 6f 74 61 69 72 65 71 75 65 62 65 63 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 64 69 76 3e Data Ascii: assets/icons/folder-fill.svg" alt="Directory">cgi-bin</a></td><td data-sort="150484022">2024-09-25 17:07</td><td data-sort="-1">-</td></tr></table></div><address>Proudly Served by LiteSpeed Web Server at zigzag.notairequebec.com Port 443</address></div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49759	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:36:55 UTC	650	OUT	GET /?SA HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:36:55 UTC	334	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 1376 date: Sun, 29 Sep 2024 12:36:55 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:36:55 UTC	1034	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 5f 61 75 74 6f 69 6e 64 65 78 2f 61 73 73 65 74 73 2f 63 73 73 2f 61 75 74 6f 69 6e 64 65 78 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 61 75 74 Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_aut
2024-09-29 12:36:55 UTC	342	IN	Data Raw: 73 73 65 74 73 2f 69 63 6f 6e 73 2f 66 6f 6c 64 65 72 2d 66 69 6c 6c 2e 73 76 67 22 20 61 6c 74 3d 22 44 69 72 65 63 74 6f 72 79 22 3e 63 67 69 2d 62 69 6e 3c 2f 61 3e 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 31 35 30 34 38 34 30 32 32 22 3e 32 30 32 34 2d 30 39 2d 32 35 20 31 37 3a 30 37 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 2d 31 22 3e 2d 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 3c 2f 64 69 76 3e 0a 3c 61 64 64 72 65 73 73 3e 50 72 6f 75 64 6c 79 20 53 65 72 76 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 20 61 74 20 7a 69 67 7a 61 67 2e 6e 6f 74 61 69 72 65 71 75 65 62 65 63 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 64 69 76 3e 3c Data Ascii: ssets/icons/folder-fill.svg" alt="Directory">cgi-bin</a></td><td data-sort="150484022">2024-09-25 17:07</td><td data-sort="-1">-</td></tr></table></div><address>Proudly Served by LiteSpeed Web Server at zigzag.notairequebec.com Port 443</address></div><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49760	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:37:05 UTC	650	OUT	GET /?MD HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:37:05 UTC	334	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 1377 date: Sun, 29 Sep 2024 12:37:05 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:37:05 UTC	1034	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 5f 61 75 74 6f 69 6e 64 65 78 2f 61 73 73 65 74 73 2f 63 73 73 2f 61 75 74 6f 69 6e 64 65 78 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 61 75 74 Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_aut
2024-09-29 12:37:05 UTC	343	IN	Data Raw: 61 73 73 65 74 73 2f 69 63 6f 6e 73 2f 66 6f 6c 64 65 72 2d 66 69 6c 6c 2e 73 76 67 22 20 61 6c 74 3d 22 44 69 72 65 63 74 6f 72 79 22 3e 63 67 69 2d 62 69 6e 3c 2f 61 3e 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 31 35 30 34 38 34 30 32 32 22 3e 32 30 32 34 2d 30 39 2d 32 35 20 31 37 3a 30 37 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 2d 31 22 3e 2d 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 3c 2f 64 69 76 3e 0a 3c 61 64 64 72 65 73 73 3e 50 72 6f 75 64 6c 79 20 53 65 72 76 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 20 61 74 20 7a 69 67 7a 61 67 2e 6e 6f 74 61 69 72 65 71 75 65 62 65 63 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 64 69 76 3e Data Ascii: assets/icons/folder-fill.svg" alt="Directory">cgi-bin</a></td><td data-sort="150484022">2024-09-25 17:07</td><td data-sort="-1">-</td></tr></table></div><address>Proudly Served by LiteSpeed Web Server at zigzag.notairequebec.com Port 443</address></div>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49761	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:37:07 UTC	650	OUT	GET /?NA HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:37:08 UTC	334	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 1376 date: Sun, 29 Sep 2024 12:37:08 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:37:08 UTC	1034	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 5f 61 75 74 6f 69 6e 64 65 78 2f 61 73 73 65 74 73 2f 63 73 73 2f 61 75 74 6f 69 6e 64 65 78 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 61 75 74 Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_aut
2024-09-29 12:37:08 UTC	342	IN	Data Raw: 73 73 65 74 73 2f 69 63 6f 6e 73 2f 66 6f 6c 64 65 72 2d 66 69 6c 6c 2e 73 76 67 22 20 61 6c 74 3d 22 44 69 72 65 63 74 6f 72 79 22 3e 63 67 69 2d 62 69 6e 3c 2f 61 3e 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 31 35 30 34 38 34 30 32 32 22 3e 32 30 32 34 2d 30 39 2d 32 35 20 31 37 3a 30 37 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 2d 31 22 3e 2d 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 3c 2f 64 69 76 3e 0a 3c 61 64 64 72 65 73 73 3e 50 72 6f 75 64 6c 79 20 53 65 72 76 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 20 61 74 20 7a 69 67 7a 61 67 2e 6e 6f 74 61 69 72 65 71 75 65 62 65 63 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 64 69 76 3e 3c Data Ascii: ssets/icons/folder-fill.svg" alt="Directory">cgi-bin</a></td><td data-sort="150484022">2024-09-25 17:07</td><td data-sort="-1">-</td></tr></table></div><address>Proudly Served by LiteSpeed Web Server at zigzag.notairequebec.com Port 443</address></div><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49762	173.209.33.163	443	2836	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 12:37:17 UTC	650	OUT	GET /?SD HTTP/1.1 Host: zigzag.notairequebec.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 12:37:17 UTC	334	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 1377 date: Sun, 29 Sep 2024 12:37:17 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-09-29 12:37:17 UTC	1034	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 5f 61 75 74 6f 69 6e 64 65 78 2f 61 73 73 65 74 73 2f 63 73 73 2f 61 75 74 6f 69 6e 64 65 78 2e 63 73 73 22 20 2f 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 61 75 74 Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html; charset=UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="stylesheet" href="/_autoindex/assets/css/autoindex.css" /><script src="/_aut
2024-09-29 12:37:17 UTC	343	IN	Data Raw: 61 73 73 65 74 73 2f 69 63 6f 6e 73 2f 66 6f 6c 64 65 72 2d 66 69 6c 6c 2e 73 76 67 22 20 61 6c 74 3d 22 44 69 72 65 63 74 6f 72 79 22 3e 63 67 69 2d 62 69 6e 3c 2f 61 3e 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 31 35 30 34 38 34 30 32 32 22 3e 32 30 32 34 2d 30 39 2d 32 35 20 31 37 3a 30 37 3c 2f 74 64 3e 3c 74 64 20 64 61 74 61 2d 73 6f 72 74 3d 22 2d 31 22 3e 2d 3c 2f 74 64 3e 3c 2f 74 72 3e 0a 3c 2f 74 61 62 6c 65 3e 3c 2f 64 69 76 3e 0a 3c 61 64 64 72 65 73 73 3e 50 72 6f 75 64 6c 79 20 53 65 72 76 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 20 61 74 20 7a 69 67 7a 61 67 2e 6e 6f 74 61 69 72 65 71 75 65 62 65 63 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 64 69 76 3e Data Ascii: assets/icons/folder-fill.svg" alt="Directory">cgi-bin</a></td><td data-sort="150484022">2024-09-25 17:07</td><td data-sort="-1">-</td></tr></table></div><address>Proudly Served by LiteSpeed Web Server at zigzag.notairequebec.com Port 443</address></div>

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2908, Parent PID: 908

General

Target ID:	0
Start time:	08:36:27
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2836, Parent PID: 2908

General

Target ID:	2
Start time:	08:36:29
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=148,i,8323613118405139887,17831181471390966475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6416, Parent PID: 908

General

Target ID:	3
Start time:	08:36:34
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zigzag.notairequebec.com/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://zigzag.notairequebec.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2908, Parent PID: 908

Windows Analysis Report
https://zigzag.notairequebec.com/