Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA

Overview

General Information

Sample URL:http://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA
Analysis ID:1417134
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2028,i,11090803826720292125,5804435255194898833,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfAHTTP Parser: No favicon
Source: http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.pngHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownTCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /uk/230x60_NewsUK1.png HTTP/1.1Host: signaturepictures.news.co.ukConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: signaturepictures.news.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.pngAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: 3C8V4Q7VM1MM7NK5x-amz-id-2: TlQ4Ym8jNJv14PPvh8bmtuc+Hu6s7JI0pFJGqnAaERGpTW+/cc904CziJG+y84GcfuNgiAcWhSE=Content-Type: text/html; charset=utf-8Date: Thu, 28 Mar 2024 15:46:40 GMTServer: AmazonS3Content-Length: 303
Source: chromecache_42.2.drString found in binary or memory: http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.png
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: classification engineClassification label: clean0.win@18/9@8/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2028,i,11090803826720292125,5804435255194898833,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2028,i,11090803826720292125,5804435255194898833,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA0%Avira URL Cloudsafe
http://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://signaturepictures.news.co.uk/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.16.106
truefalse
    		high
    s3-website-eu-west-1.amazonaws.com
    		52.218.117.140
    		truefalse
      		high
      fp2e7a.wpc.phicdn.net
      		192.229.211.108
      		truefalse
        		unknown
        signaturepictures.news.co.uk
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfAfalse
            		high
            http://signaturepictures.news.co.uk/favicon.icofalse
            • Avira URL Cloud: safe
            		unknown
            http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.pngfalse
              		unknown
              https://www.google.com/favicon.icofalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                172.253.122.106
                		unknownUnited States
                		15169GOOGLEUSfalse
                52.218.117.140
                		s3-website-eu-west-1.amazonaws.comUnited States
                		16509AMAZON-02USfalse
                142.250.31.105
                		unknownUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse

                Private

                IP
                192.168.2.4

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1417134
                Start date and time:2024-03-28 16:45:39 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 2m 58s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:http://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:7
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@18/9@8/5
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Browse: http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.png

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.251.167.94, 142.251.167.101, 142.251.167.102, 142.251.167.139, 142.251.167.113, 142.251.167.138, 142.251.167.100, 142.251.163.84, 34.104.35.123, 52.165.165.26, 72.21.81.240, 192.229.211.108, 20.242.39.171, 20.166.126.56, 40.127.169.103, 172.253.122.94
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtSetInformationFile calls found.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                Chrome Cache Entry: 40

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                Category:downloaded
                Size (bytes):5430
                Entropy (8bit):3.6534652184263736
                Encrypted:false
                SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                MD5:F3418A443E7D841097C714D69EC4BCB8
                SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                Malicious:false
                Reputation:low
                URL:https://www.google.com/favicon.ico
                Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                Chrome Cache Entry: 41

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                Category:dropped
                Size (bytes):5430
                Entropy (8bit):3.6534652184263736
                Encrypted:false
                SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                MD5:F3418A443E7D841097C714D69EC4BCB8
                SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                Malicious:false
                Reputation:low
                Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                Chrome Cache Entry: 42

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (1516), with no line terminators
                Category:downloaded
                Size (bytes):1516
                Entropy (8bit):5.469831028403647
                Encrypted:false
                SSDEEP:24:n0ksbJcZ4qmVtmhkVzGuxZbur2rgozzyVriGRRV4BlWssMGRRctYiRsOEfv11a:nc1ohc/ZzyVrOvWsGtFfvi
                MD5:DBF5C55A975C101596D37AF13F43673E
                SHA1:4331CA5BC2150746B44B853B9A9014474765D220
                SHA-256:9BC2E21F0C7C51955336519B787506B6F87D4CE2E58A24D1E04FD418A9E0841A
                SHA-512:ADCD4B8F8E6D5475E97AEC318574BFD2C967E9B52967E058357C4BCE4D85DF39A7DC93F8A629F2892826BA8E02B410F93565913DC389804C2D2808A58DA63E53
                Malicious:false
                Reputation:low
                URL:https://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA
                Preview:<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8}a:visited{color:#681da8}a:active{color:#ea4335}div.mymGo{border-top:1px solid var(--gS5jXb);border-bottom:1px solid var(--gS5jXb);background:#f8f9fa;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Redirect Notice</b></font></div></div><div class="fTk7vd">&nbsp;The previous page is sending you to <a href="http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.png">http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.png</a>.<br><br>&nbsp;If you do not want to visit that page, you can <a href="#" id="tsuid_1">return to the previous page</a>.<script nonce="dXRPdsYHwxzTwSyRhWTzrQ">(func

                Chrome Cache Entry: 43

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text
                Category:downloaded
                Size (bytes):303
                Entropy (8bit):5.364455735584692
                Encrypted:false
                SSDEEP:6:qFzLIigsoCXLxqDgs0d1ajum5vWUsmdzlJoiUWYaAGW/KdhXvk0qGRq4QL:kgsoCbxMgs0anW+JokYaAGWEbRRpQL
                MD5:9C02CAD14FE2E4FE7864B320CED24A99
                SHA1:CA34B39B4FDA7A51C00FBD310748A700994AF969
                SHA-256:98DD48925827D8912AFB136CB057727C4693804A3C13E92C15B40BE86FF8997C
                SHA-512:9420E4B4BBB75DE95CBFD7D0114FBE4C12D317CAF12AEE3659385C007BE6489C0EE66DEB061BFDC8565A530C7630D0DF31D5C4B28416A160D294B661B8130B8C
                Malicious:false
                Reputation:low
                URL:http://signaturepictures.news.co.uk/favicon.ico
                Preview:<html>.<head><title>403 Forbidden</title></head>.<body>.<h1>403 Forbidden</h1>.<ul>.<li>Code: AccessDenied</li>.<li>Message: Access Denied</li>.<li>RequestId: 3C8V4Q7VM1MM7NK5</li>.<li>HostId: TlQ4Ym8jNJv14PPvh8bmtuc+Hu6s7JI0pFJGqnAaERGpTW+/cc904CziJG+y84GcfuNgiAcWhSE=</li>.</ul>.<hr/>.</body>.</html>.

                Chrome Cache Entry: 44

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 230 x 60, 8-bit/color RGBA, non-interlaced
                Category:downloaded
                Size (bytes):8311
                Entropy (8bit):7.93693573122873
                Encrypted:false
                SSDEEP:192:uM4rEyM0zoItvLWJ4Yck3gwKEXHDUC6Qtr148XRt4Ggh:uM4DjfLWJ4DkQ6X4SbN9y
                MD5:FF3769C8864D0A1FBC9A3C582E9852B1
                SHA1:C3BB0D19FCB8A8DA08149677BA614C1AAA544FA1
                SHA-256:D23F2904B233F3485EDA9E62800E90703833C4658D4B424EB943783249D753E9
                SHA-512:3FC714A3FD4949404D7094EA73689F48D1453766CD70F847826EC104B363F815BE0BE071B2F7AAAA071C180AB8540B7850B28A35D6B2E90D6C94AE9E3ECB1214
                Malicious:false
                Reputation:low
                URL:http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.png
                Preview:.PNG........IHDR.......<.....r.......tEXtSoftware.Adobe ImageReadyq.e<...hiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:3CFFF9D42F206811A4D48E14272D30B6" xmpMM:DocumentID="xmp.did:FDCB9E26D27411E2A9A6F21FF4EA4408" xmpMM:InstanceID="xmp.iid:FDCB9E25D27411E2A9A6F21FF4EA4408" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:40FFF9D42F206811A4D48E14272D30B6" stRef:documentID="xmp.did:3CFFF9D42F206811A4D48E14272D30B6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.W......IDATx..]......@N.AQ.R.AEY......;..G4..zG#

                Static File Info

                No static file info

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Mar 28, 2024 16:46:20.017326117 CET49675443192.168.2.4173.222.162.32
                Mar 28, 2024 16:46:21.814210892 CET49678443192.168.2.4104.46.162.224
                Mar 28, 2024 16:46:27.894529104 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:27.894568920 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:27.894650936 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:27.895078897 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:27.895092964 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.130703926 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.131011009 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.131025076 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.132077932 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.132152081 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.133225918 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.133352995 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.133548021 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.133553982 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.180047989 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.374075890 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.374206066 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.374273062 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.374290943 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.374417067 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.374475002 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.375679970 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.375699043 CET44349736142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.375734091 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.375768900 CET49736443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.464020014 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.464063883 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.464144945 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.464387894 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.464402914 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.681057930 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.681371927 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.681390047 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.681713104 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.682076931 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.682146072 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.682248116 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.724239111 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.896414995 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.896476030 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.896509886 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.896533012 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.896544933 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.896572113 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.896586895 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.896593094 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.896630049 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.898950100 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:28.898998976 CET44349737142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:28.899070978 CET49737443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:29.022387028 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.022418976 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.022495031 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.022825003 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.022840977 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.241585016 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.265944004 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.265959024 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.266980886 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.267047882 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.273093939 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.273154974 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.273690939 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.273699045 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.313927889 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.459136963 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.459196091 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.459223032 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.459233999 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.459252119 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.459285975 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.459286928 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.459299088 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.459336042 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.462265015 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.462306976 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:29.462344885 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.552139997 CET49740443192.168.2.4172.253.122.106
                Mar 28, 2024 16:46:29.552155972 CET44349740172.253.122.106192.168.2.4
                Mar 28, 2024 16:46:30.519000053 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:30.519031048 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:30.519108057 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:30.519984961 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:30.519995928 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:30.752322912 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:30.752738953 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:30.752749920 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:30.753742933 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:30.753827095 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:30.754945993 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:30.755019903 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:30.797475100 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:30.797482967 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:30.844347954 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:31.054687977 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.054713964 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.054971933 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.058214903 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.058233976 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.423702002 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.423826933 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.432195902 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.432202101 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.432487011 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.470244884 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.512240887 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.781805038 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.781980038 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.782028913 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.782107115 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.782119989 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.782134056 CET49743443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.782138109 CET4434974323.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.817903042 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.817936897 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:31.818010092 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.818305016 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:31.818320036 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:32.173086882 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:32.173161983 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:32.176644087 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:32.176656008 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:32.176887989 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:32.179470062 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:32.224235058 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:32.521966934 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:32.522049904 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:32.522121906 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:32.523503065 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:32.523528099 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:32.523541927 CET49744443192.168.2.423.221.242.90
                Mar 28, 2024 16:46:32.523547888 CET4434974423.221.242.90192.168.2.4
                Mar 28, 2024 16:46:40.772322893 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:40.772386074 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:40.776842117 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:40.805201054 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:40.805202007 CET49742443192.168.2.4142.250.31.105
                Mar 28, 2024 16:46:40.805216074 CET44349742142.250.31.105192.168.2.4
                Mar 28, 2024 16:46:40.812745094 CET4974680192.168.2.452.218.117.140
                Mar 28, 2024 16:46:40.900558949 CET4974780192.168.2.452.218.117.140
                Mar 28, 2024 16:46:40.982589006 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:40.982669115 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:40.983002901 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:40.992528915 CET804974652.218.117.140192.168.2.4
                Mar 28, 2024 16:46:40.992595911 CET4974680192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.077897072 CET804974752.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.078017950 CET4974780192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.160420895 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.185616970 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.185772896 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.185786009 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.185798883 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.185812950 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.185827017 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.185828924 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.185838938 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.185847044 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.185861111 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.196721077 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.196739912 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.196752071 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.196767092 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.196793079 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.297359943 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.486129045 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.486146927 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.486192942 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:46:41.486252069 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:46:41.530558109 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:47:04.179263115 CET804974652.218.117.140192.168.2.4
                Mar 28, 2024 16:47:04.179543018 CET4974680192.168.2.452.218.117.140
                Mar 28, 2024 16:47:04.291112900 CET804974752.218.117.140192.168.2.4
                Mar 28, 2024 16:47:04.291182995 CET4974780192.168.2.452.218.117.140
                Mar 28, 2024 16:47:04.545891047 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:47:04.546045065 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:47:04.596676111 CET4974780192.168.2.452.218.117.140
                Mar 28, 2024 16:47:04.596678972 CET4974680192.168.2.452.218.117.140
                Mar 28, 2024 16:47:04.596750975 CET4974580192.168.2.452.218.117.140
                Mar 28, 2024 16:47:04.774552107 CET804974552.218.117.140192.168.2.4
                Mar 28, 2024 16:47:04.774691105 CET804974752.218.117.140192.168.2.4
                Mar 28, 2024 16:47:04.776448011 CET804974652.218.117.140192.168.2.4
                Mar 28, 2024 16:47:30.565718889 CET49756443192.168.2.4142.250.31.105
                Mar 28, 2024 16:47:30.565748930 CET44349756142.250.31.105192.168.2.4
                Mar 28, 2024 16:47:30.565927029 CET49756443192.168.2.4142.250.31.105
                Mar 28, 2024 16:47:30.566145897 CET49756443192.168.2.4142.250.31.105
                Mar 28, 2024 16:47:30.566159010 CET44349756142.250.31.105192.168.2.4
                Mar 28, 2024 16:47:30.782859087 CET44349756142.250.31.105192.168.2.4
                Mar 28, 2024 16:47:30.783405066 CET49756443192.168.2.4142.250.31.105
                Mar 28, 2024 16:47:30.783416033 CET44349756142.250.31.105192.168.2.4
                Mar 28, 2024 16:47:30.783744097 CET44349756142.250.31.105192.168.2.4
                Mar 28, 2024 16:47:30.784362078 CET49756443192.168.2.4142.250.31.105
                Mar 28, 2024 16:47:30.784450054 CET44349756142.250.31.105192.168.2.4
                Mar 28, 2024 16:47:30.828548908 CET49756443192.168.2.4142.250.31.105
                Mar 28, 2024 16:47:40.815135956 CET44349756142.250.31.105192.168.2.4
                Mar 28, 2024 16:47:40.815201044 CET44349756142.250.31.105192.168.2.4
                Mar 28, 2024 16:47:40.815296888 CET49756443192.168.2.4142.250.31.105
                Mar 28, 2024 16:47:42.599823952 CET49756443192.168.2.4142.250.31.105
                Mar 28, 2024 16:47:42.599849939 CET44349756142.250.31.105192.168.2.4

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Mar 28, 2024 16:46:26.148031950 CET53552751.1.1.1192.168.2.4
                Mar 28, 2024 16:46:26.326452017 CET53631251.1.1.1192.168.2.4
                Mar 28, 2024 16:46:27.127285004 CET53552861.1.1.1192.168.2.4
                Mar 28, 2024 16:46:27.785209894 CET6410453192.168.2.41.1.1.1
                Mar 28, 2024 16:46:27.786444902 CET5755253192.168.2.41.1.1.1
                Mar 28, 2024 16:46:27.797796011 CET6353453192.168.2.41.1.1.1
                Mar 28, 2024 16:46:27.797943115 CET5986453192.168.2.41.1.1.1
                Mar 28, 2024 16:46:27.880960941 CET53641041.1.1.1192.168.2.4
                Mar 28, 2024 16:46:27.881475925 CET53575521.1.1.1192.168.2.4
                Mar 28, 2024 16:46:27.892936945 CET53635341.1.1.1192.168.2.4
                Mar 28, 2024 16:46:27.893595934 CET53598641.1.1.1192.168.2.4
                Mar 28, 2024 16:46:28.906013966 CET6049753192.168.2.41.1.1.1
                Mar 28, 2024 16:46:28.906187057 CET5451953192.168.2.41.1.1.1
                Mar 28, 2024 16:46:29.001022100 CET53545191.1.1.1192.168.2.4
                Mar 28, 2024 16:46:29.002224922 CET53604971.1.1.1192.168.2.4
                Mar 28, 2024 16:46:40.627509117 CET5932253192.168.2.41.1.1.1
                Mar 28, 2024 16:46:40.627509117 CET6044653192.168.2.41.1.1.1
                Mar 28, 2024 16:46:40.765819073 CET53593221.1.1.1192.168.2.4
                Mar 28, 2024 16:46:40.803510904 CET53604461.1.1.1192.168.2.4
                Mar 28, 2024 16:46:44.333507061 CET53576761.1.1.1192.168.2.4
                Mar 28, 2024 16:46:52.336949110 CET138138192.168.2.4192.168.2.255
                Mar 28, 2024 16:47:03.551925898 CET53649411.1.1.1192.168.2.4
                Mar 28, 2024 16:47:26.469075918 CET53578311.1.1.1192.168.2.4
                Mar 28, 2024 16:47:26.472404957 CET53528841.1.1.1192.168.2.4

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Mar 28, 2024 16:46:27.785209894 CET192.168.2.41.1.1.10xb60cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.786444902 CET192.168.2.41.1.1.10x1be4Standard query (0)www.google.com65IN (0x0001)false
                Mar 28, 2024 16:46:27.797796011 CET192.168.2.41.1.1.10xb672Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.797943115 CET192.168.2.41.1.1.10x7278Standard query (0)www.google.com65IN (0x0001)false
                Mar 28, 2024 16:46:28.906013966 CET192.168.2.41.1.1.10x3702Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:28.906187057 CET192.168.2.41.1.1.10xc78cStandard query (0)www.google.com65IN (0x0001)false
                Mar 28, 2024 16:46:40.627509117 CET192.168.2.41.1.1.10xb757Standard query (0)signaturepictures.news.co.ukA (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.627509117 CET192.168.2.41.1.1.10x8b8bStandard query (0)signaturepictures.news.co.uk65IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Mar 28, 2024 16:46:27.880960941 CET1.1.1.1192.168.2.40xb60cNo error (0)www.google.com142.251.16.106A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.880960941 CET1.1.1.1192.168.2.40xb60cNo error (0)www.google.com142.251.16.147A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.880960941 CET1.1.1.1192.168.2.40xb60cNo error (0)www.google.com142.251.16.105A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.880960941 CET1.1.1.1192.168.2.40xb60cNo error (0)www.google.com142.251.16.104A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.880960941 CET1.1.1.1192.168.2.40xb60cNo error (0)www.google.com142.251.16.99A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.880960941 CET1.1.1.1192.168.2.40xb60cNo error (0)www.google.com142.251.16.103A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.881475925 CET1.1.1.1192.168.2.40x1be4No error (0)www.google.com65IN (0x0001)false
                Mar 28, 2024 16:46:27.892936945 CET1.1.1.1192.168.2.40xb672No error (0)www.google.com142.250.31.105A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.892936945 CET1.1.1.1192.168.2.40xb672No error (0)www.google.com142.250.31.99A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.892936945 CET1.1.1.1192.168.2.40xb672No error (0)www.google.com142.250.31.106A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.892936945 CET1.1.1.1192.168.2.40xb672No error (0)www.google.com142.250.31.147A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.892936945 CET1.1.1.1192.168.2.40xb672No error (0)www.google.com142.250.31.104A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.892936945 CET1.1.1.1192.168.2.40xb672No error (0)www.google.com142.250.31.103A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:27.893595934 CET1.1.1.1192.168.2.40x7278No error (0)www.google.com65IN (0x0001)false
                Mar 28, 2024 16:46:29.001022100 CET1.1.1.1192.168.2.40xc78cNo error (0)www.google.com65IN (0x0001)false
                Mar 28, 2024 16:46:29.002224922 CET1.1.1.1192.168.2.40x3702No error (0)www.google.com172.253.122.106A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:29.002224922 CET1.1.1.1192.168.2.40x3702No error (0)www.google.com172.253.122.105A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:29.002224922 CET1.1.1.1192.168.2.40x3702No error (0)www.google.com172.253.122.103A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:29.002224922 CET1.1.1.1192.168.2.40x3702No error (0)www.google.com172.253.122.147A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:29.002224922 CET1.1.1.1192.168.2.40x3702No error (0)www.google.com172.253.122.104A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:29.002224922 CET1.1.1.1192.168.2.40x3702No error (0)www.google.com172.253.122.99A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)signaturepictures.news.co.uksignaturepictures.news.co.uk.s3-website-eu-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)signaturepictures.news.co.uk.s3-website-eu-west-1.amazonaws.coms3-website-eu-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)s3-website-eu-west-1.amazonaws.com52.218.117.140A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)s3-website-eu-west-1.amazonaws.com52.218.90.252A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)s3-website-eu-west-1.amazonaws.com52.218.37.124A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)s3-website-eu-west-1.amazonaws.com52.218.90.36A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)s3-website-eu-west-1.amazonaws.com52.218.117.36A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)s3-website-eu-west-1.amazonaws.com52.218.40.76A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)s3-website-eu-west-1.amazonaws.com52.218.40.188A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.765819073 CET1.1.1.1192.168.2.40xb757No error (0)s3-website-eu-west-1.amazonaws.com52.218.30.228A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:40.803510904 CET1.1.1.1192.168.2.40x8b8bNo error (0)signaturepictures.news.co.uksignaturepictures.news.co.uk.s3-website-eu-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2024 16:46:40.803510904 CET1.1.1.1192.168.2.40x8b8bNo error (0)signaturepictures.news.co.uk.s3-website-eu-west-1.amazonaws.coms3-website-eu-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2024 16:46:43.477397919 CET1.1.1.1192.168.2.40xcb4dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2024 16:46:43.477397919 CET1.1.1.1192.168.2.40xcb4dNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                Mar 28, 2024 16:46:56.378206015 CET1.1.1.1192.168.2.40xea7fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2024 16:46:56.378206015 CET1.1.1.1192.168.2.40xea7fNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                Mar 28, 2024 16:47:18.630728960 CET1.1.1.1192.168.2.40xf51dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                Mar 28, 2024 16:47:18.630728960 CET1.1.1.1192.168.2.40xf51dNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • www.google.com
                • https:
                • fs.microsoft.com
                • signaturepictures.news.co.uk

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.44974552.218.117.140804548C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                Mar 28, 2024 16:46:40.983002901 CET464OUTGET /uk/230x60_NewsUK1.png HTTP/1.1
                Host: signaturepictures.news.co.uk
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Mar 28, 2024 16:46:41.185616970 CET335INHTTP/1.1 200 OK
                x-amz-id-2: LB7IA60mPZ1W+N7dADcB1I5U53++oTe+OzC/LOlAai3wQzsIQPmXrKZMpkCScpyB22Jee/utxEE=
                x-amz-request-id: 3C8HXVZZBXRB0VHT
                Date: Thu, 28 Mar 2024 15:46:42 GMT
                Last-Modified: Fri, 28 Jun 2013 08:33:59 GMT
                ETag: "ff3769c8864d0a1fbc9a3c582e9852b1"
                Content-Type: image/png
                Server: AmazonS3
                Content-Length: 8311
                Mar 28, 2024 16:46:41.185772896 CET356INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 e6 00 00 00 3c 08 06 00 00 00 72 cf c6 f2 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 68 69 54 58 74 58 4d 4c 3a
                Data Ascii: PNGIHDR<rtEXtSoftwareAdobe ImageReadyqe<hiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/0
                Mar 28, 2024 16:46:41.185786009 CET496INData Raw: 3d 22 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d
                Data Ascii: ="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:3CFFF9D42F206811A4D48E14272D30B6" xmpMM:DocumentID="xmp.d
                Mar 28, 2024 16:46:41.185798883 CET1286INData Raw: 33 43 46 46 46 39 44 34 32 46 32 30 36 38 31 31 41 34 44 34 38 45 31 34 32 37 32 44 33 30 42 36 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78
                Data Ascii: 3CFFF9D42F206811A4D48E14272D30B6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>WIDATx]@NAQRAEY;G4zG#x/qq=h<7FY6Du=Yr}_oLLUMO{z_{%TEdJ*J*J
                Mar 28, 2024 16:46:41.185812950 CET1286INData Raw: fd 50 ac ba 44 88 b8 79 d8 f7 af 34 75 a5 84 33 80 a7 02 70 a3 00 84 90 b8 88 55 ce 8e 38 c6 59 38 c6 c6 cc ac 53 20 8e 10 6b 89 24 98 03 65 eb f9 14 6c 75 c8 d0 fe c7 f8 69 7b 1e f1 76 6c 9e e4 9c 14 9f 3e 17 e0 90 2c 1a 4a bd 76 b0 03 be bd 0f
                Data Ascii: PDy4u3pU8Y8S k$elui{vl>,Jv?_XflfNK;aeXN~_z^Kcb*PDu-,+2PPT)A~B]]13Lp%vU@$X0pe0f_,Hn
                Mar 28, 2024 16:46:41.185827017 CET1286INData Raw: 60 66 24 46 a4 58 67 8a 47 de 81 cd 93 0e 06 96 21 00 ef 13 2c 14 b1 72 0d 96 85 95 10 da 8f de 9f 05 73 67 3e 05 7d 46 1c 0c d9 16 a8 58 b4 45 a1 76 2a a0 5d 46 c9 98 18 53 91 17 47 e7 e5 f1 a9 24 cc 72 09 85 63 56 9d 93 76 a8 96 9a 56 52 83 91
                Data Ascii: `f$FXgG!,rsg>}FXEv*]FSG$rcVvVRI!^-6X{(+`BZ-)c-*-B(giP6yb.u|gBCUl5!bX?imL'Q,<J>ls*ST)}~|<
                Mar 28, 2024 16:46:41.185838938 CET238INData Raw: f7 26 60 c2 46 42 d5 c9 98 5b b0 2b c1 d2 2b 05 ea 5f 33 84 4f da da aa 00 84 b0 b6 e5 ab 58 ee ad 51 5a 8e 09 4c b0 fb 58 c2 3f cb 60 cf 77 0b ae 5f cc d2 ba de 9d 2a 1b b3 9d 35 83 0b a9 cb b5 6e 6b a3 3f e0 0d 10 a7 42 f9 1f 2c 3b d7 71 df ee
                Data Ascii: &`FB[++_3OXQZLX?`w_*5nk?B,;q6_=,d~GmNW^NAfIG"HcJ,S|u7 Jj;8)}] I}6XC[CH_F="p%6AX6yOU
                Mar 28, 2024 16:46:41.196721077 CET1286INData Raw: d3 ab cc 94 bf 6f 60 de 91 5b e5 18 f1 f9 3c 66 98 43 b1 7c 5a e5 5a 52 99 4f 14 cc 33 80 ed f6 8f aa 5c 47 9a c5 bf f2 6f 91 68 25 a4 9a 53 26 b9 37 78 21 dc 90 4d 86 21 ac 85 6c 2e ae ef cf b6 fc f7 79 b1 7a 1c f2 19 07 8f e0 55 bf 61 72 ae 09
                Data Ascii: o`[<fC|ZZRO3\Goh%S&7x!M!l.yzUar'`urt$_h/e.%9|'wqO+So'ysB5qffE'Kv/`NpK:McyKhNb(g,yACn;#-;HZn8J
                Mar 28, 2024 16:46:41.196739912 CET1286INData Raw: 93 68 05 bc 1b 6a 53 b4 57 27 77 31 7f ed 17 33 44 54 3b 17 ef ff 8a ee ef 54 a6 84 54 a2 a9 80 76 50 12 df 86 0d 66 fb 36 dd 34 6c 3b 82 6c 4e 6c ea ca fd 4f c3 ee 9f b0 50 0a 00 4b d5 d3 57 d2 1f f9 ec 02 64 f3 69 96 46 b5 d2 1b 2c 09 6b b1 7d
                Data Ascii: hjSW'w13DT;TTvPf64l;lNlOPKWdiF,k}*e4[V)D}S~fpO&~"Qg#-eMS_,Z6Qg$U>&!tyGfr4s|=@5)47DFu}$}$cX
                Mar 28, 2024 16:46:41.196752071 CET791INData Raw: c3 18 86 3e 96 57 fe 46 68 0e 33 d9 9d ac b2 d6 72 8a 18 f5 a1 20 8c fb 0a ec 2f 4a 4c 36 1e f2 fe c8 c7 d8 0e 2e 3a 21 8d 02 21 7e ce da 44 a3 74 1c ab ce 9b b1 bd 99 4c de ce d0 58 ae 27 92 34 75 07 fc 37 37 af 80 a5 73 a6 43 a7 f5 86 19 54 33
                Data Ascii: >WFh3r /JL6.:!!~DtLX'4u77sCT3s'.5q<G{K3wm&we)h2sq2-,^Kr[ o'xDZ&X+6B`e*vbDe88ShZf[#O?afM= #R
                Mar 28, 2024 16:46:41.297359943 CET421OUTGET /favicon.ico HTTP/1.1
                Host: signaturepictures.news.co.uk
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Referer: http://signaturepictures.news.co.uk/uk/230x60_NewsUK1.png
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Mar 28, 2024 16:46:41.486129045 CET268INHTTP/1.1 403 Forbidden
                x-amz-request-id: 3C8V4Q7VM1MM7NK5
                x-amz-id-2: TlQ4Ym8jNJv14PPvh8bmtuc+Hu6s7JI0pFJGqnAaERGpTW+/cc904CziJG+y84GcfuNgiAcWhSE=
                Content-Type: text/html; charset=utf-8
                Date: Thu, 28 Mar 2024 15:46:40 GMT
                Server: AmazonS3
                Content-Length: 303
                Mar 28, 2024 16:46:41.486146927 CET116INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 75 6c
                Data Ascii: <html><head><title>403 Forbidden</title></head><body><h1>403 Forbidden</h1><ul><li>Code: AccessDenied</li><li>


                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.449736142.250.31.1054434548C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-03-28 15:46:28 UTC970OUTGET /url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA HTTP/1.1
                Host: www.google.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: navigate
                Sec-Fetch-User: ?1
                Sec-Fetch-Dest: document
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                2024-03-28 15:46:28 UTC1224INHTTP/1.1 200 OK
                Date: Thu, 28 Mar 2024 15:46:28 GMT
                Pragma: no-cache
                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                Cache-Control: no-cache, must-revalidate
                Content-Type: text/html; charset=UTF-8
                Strict-Transport-Security: max-age=31536000
                Accept-CH: Sec-CH-UA-Platform
                Accept-CH: Sec-CH-UA-Platform-Version
                Accept-CH: Sec-CH-UA-Full-Version
                Accept-CH: Sec-CH-UA-Arch
                Accept-CH: Sec-CH-UA-Model
                Accept-CH: Sec-CH-UA-Bitness
                Accept-CH: Sec-CH-UA-Full-Version-List
                Accept-CH: Sec-CH-UA-WoW64
                Permissions-Policy: unload=()
                Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                Server: gws
                X-XSS-Protection: 0
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2024-03-28 15:46:28 UTC28INData Raw: 35 65 63 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c
                Data Ascii: 5ec<html lang="en"><head><
                2024-03-28 15:46:28 UTC1252INData Raw: 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 20 4e 6f 74 69 63 65 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 2c 64 69 76 2c 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 70 78 7d 64 69 76 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 61 3a 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 36 38 31 64 61 38 7d 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 36 38 31 64 61 38 7d 61 3a 61
                Data Ascii: meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8}a:visited{color:#681da8}a:a
                2024-03-28 15:46:28 UTC243INData Raw: 7b 76 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 26 26 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 2c 61 3d 22 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 22 69 6e 20 77 69 6e 64 6f 77 3f 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 3a 65 73 63 61 70 65 2c 63 3d 22 22 3b 62 26 26 28 63 3d 61 28 62 29 29 3b 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 2f 75 72 6c 3f 73 61 3d 54 26 75 72 6c 3d 22 2b 63 2b 22 26 6f 69 3d 22 2b 61 28 6f 69 29 2b 22 26 63 74 3d 22 2b 61 28 63 74 29 3b 72 65 74 75 72 6e 21 31 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 62 72 3e 3c 62 72 3e 3c 62 72 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: {var b=document&&document.referrer,a="encodeURIComponent"in window?encodeURIComponent:escape,c="";b&&(c=a(b));(new Image).src="/url?sa=T&url="+c+"&oi="+a(oi)+"&ct="+a(ct);return!1};}).call(this);})();</script><br><br><br></div></body></html>
                2024-03-28 15:46:28 UTC5INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                1192.168.2.449737142.250.31.1054434548C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-03-28 15:46:28 UTC1327OUTGET /favicon.ico HTTP/1.1
                Host: www.google.com
                Connection: keep-alive
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                sec-ch-ua-arch: "x86"
                sec-ch-ua-full-version: "117.0.5938.132"
                sec-ch-ua-platform-version: "10.0.0"
                sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                sec-ch-ua-bitness: "64"
                sec-ch-ua-model: ""
                sec-ch-ua-wow64: ?0
                sec-ch-ua-platform: "Windows"
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: image
                Referer: https://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                2024-03-28 15:46:28 UTC706INHTTP/1.1 200 OK
                Accept-Ranges: bytes
                Cross-Origin-Resource-Policy: cross-origin
                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                Content-Length: 5430
                X-Content-Type-Options: nosniff
                Server: sffe
                X-XSS-Protection: 0
                Date: Thu, 28 Mar 2024 11:51:33 GMT
                Expires: Fri, 05 Apr 2024 11:51:33 GMT
                Cache-Control: public, max-age=691200
                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                Content-Type: image/x-icon
                Vary: Accept-Encoding
                Age: 14095
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Connection: close
                2024-03-28 15:46:28 UTC546INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                Data Ascii: h& ( 0.v]X:X:rY
                2024-03-28 15:46:28 UTC1252INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f7 a6 75 ff ff ff ff ff fd fd fd f9 fd fd fd fa ff ff ff ff 0b be fb ff 05 bc fb ff b6 ec fe ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f7 aa 7b ff ff ff ff ff fd fd fd f9 fd fd fd db ff ff ff ff 35 c9 fc ff 0a b2 f9 ff 6b a4 f6 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea
                Data Ascii: BBBBBuBBBBB{5k7R8F2Vb5C
                2024-03-28 15:46:28 UTC1252INData Raw: de ee d8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd e8 fe fe fe 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 24 fd fd fd ea ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff eb f5 e7 ff 8f c6 7b ff 54 a9 36 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 7e be 67 ff dd ee d7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd e8 ff ff ff 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd d3 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff c4 e1 b9 ff 5c ac 3e ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34
                Data Ascii: /${T6S4S4S4S4S4S4S4S4S4~g"\>S4S4S4S4S4S4S4S4S4S4
                2024-03-28 15:46:28 UTC1252INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fa c8 aa ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff 07 bd fb ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 7d dc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd f9 fd fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff 07 bd fb ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 7d dc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                Data Ascii: BBBBBBBBBBB}BBBBBBBBBBB}
                2024-03-28 15:46:28 UTC1128INData Raw: ff ff ff ff a0 a7 f5 ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 81 8a f2 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 0b fd fd fd d5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b5 ba f7 ff 3e 4b eb ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 3f 4c eb ff ba bf f8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 26 fd fd fd eb ff ff ff
                Data Ascii: 5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C>K5C5C5C5C5C5C5C5C5C5C5C5C?L&


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                2192.168.2.449740172.253.122.1064434548C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-03-28 15:46:29 UTC635OUTGET /favicon.ico HTTP/1.1
                Host: www.google.com
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: */*
                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: cors
                Sec-Fetch-Dest: empty
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
                2024-03-28 15:46:29 UTC705INHTTP/1.1 200 OK
                Accept-Ranges: bytes
                Cross-Origin-Resource-Policy: cross-origin
                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                Content-Length: 5430
                X-Content-Type-Options: nosniff
                Server: sffe
                X-XSS-Protection: 0
                Date: Thu, 28 Mar 2024 13:39:22 GMT
                Expires: Fri, 05 Apr 2024 13:39:22 GMT
                Cache-Control: public, max-age=691200
                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                Content-Type: image/x-icon
                Vary: Accept-Encoding
                Age: 7627
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Connection: close
                2024-03-28 15:46:29 UTC547INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                Data Ascii: h& ( 0.v]X:X:rY
                2024-03-28 15:46:29 UTC1252INData Raw: ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f7 a6 75 ff ff ff ff ff fd fd fd f9 fd fd fd fa ff ff ff ff 0b be fb ff 05 bc fb ff b6 ec fe ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f7 aa 7b ff ff ff ff ff fd fd fd f9 fd fd fd db ff ff ff ff 35 c9 fc ff 0a b2 f9 ff 6b a4 f6 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff
                Data Ascii: BBBBBuBBBBB{5k7R8F2Vb5C
                2024-03-28 15:46:29 UTC1252INData Raw: ee d8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd e8 fe fe fe 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 24 fd fd fd ea ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff eb f5 e7 ff 8f c6 7b ff 54 a9 36 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 7e be 67 ff dd ee d7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd e8 ff ff ff 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd d3 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff c4 e1 b9 ff 5c ac 3e ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff
                Data Ascii: /${T6S4S4S4S4S4S4S4S4S4~g"\>S4S4S4S4S4S4S4S4S4S4
                2024-03-28 15:46:29 UTC1252INData Raw: ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fa c8 aa ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff 07 bd fb ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 7d dc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd f9 fd fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff 07 bd fb ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 7d dc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                Data Ascii: BBBBBBBBBBB}BBBBBBBBBBB}
                2024-03-28 15:46:29 UTC1127INData Raw: ff ff ff a0 a7 f5 ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 81 8a f2 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 0b fd fd fd d5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b5 ba f7 ff 3e 4b eb ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 3f 4c eb ff ba bf f8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 26 fd fd fd eb ff ff ff ff
                Data Ascii: 5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C>K5C5C5C5C5C5C5C5C5C5C5C5C?L&


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                3192.168.2.44974323.221.242.90443
                TimestampBytes transferredDirectionData
                2024-03-28 15:46:31 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                Accept-Encoding: identity
                User-Agent: Microsoft BITS/7.8
                Host: fs.microsoft.com
                2024-03-28 15:46:31 UTC468INHTTP/1.1 200 OK
                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                Content-Type: application/octet-stream
                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                Server: ECAcc (chd/073D)
                X-CID: 11
                X-Ms-ApiVersion: Distribute 1.2
                X-Ms-Region: prod-eus2-z1
                Cache-Control: public, max-age=227818
                Date: Thu, 28 Mar 2024 15:46:31 GMT
                Connection: close
                X-CID: 2


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                4192.168.2.44974423.221.242.90443
                TimestampBytes transferredDirectionData
                2024-03-28 15:46:32 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                Accept-Encoding: identity
                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                Range: bytes=0-2147483646
                User-Agent: Microsoft BITS/7.8
                Host: fs.microsoft.com
                2024-03-28 15:46:32 UTC774INHTTP/1.1 200 OK
                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                ApiVersion: Distribute 1.1
                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                X-CID: 7
                X-CCC: US
                X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z
                X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z
                Content-Type: application/octet-stream
                X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                Cache-Control: public, max-age=227797
                Date: Thu, 28 Mar 2024 15:46:32 GMT
                Content-Length: 55
                Connection: close
                X-CID: 2
                2024-03-28 15:46:32 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:16:46:22
                Start date:28/03/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                Imagebase:0x7ff76e190000
                File size:3'242'272 bytes
                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                General

                Target ID:2
                Start time:16:46:25
                Start date:28/03/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2028,i,11090803826720292125,5804435255194898833,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff76e190000
                File size:3'242'272 bytes
                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                General

                Target ID:3
                Start time:16:46:27
                Start date:28/03/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.google.com/url?q=http%3A%2F%2Fsignaturepictures.news.co.uk%2Fuk%2F230x60_NewsUK1.png&sa=D&sntz=1&usg=AFrqEzc-MQM_XkeCiqCcaLYMPlDQx7cwfA"
                Imagebase:0x7ff76e190000
                File size:3'242'272 bytes
                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true

                Disassembly

                No disassembly