Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://mickhall.co.uk/owa-auth-logon.aspx/index.html

Overview

General Information

Sample URL:https://mickhall.co.uk/owa-auth-logon.aspx/index.html
Analysis ID:1585898
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
HTML body contains low number of good links
HTML title does not match URL
Suspicious form URL found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2204,i,17988096547459354591,2257509875742310024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mickhall.co.uk/owa-auth-logon.aspx/index.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlJoe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft Outlook' is well-known and typically associated with the domain 'outlook.com'., The provided URL 'mickhall.co.uk' does not match the legitimate domain for Microsoft Outlook., The URL 'mickhall.co.uk' does not contain any elements that suggest a connection to Microsoft or Outlook., The presence of input fields such as Email, Domain\Username, and Password is typical for phishing sites attempting to harvest credentials., The domain 'mickhall.co.uk' appears unrelated to Microsoft Outlook, increasing the likelihood of phishing. DOM: 1.0.pages.csv
Source: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlHTTP Parser: Number of links: 0
Source: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlHTTP Parser: Title: Login - MyApp does not match URL
Source: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlHTTP Parser: Form action: send_telegram.php
Source: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlHTTP Parser: <input type="password" .../> found
Source: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlHTTP Parser: No <meta name="author".. found
Source: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /owa-auth-logon.aspx/index.html HTTP/1.1Host: mickhall.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /owa-auth-logon.aspx/image.png HTTP/1.1Host: mickhall.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /owa-auth-logon.aspx/favicon.ico HTTP/1.1Host: mickhall.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mickhall.co.uk/owa-auth-logon.aspx/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /owa-auth-logon.aspx/image.png HTTP/1.1Host: mickhall.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /owa-auth-logon.aspx/favicon.ico HTTP/1.1Host: mickhall.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: mickhall.co.uk
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal48.phis.win@16/10@6/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2204,i,17988096547459354591,2257509875742310024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mickhall.co.uk/owa-auth-logon.aspx/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2204,i,17988096547459354591,2257509875742310024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Obfuscated Files or Information		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://mickhall.co.uk/owa-auth-logon.aspx/index.html0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://mickhall.co.uk/owa-auth-logon.aspx/favicon.ico0%Avira URL Cloudsafe
https://mickhall.co.uk/owa-auth-logon.aspx/image.png0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
mickhall.co.uk
149.255.62.140
truetrue
    		unknown
    www.google.com
    		142.250.185.132
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://mickhall.co.uk/owa-auth-logon.aspx/favicon.icofalse
      • Avira URL Cloud: safe
      		unknown
      https://mickhall.co.uk/owa-auth-logon.aspx/index.htmltrue
        		unknown
        https://mickhall.co.uk/owa-auth-logon.aspx/image.pngfalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        142.250.185.132
        		www.google.comUnited States
        		15169GOOGLEUSfalse
        149.255.62.140
        		mickhall.co.ukUnited Kingdom
        		34931AWARESOFTGBtrue

        Private

        IP
        192.168.2.4

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1585898
        Start date and time:2025-01-08 13:34:13 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 58s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:https://mickhall.co.uk/owa-auth-logon.aspx/index.html
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:8
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal48.phis.win@16/10@6/4
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.181.238, 142.250.110.84, 172.217.18.14, 142.250.185.174, 142.250.185.110, 142.250.185.202, 142.250.185.106, 142.250.185.234, 142.250.186.42, 142.250.186.138, 142.250.185.138, 142.250.185.170, 216.58.212.170, 216.58.206.74, 142.250.186.74, 142.250.184.234, 142.250.186.106, 142.250.74.202, 172.217.18.10, 172.217.16.202, 142.250.185.74, 142.250.185.78, 199.232.214.172, 192.229.221.95, 142.250.186.78, 142.250.186.174, 216.58.206.78, 142.250.186.163, 184.28.90.27, 20.109.210.53, 13.107.253.45
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: https://mickhall.co.uk/owa-auth-logon.aspx/index.html

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        Chrome Cache Entry: 44

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with no line terminators
        Category:downloaded
        Size (bytes):44
        Entropy (8bit):4.5077429145253145
        Encrypted:false
        SSDEEP:3:sLei3Xa8LDaGqJ:sRn5LDNqJ
        MD5:E136EDEEEF6EF9664E8A32591220ACDE
        SHA1:5EF9885CE46D548EE8A3329E2DB59828A19154B8
        SHA-256:28987AB581BF8E488474FCE077C4CEBF78F16915107D9F34E2AF64E53BEFA4E3
        SHA-512:F4583448A1146B61405BBB524284213F56B9ACAAB7552E3A8B8230C04B2B3EE5B3A08561536C19A9B58076D2D17B5512B903B424713DFCE5206B42B80B08DD13
        Malicious:false
        Reputation:low
        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHglgBkYPbypYzhIFDXhvEhkSBQ2e7oKCEgUNzkFMeg==?alt=proto
        Preview:Ch8KCw14bxIZGgQICRgBCgcNnu6CghoACgcNzkFMehoA

        Chrome Cache Entry: 45

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 951 x 323, 8-bit/color RGBA, non-interlaced
        Category:downloaded
        Size (bytes):67163
        Entropy (8bit):7.965220156452789
        Encrypted:false
        SSDEEP:1536:z0OFsomr/6f87Ke93+VAyUfDZvYXCn6vn2B7:z0OFsbr/607d931VeC0nI
        MD5:1D1797586EB441DA3E3E237C56717206
        SHA1:F614DAC31228EF93C826FD4DEE5E6D1622AEEE9B
        SHA-256:AC3E6457B3B51A35DAA8140DC38F863E27DC92CC45EACBF5DA3E2C7CD4E7EE67
        SHA-512:88192FA6AC61D5DED23AE73DB468FF419BF8552AE9923EB23C388D222DE17D8F111B8E03C71BF68B9CEE9A65A929DA8ADFF305A3076198BB5BF1333A545ABE40
        Malicious:false
        Reputation:low
        URL:https://mickhall.co.uk/owa-auth-logon.aspx/image.png
        Preview:.PNG........IHDR.......C........%....sRGB.........gAMA......a.....pHYs...t...t..f.x...aiTXtSnipMetadata.....{"clipPoints":[{"x":0,"y":0},{"x":951,"y":0},{"x":951,"y":324},{"x":0,"y":324}]}.d.H...8IDATx^...$Wu..v.<;.9j.VaWZe!..B.E.,L...D.1..m...>..`.-...E..!.%$.....gg'.N...y....;..=s..3].n.x....EQ.EQ.EQ.E.`...(..(..(..T,j.*..(..(..(......(..(..(J...(..(..(.R..R..7.EO.Au<.Y5q.(..(..(........'...c=8....~.i.Ek*....M...3.zW+..(..(.Ri.q.LK..2.|...:R.u...Z...A....".L.]..2.*4.U./.?....b.nEQ.EQ.EQ*.5n...`[/..j...><...{.3h..#....$.....!...E..f.V..7..[.T.VQ.EQ.EQ*.5n.....Q..\.....~.l............pO..PD$..HH.E.YyB..a.7...u..j.....U.EQ.EQ.JF.[.,........39t'.h.J.Hg?6.oC..n?...>1rCv..0cn.b.R.17$....L..p.[,e!....&...F.[EQ.EQ.E.`.UN84di..&.8.-.lw.m.y.o.....Z.R.u,.>1rK....a..Q.[7....>~.j......(..(.R..q.L).l...GDv........f.*.m.2...>..q..D.jkp.|...m.-F.[EQ.EQ.EQ.Q.V.4R..G:...`........;.Do&..L.].$z.....4=...1U%.r.'....x.|...9...v).R..7...q.(..(..(..5n......h.^.....m....=.

        Chrome Cache Entry: 46

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
        Category:dropped
        Size (bytes):7886
        Entropy (8bit):3.5472733281483655
        Encrypted:false
        SSDEEP:48:g8KokgDQoxTP0Vh0jV/H2kPxL6GUEtcrCOmgfzQumtGCzYoITin0iarrWtwVWsiw:97DdTGhGW6yS7Kvs/WjiUKqWmNQOWY
        MD5:759FADE9033AA298629E4B000DCD6DDE
        SHA1:34A1ADF5C7326D7BDE5B5735471B5D81E611C189
        SHA-256:CF0808A61EC571E0C4975663903B288009D55502AC0445D9948983B339A5CF6E
        SHA-512:E96E93B13D70420D4D509D89A6337651440AE049B2A23D57C6250987003C46512C40C85C41BFA1C473A704801C961FFBE421522B89A1C34BA3B9E82A6D0769ED
        Malicious:false
        Reputation:low
        Preview:...... .... .....6......... ............... .h...f...(... ...@..... ..................................................................................................l.......................................................................................................o...o.6.n.f.m...m...l...l...................................................................................s.0.s.Z.r...q...p...o...o...n...m...m...l...l...........................................................w...v.K.v.x.u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v

        Chrome Cache Entry: 47

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 951 x 323, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):67163
        Entropy (8bit):7.965220156452789
        Encrypted:false
        SSDEEP:1536:z0OFsomr/6f87Ke93+VAyUfDZvYXCn6vn2B7:z0OFsbr/607d931VeC0nI
        MD5:1D1797586EB441DA3E3E237C56717206
        SHA1:F614DAC31228EF93C826FD4DEE5E6D1622AEEE9B
        SHA-256:AC3E6457B3B51A35DAA8140DC38F863E27DC92CC45EACBF5DA3E2C7CD4E7EE67
        SHA-512:88192FA6AC61D5DED23AE73DB468FF419BF8552AE9923EB23C388D222DE17D8F111B8E03C71BF68B9CEE9A65A929DA8ADFF305A3076198BB5BF1333A545ABE40
        Malicious:false
        Reputation:low
        Preview:.PNG........IHDR.......C........%....sRGB.........gAMA......a.....pHYs...t...t..f.x...aiTXtSnipMetadata.....{"clipPoints":[{"x":0,"y":0},{"x":951,"y":0},{"x":951,"y":324},{"x":0,"y":324}]}.d.H...8IDATx^...$Wu..v.<;.9j.VaWZe!..B.E.,L...D.1..m...>..`.-...E..!.%$.....gg'.N...y....;..=s..3].n.x....EQ.EQ.EQ.E.`...(..(..(..T,j.*..(..(..(......(..(..(J...(..(..(.R..R..7.EO.Au<.Y5q.(..(..(........'...c=8....~.i.Ek*....M...3.zW+..(..(.Ri.q.LK..2.|...:R.u...Z...A....".L.]..2.*4.U./.?....b.nEQ.EQ.EQ*.5n...`[/..j...><...{.3h..#....$.....!...E..f.V..7..[.T.VQ.EQ.EQ*.5n.....Q..\.....~.l............pO..PD$..HH.E.YyB..a.7...u..j.....U.EQ.EQ.JF.[.,........39t'.h.J.Hg?6.oC..n?...>1rCv..0cn.b.R.17$....L..p.[,e!....&...F.[EQ.EQ.E.`.UN84di..&.8.-.lw.m.y.o.....Z.R.u,.>1rK....a..Q.[7....>~.j......(..(.R..q.L).l...GDv........f.*.m.2...>..q..D.jkp.|...m.-F.[EQ.EQ.EQ.Q.V.4R..G:...`........;.Do&..L.].$z.....4=...1U%.r.'....x.|...9...v).R..7...q.(..(..(..5n......h.^.....m....=.

        Chrome Cache Entry: 48

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
        Category:downloaded
        Size (bytes):4528
        Entropy (8bit):4.425452399299421
        Encrypted:false
        SSDEEP:48:tkOZ9PYDX6PAEjrDcsC+DGtB3HxBqKTANo9SX0GFVfgFljHuK:Gi9jJjrDcsv6jRTIC
        MD5:FEBF3D757C83E76EC5ED0E65AC060054
        SHA1:5AC544D2B31936CC10B1214D2AE6EB170BC214CB
        SHA-256:E43CBDCF6A82A2D29F2D96DF05CE11B68C81ED85F96CA1DD74EA1CA9874624ED
        SHA-512:153CD179713796F5A9B81247E728D25B00D7A6740E4DEA2420E635D9EFBF1CE56929F0F330D31B222287286AC4D670E7A4ADE685AABB924221994ECFA4A4B091
        Malicious:false
        Reputation:low
        URL:https://mickhall.co.uk/owa-auth-logon.aspx/index.html
        Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Login - MyApp</title>.. <link rel="icon" href="favicon.ico" type="image/x-icon">.. <style>.. body {.. font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;.. background-color: #f3f3f3;.. margin: 0;.. display: flex;.. justify-content: center;.. align-items: center;.. height: 100vh;.. }.... .container {.. background-color: #ffffff;.. width: 500px;.. padding: 20px 30px;.. box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);.. border-radius: 8px;.. text-align: center;.. }.... .logo {.. max-width: 200px;.. height: auto;.. margin-bottom: 20px;.. }.... h2 {.. font-family: Arial, sans-serif;..

        Chrome Cache Entry: 49

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
        Category:downloaded
        Size (bytes):7886
        Entropy (8bit):3.5472733281483655
        Encrypted:false
        SSDEEP:48:g8KokgDQoxTP0Vh0jV/H2kPxL6GUEtcrCOmgfzQumtGCzYoITin0iarrWtwVWsiw:97DdTGhGW6yS7Kvs/WjiUKqWmNQOWY
        MD5:759FADE9033AA298629E4B000DCD6DDE
        SHA1:34A1ADF5C7326D7BDE5B5735471B5D81E611C189
        SHA-256:CF0808A61EC571E0C4975663903B288009D55502AC0445D9948983B339A5CF6E
        SHA-512:E96E93B13D70420D4D509D89A6337651440AE049B2A23D57C6250987003C46512C40C85C41BFA1C473A704801C961FFBE421522B89A1C34BA3B9E82A6D0769ED
        Malicious:false
        Reputation:low
        URL:https://mickhall.co.uk/owa-auth-logon.aspx/favicon.ico
        Preview:...... .... .....6......... ............... .h...f...(... ...@..... ..................................................................................................l.......................................................................................................o...o.6.n.f.m...m...l...l...................................................................................s.0.s.Z.r...q...p...o...o...n...m...m...l...l...........................................................w...v.K.v.x.u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v...v...u...u...t...s...s...r...q...p...o...o...n...m...m...l...l...........................................................w...v

        Static File Info

        No static file info

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 8, 2025 13:34:56.973453045 CET49675443192.168.2.4173.222.162.32
        Jan 8, 2025 13:35:06.582357883 CET49675443192.168.2.4173.222.162.32
        Jan 8, 2025 13:35:09.137464046 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:09.137501955 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:09.137573004 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:09.137785912 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:09.137800932 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:09.870126009 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:09.871783018 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:09.871804953 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:09.872790098 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:09.872867107 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:09.874063969 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:09.874141932 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:09.930030107 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:09.930048943 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:09.972740889 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:10.538258076 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:10.538288116 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:10.538355112 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:10.538664103 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:10.538677931 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:10.547250032 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:10.547292948 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:10.547354937 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:10.547566891 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:10.547581911 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.244169950 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.246356010 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.265264988 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.265286922 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.265739918 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.265757084 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.266161919 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.266222954 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.266639948 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.266700029 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.286880016 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.286956072 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.287408113 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.287430048 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.289083958 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.289158106 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.338104963 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.338140011 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.338149071 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.383764029 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.582268953 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.582289934 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.582298040 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.582343102 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.582369089 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.582405090 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.596515894 CET49741443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.596539021 CET44349741149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.607501030 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.651328087 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869616032 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869636059 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869647026 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869669914 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869682074 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869688988 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869708061 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.869725943 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869757891 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.869760036 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.869775057 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.877007961 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.877023935 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.877041101 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.877062082 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.877069950 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.877090931 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.877118111 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.919131041 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.959330082 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.959338903 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.959367990 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.959398985 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.959418058 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.959431887 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.959480047 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.959501028 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.966384888 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.966402054 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.966470957 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.966476917 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.966803074 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.966847897 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.966852903 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.966861010 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.966895103 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.976216078 CET49740443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.976227045 CET44349740149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.983875036 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.983910084 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:11.984087944 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.984289885 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:11.984303951 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.022727966 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.022762060 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.022825003 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.023027897 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.023041964 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.711401939 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.711739063 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.711754084 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.712044001 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.712555885 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.712606907 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.712977886 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.755328894 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.855503082 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.855732918 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.855761051 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.856631041 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.856682062 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.857012033 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.857069016 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.857157946 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:12.857165098 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:12.910078049 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.000869989 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.000891924 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.000941992 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.000951052 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.000989914 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.002465963 CET49744443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.002481937 CET44349744149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.006562948 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.006578922 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.006633043 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.006989002 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.007000923 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.308659077 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.308671951 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.308680058 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.308708906 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.308716059 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.308722019 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.308896065 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.308896065 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.308933020 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.308984041 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.325743914 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.325759888 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.325828075 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.325845957 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.370744944 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.412761927 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.412770987 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.412818909 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.412827969 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.412980080 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.412980080 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.412995100 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.415558100 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.447634935 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.447664976 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.447702885 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.447757959 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.447832108 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.447832108 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.459348917 CET49745443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.459366083 CET44349745149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.816405058 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.816704988 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.816725016 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.817029953 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.817450047 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.817508936 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:13.817625999 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:13.863318920 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:14.113236904 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:14.113255024 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:14.113307953 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:14.113339901 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:14.113383055 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:14.115597010 CET49746443192.168.2.4149.255.62.140
        Jan 8, 2025 13:35:14.115608931 CET44349746149.255.62.140192.168.2.4
        Jan 8, 2025 13:35:19.771843910 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:19.771905899 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:35:19.772027969 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:21.506731987 CET49738443192.168.2.4142.250.185.132
        Jan 8, 2025 13:35:21.506745100 CET44349738142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:09.186563969 CET49796443192.168.2.4142.250.185.132
        Jan 8, 2025 13:36:09.186575890 CET44349796142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:09.186640024 CET49796443192.168.2.4142.250.185.132
        Jan 8, 2025 13:36:09.186877012 CET49796443192.168.2.4142.250.185.132
        Jan 8, 2025 13:36:09.186887026 CET44349796142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:09.833390951 CET44349796142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:09.875839949 CET49796443192.168.2.4142.250.185.132
        Jan 8, 2025 13:36:09.875866890 CET44349796142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:09.876302958 CET44349796142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:09.876969099 CET49796443192.168.2.4142.250.185.132
        Jan 8, 2025 13:36:09.877042055 CET44349796142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:09.919428110 CET49796443192.168.2.4142.250.185.132
        Jan 8, 2025 13:36:14.426882029 CET4972380192.168.2.4199.232.210.172
        Jan 8, 2025 13:36:14.426942110 CET4972480192.168.2.4199.232.210.172
        Jan 8, 2025 13:36:14.431879044 CET8049723199.232.210.172192.168.2.4
        Jan 8, 2025 13:36:14.431953907 CET4972380192.168.2.4199.232.210.172
        Jan 8, 2025 13:36:14.432284117 CET8049724199.232.210.172192.168.2.4
        Jan 8, 2025 13:36:14.432336092 CET4972480192.168.2.4199.232.210.172
        Jan 8, 2025 13:36:19.740052938 CET44349796142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:19.740124941 CET44349796142.250.185.132192.168.2.4
        Jan 8, 2025 13:36:19.740180016 CET49796443192.168.2.4142.250.185.132
        Jan 8, 2025 13:36:21.546312094 CET49796443192.168.2.4142.250.185.132
        Jan 8, 2025 13:36:21.546344042 CET44349796142.250.185.132192.168.2.4

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 8, 2025 13:35:05.287344933 CET53593311.1.1.1192.168.2.4
        Jan 8, 2025 13:35:05.330305099 CET53588131.1.1.1192.168.2.4
        Jan 8, 2025 13:35:06.591134071 CET53614221.1.1.1192.168.2.4
        Jan 8, 2025 13:35:09.129853010 CET5011753192.168.2.41.1.1.1
        Jan 8, 2025 13:35:09.129966021 CET4945553192.168.2.41.1.1.1
        Jan 8, 2025 13:35:09.136610031 CET53494551.1.1.1192.168.2.4
        Jan 8, 2025 13:35:09.136624098 CET53501171.1.1.1192.168.2.4
        Jan 8, 2025 13:35:10.486804962 CET6334953192.168.2.41.1.1.1
        Jan 8, 2025 13:35:10.487020969 CET5039453192.168.2.41.1.1.1
        Jan 8, 2025 13:35:10.519623041 CET53633491.1.1.1192.168.2.4
        Jan 8, 2025 13:35:10.537832975 CET53503941.1.1.1192.168.2.4
        Jan 8, 2025 13:35:11.681082010 CET53558471.1.1.1192.168.2.4
        Jan 8, 2025 13:35:11.987232924 CET4952053192.168.2.41.1.1.1
        Jan 8, 2025 13:35:11.987552881 CET5269353192.168.2.41.1.1.1
        Jan 8, 2025 13:35:11.994429111 CET53526931.1.1.1192.168.2.4
        Jan 8, 2025 13:35:12.022181988 CET53495201.1.1.1192.168.2.4
        Jan 8, 2025 13:35:23.621944904 CET53539551.1.1.1192.168.2.4
        Jan 8, 2025 13:35:25.994853020 CET138138192.168.2.4192.168.2.255
        Jan 8, 2025 13:35:42.443726063 CET53626471.1.1.1192.168.2.4
        Jan 8, 2025 13:36:04.794411898 CET53523171.1.1.1192.168.2.4
        Jan 8, 2025 13:36:05.356209993 CET53576101.1.1.1192.168.2.4

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 8, 2025 13:35:09.129853010 CET192.168.2.41.1.1.10x51b5Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Jan 8, 2025 13:35:09.129966021 CET192.168.2.41.1.1.10x8d14Standard query (0)www.google.com65IN (0x0001)false
        Jan 8, 2025 13:35:10.486804962 CET192.168.2.41.1.1.10x3f8aStandard query (0)mickhall.co.ukA (IP address)IN (0x0001)false
        Jan 8, 2025 13:35:10.487020969 CET192.168.2.41.1.1.10xa380Standard query (0)mickhall.co.uk65IN (0x0001)false
        Jan 8, 2025 13:35:11.987232924 CET192.168.2.41.1.1.10x6f6eStandard query (0)mickhall.co.ukA (IP address)IN (0x0001)false
        Jan 8, 2025 13:35:11.987552881 CET192.168.2.41.1.1.10x617Standard query (0)mickhall.co.uk65IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 8, 2025 13:35:09.136610031 CET1.1.1.1192.168.2.40x8d14No error (0)www.google.com65IN (0x0001)false
        Jan 8, 2025 13:35:09.136624098 CET1.1.1.1192.168.2.40x51b5No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
        Jan 8, 2025 13:35:10.519623041 CET1.1.1.1192.168.2.40x3f8aNo error (0)mickhall.co.uk149.255.62.140A (IP address)IN (0x0001)false
        Jan 8, 2025 13:35:12.022181988 CET1.1.1.1192.168.2.40x6f6eNo error (0)mickhall.co.uk149.255.62.140A (IP address)IN (0x0001)false

        HTTP Request Dependency Graph

        • mickhall.co.uk
        • https:

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.449741149.255.62.1404434928C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2025-01-08 12:35:11 UTC687OUTGET /owa-auth-logon.aspx/index.html HTTP/1.1
        Host: mickhall.co.uk
        Connection: keep-alive
        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
        sec-ch-ua-mobile: ?0
        sec-ch-ua-platform: "Windows"
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: navigate
        Sec-Fetch-User: ?1
        Sec-Fetch-Dest: document
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2025-01-08 12:35:11 UTC251INHTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 08 Jan 2025 12:35:11 GMT
        Content-Type: text/html
        Content-Length: 4528
        Connection: close
        Vary: Accept-Encoding
        Last-Modified: Thu, 12 Dec 2024 15:33:21 GMT
        Vary: Accept-Encoding
        Accept-Ranges: bytes
        2025-01-08 12:35:11 UTC4528INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4c 6f 67 69 6e 20 2d 20 4d 79 41 70 70 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d
        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Login - MyApp</title> <link rel="icon" href="favicon.ico" type="image/x-icon"> <style>


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        1192.168.2.449740149.255.62.1404434928C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2025-01-08 12:35:11 UTC632OUTGET /owa-auth-logon.aspx/image.png HTTP/1.1
        Host: mickhall.co.uk
        Connection: keep-alive
        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
        sec-ch-ua-mobile: ?0
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        sec-ch-ua-platform: "Windows"
        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
        Sec-Fetch-Site: same-origin
        Sec-Fetch-Mode: no-cors
        Sec-Fetch-Dest: image
        Referer: https://mickhall.co.uk/owa-auth-logon.aspx/index.html
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2025-01-08 12:35:11 UTC206INHTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 08 Jan 2025 12:35:11 GMT
        Content-Type: image/png
        Content-Length: 67163
        Connection: close
        Last-Modified: Mon, 09 Dec 2024 09:38:45 GMT
        Accept-Ranges: bytes
        2025-01-08 12:35:11 UTC16178INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 b7 00 00 01 43 08 06 00 00 00 e1 f8 f9 25 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 12 74 00 00 12 74 01 de 66 1f 78 00 00 00 61 69 54 58 74 53 6e 69 70 4d 65 74 61 64 61 74 61 00 00 00 00 00 7b 22 63 6c 69 70 50 6f 69 6e 74 73 22 3a 5b 7b 22 78 22 3a 30 2c 22 79 22 3a 30 7d 2c 7b 22 78 22 3a 39 35 31 2c 22 79 22 3a 30 7d 2c 7b 22 78 22 3a 39 35 31 2c 22 79 22 3a 33 32 34 7d 2c 7b 22 78 22 3a 30 2c 22 79 22 3a 33 32 34 7d 5d 7d 7f 64 13 48 00 00 ff 38 49 44 41 54 78 5e ec bd 07 80 24 57 75 b6 fd 76 9e 3c 3b b3 39 6a a3 56 61 57 5a 65 21 81 02 42 08 45 82 2c 4c 10 c9 c6 44 db 9f 31 c9 fe 6d 9c ed 0f 3e 1b 9b 60 82 2d c0 18 11
        Data Ascii: PNGIHDRC%sRGBgAMAapHYsttfxaiTXtSnipMetadata{"clipPoints":[{"x":0,"y":0},{"x":951,"y":0},{"x":951,"y":324},{"x":0,"y":324}]}dH8IDATx^$Wuv<;9jVaWZe!BE,LD1m>`-
        2025-01-08 12:35:11 UTC16384INData Raw: 91 cd b5 76 69 d4 8e 0e ef a1 4b 23 62 0c d8 99 8b 69 a0 f3 56 8e 91 ea 43 35 8e 26 63 f8 f1 43 9b f0 c3 df 6e 46 bf 38 26 93 71 90 33 91 77 c2 5f 54 1a 79 1c 6d e7 b8 fc ce ad 4b e0 a2 b3 4f 43 88 93 4a 89 f2 64 c7 fc 4e 0f 18 36 8e 2b 7e ec ed 2b e3 20 cc ee c5 12 41 a2 51 3c b7 b7 03 5f f9 c9 33 d8 7e b8 1f dd e9 10 72 12 5f 1d d3 fd de 2a d8 8c c7 ec 51 01 27 65 2a 9e 6a ab e3 a8 ab 8a 60 76 2c 8d f7 dd fc 2a bc e1 b2 65 58 56 9f 30 a3 06 ad d9 ca 71 dd 31 d9 0a 1b e3 76 a4 d8 3d d2 39 65 7a d0 dd 9f c1 ff 3c b0 17 c7 7a 38 fb ef f8 60 7c 4a 48 a9 ff e6 0b e6 e3 d6 4b 96 a1 b6 aa 30 53 fe 74 80 eb f0 5e 7e da 42 7c f6 96 53 25 9d 65 4c 5e 66 fb 35 94 c6 28 41 a6 9c 64 f7 35 39 90 77 f0 cb 8d 87 f0 f4 ee 36 7b 81 32 8d a8 f4 dc 51 4b 66 45 19 2b 4c ed
        Data Ascii: viK#biVC5&cCnF8&q3w_TymKOCJdN6+~+ AQ<_3~r_*Q'e*j`v,*eXV0q1v=9ez<z8`|JHK0St^~B|S%eL^f5(Ad59w6{2QKfE+L
        2025-01-08 12:35:11 UTC16384INData Raw: c6 81 b6 c9 1b d3 7c 22 e0 98 f4 cf fc 6c 37 1e d9 da 89 b0 d8 12 1c ba 66 5a ac 3d fd 8a 7f a9 47 da 25 b2 ec f7 1b 1b c4 48 0e 8b eb 5d fc d9 35 6b 70 cd 86 53 02 43 61 4e 0c e5 9b 3a 27 80 19 e3 28 bf c6 c3 29 e2 c1 94 a9 86 e3 5b 87 93 13 0b 23 97 fd 7e 8e f9 34 a3 48 b8 e3 1d 57 8a 31 b1 c4 6e 1a 5f b3 0c c4 9f 01 e1 3f 2e c4 5e 8d 98 d9 b6 3e 1a 91 3f 17 2c 0e e3 7f 3f fe 26 5c ba 08 a8 ca 4a 06 e0 f4 9b 2e be 26 ed 8b d2 9d e7 0c ae 6c 39 e5 e4 0e 66 d9 80 2a e4 a2 b3 70 c4 99 85 af fc 66 13 6e fb f5 f3 d8 df 97 35 86 69 3a ef b0 58 f5 9e 3e 5a dc 91 6b 24 f3 e0 e2 42 0c 69 2e c1 be b9 37 8d bf ff d6 03 78 66 e7 61 64 c3 55 88 24 aa 10 8e c8 bb 4d 42 10 07 89 3b 10 8e cb 6f 5c be 41 8c ed 6c 06 d1 9c 83 fa 68 1e bf 7f f9 59 78 cf 35 6b b1 b4 26 02
        Data Ascii: |"l7fZ=G%H]5kpSCaN:'()[#~4HW1n_?.^>?,?&\J.&l9f*pfn5i:X>Zk$Bi.7xfadU$MB;o\AlhYx5k&
        2025-01-08 12:35:11 UTC16384INData Raw: 97 9f 1e c3 5d 2f 75 20 91 91 32 6d 48 9c ca 73 9b 0a 2d dd 58 3c 61 9b f5 05 b1 7d 55 3d de 79 e1 2a 54 95 79 0b f7 4f 3d 6b 17 94 9a 89 a5 26 c2 88 5a e3 5f eb 58 c6 fc fb 63 4d ee d1 d9 e5 eb 3f 3f 84 d6 01 a6 9f dc 72 2f 7f aa 9b f3 e4 24 88 a3 5d 31 77 6b 7e 51 51 1a c4 47 af 5c 85 12 11 74 a6 1b 84 13 02 21 2e 22 2f 21 9f 5e bd 6b a4 63 aa e4 24 67 0f bf de 2a b6 63 6e ac e5 39 1e 5d 03 31 fc e0 f9 66 1c ef 8f b1 f6 66 ea c5 6c cd c8 9b 5a e5 90 27 6e eb 2a 4a f0 c1 ab 36 ba 07 4e 9e d2 50 00 b7 9e db 80 8a 80 5d fa 6b 34 b6 ce cd c6 49 2e ff 15 32 8e 35 d0 ac 3f 81 27 0e 76 e3 3b cf b7 ce c9 25 c0 3c a2 09 89 ff 9d 9d d8 79 6c c0 a4 8a c9 52 53 ea c7 3b ce 5f 66 26 9f 9d 12 18 9d ee e6 4c b0 e3 8c 25 f8 ec 7b cf c3 e6 a5 55 ee 9e d1 30 34 e8 ac 9a
        Data Ascii: ]/u 2mHs-X<a}U=y*TyO=k&Z_XcM??r/$]1wk~QQG\t!."/!^kc$g*cn9]1fflZ'n*J6NP]k4I.25?'v;%<ylRS;_f&L%{U04
        2025-01-08 12:35:11 UTC1833INData Raw: 0e 3a 44 00 37 75 85 d1 da 1b c7 b1 9e 38 f6 b5 87 dd b3 87 19 1b 48 b9 82 35 0b bf 04 23 9d 59 be c8 9d a5 d9 2a 28 be ef 3b 6a 76 66 f3 ae 30 af e8 39 65 a6 51 71 ab 28 8a a2 28 8a a2 28 c5 c5 bc 13 b7 f9 e0 52 45 9c b5 39 91 92 cf 14 67 6f ce a0 ad 27 6c 86 38 ef 6f e9 c1 a1 8e 30 76 1d 8f 23 ce 25 8a 72 b0 01 c7 19 9c 81 80 04 23 d7 d3 e5 ec cc 9c ba 2a e0 58 39 9b 05 67 77 16 81 eb ce de 6c 85 ad 15 b7 9c d8 4a a5 ed ec a0 e2 56 51 14 45 51 14 45 51 8a 0b 15 b7 13 60 43 c6 15 a0 f2 67 77 cb 00 0e 1e 0f e3 d5 a6 5e ec 6d 1d 34 6e 30 e9 20 ed 2b 11 d9 ea 20 98 4d f1 4c a3 9c 4a b2 49 b3 e9 20 24 3f a5 92 f2 65 a2 e8 9b 00 00 06 3f 49 44 41 54 1c 85 ad 85 d7 f5 44 d6 54 60 d7 fe f5 90 2f 53 79 f1 22 43 c5 ad a2 28 8a a2 28 8a a2 14 17 2a 6e 4f 93 fd cd
        Data Ascii: :D7u8H5#Y*(;jvf09eQq(((RE9go'l8o0v#%r#*X9gwlJVQEQEQ`Cgw^m4n0 + MLJI $?e?IDATDT`/Sy"C((*nO


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        2192.168.2.449744149.255.62.1404434928C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2025-01-08 12:35:12 UTC634OUTGET /owa-auth-logon.aspx/favicon.ico HTTP/1.1
        Host: mickhall.co.uk
        Connection: keep-alive
        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
        sec-ch-ua-mobile: ?0
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        sec-ch-ua-platform: "Windows"
        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
        Sec-Fetch-Site: same-origin
        Sec-Fetch-Mode: no-cors
        Sec-Fetch-Dest: image
        Referer: https://mickhall.co.uk/owa-auth-logon.aspx/index.html
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2025-01-08 12:35:12 UTC254INHTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 08 Jan 2025 12:35:12 GMT
        Content-Type: image/x-icon
        Content-Length: 7886
        Connection: close
        Vary: Accept-Encoding
        Last-Modified: Mon, 09 Dec 2024 10:30:21 GMT
        Vary: Accept-Encoding
        Accept-Ranges: bytes
        2025-01-08 12:35:12 UTC7886INData Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c2 6c 00 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        Data Ascii: 6 hf( @ l


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        3192.168.2.449745149.255.62.1404434928C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2025-01-08 12:35:12 UTC367OUTGET /owa-auth-logon.aspx/image.png HTTP/1.1
        Host: mickhall.co.uk
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: */*
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: cors
        Sec-Fetch-Dest: empty
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2025-01-08 12:35:13 UTC206INHTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 08 Jan 2025 12:35:13 GMT
        Content-Type: image/png
        Content-Length: 67163
        Connection: close
        Last-Modified: Mon, 09 Dec 2024 09:38:45 GMT
        Accept-Ranges: bytes
        2025-01-08 12:35:13 UTC16178INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 b7 00 00 01 43 08 06 00 00 00 e1 f8 f9 25 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 12 74 00 00 12 74 01 de 66 1f 78 00 00 00 61 69 54 58 74 53 6e 69 70 4d 65 74 61 64 61 74 61 00 00 00 00 00 7b 22 63 6c 69 70 50 6f 69 6e 74 73 22 3a 5b 7b 22 78 22 3a 30 2c 22 79 22 3a 30 7d 2c 7b 22 78 22 3a 39 35 31 2c 22 79 22 3a 30 7d 2c 7b 22 78 22 3a 39 35 31 2c 22 79 22 3a 33 32 34 7d 2c 7b 22 78 22 3a 30 2c 22 79 22 3a 33 32 34 7d 5d 7d 7f 64 13 48 00 00 ff 38 49 44 41 54 78 5e ec bd 07 80 24 57 75 b6 fd 76 9e 3c 3b b3 39 6a a3 56 61 57 5a 65 21 81 02 42 08 45 82 2c 4c 10 c9 c6 44 db 9f 31 c9 fe 6d 9c ed 0f 3e 1b 9b 60 82 2d c0 18 11
        Data Ascii: PNGIHDRC%sRGBgAMAapHYsttfxaiTXtSnipMetadata{"clipPoints":[{"x":0,"y":0},{"x":951,"y":0},{"x":951,"y":324},{"x":0,"y":324}]}dH8IDATx^$Wuv<;9jVaWZe!BE,LD1m>`-
        2025-01-08 12:35:13 UTC16384INData Raw: 91 cd b5 76 69 d4 8e 0e ef a1 4b 23 62 0c d8 99 8b 69 a0 f3 56 8e 91 ea 43 35 8e 26 63 f8 f1 43 9b f0 c3 df 6e 46 bf 38 26 93 71 90 33 91 77 c2 5f 54 1a 79 1c 6d e7 b8 fc ce ad 4b e0 a2 b3 4f 43 88 93 4a 89 f2 64 c7 fc 4e 0f 18 36 8e 2b 7e ec ed 2b e3 20 cc ee c5 12 41 a2 51 3c b7 b7 03 5f f9 c9 33 d8 7e b8 1f dd e9 10 72 12 5f 1d d3 fd de 2a d8 8c c7 ec 51 01 27 65 2a 9e 6a ab e3 a8 ab 8a 60 76 2c 8d f7 dd fc 2a bc e1 b2 65 58 56 9f 30 a3 06 ad d9 ca 71 dd 31 d9 0a 1b e3 76 a4 d8 3d d2 39 65 7a d0 dd 9f c1 ff 3c b0 17 c7 7a 38 fb ef f8 60 7c 4a 48 a9 ff e6 0b e6 e3 d6 4b 96 a1 b6 aa 30 53 fe 74 80 eb f0 5e 7e da 42 7c f6 96 53 25 9d 65 4c 5e 66 fb 35 94 c6 28 41 a6 9c 64 f7 35 39 90 77 f0 cb 8d 87 f0 f4 ee 36 7b 81 32 8d a8 f4 dc 51 4b 66 45 19 2b 4c ed
        Data Ascii: viK#biVC5&cCnF8&q3w_TymKOCJdN6+~+ AQ<_3~r_*Q'e*j`v,*eXV0q1v=9ez<z8`|JHK0St^~B|S%eL^f5(Ad59w6{2QKfE+L
        2025-01-08 12:35:13 UTC16384INData Raw: c6 81 b6 c9 1b d3 7c 22 e0 98 f4 cf fc 6c 37 1e d9 da 89 b0 d8 12 1c ba 66 5a ac 3d fd 8a 7f a9 47 da 25 b2 ec f7 1b 1b c4 48 0e 8b eb 5d fc d9 35 6b 70 cd 86 53 02 43 61 4e 0c e5 9b 3a 27 80 19 e3 28 bf c6 c3 29 e2 c1 94 a9 86 e3 5b 87 93 13 0b 23 97 fd 7e 8e f9 34 a3 48 b8 e3 1d 57 8a 31 b1 c4 6e 1a 5f b3 0c c4 9f 01 e1 3f 2e c4 5e 8d 98 d9 b6 3e 1a 91 3f 17 2c 0e e3 7f 3f fe 26 5c ba 08 a8 ca 4a 06 e0 f4 9b 2e be 26 ed 8b d2 9d e7 0c ae 6c 39 e5 e4 0e 66 d9 80 2a e4 a2 b3 70 c4 99 85 af fc 66 13 6e fb f5 f3 d8 df 97 35 86 69 3a ef b0 58 f5 9e 3e 5a dc 91 6b 24 f3 e0 e2 42 0c 69 2e c1 be b9 37 8d bf ff d6 03 78 66 e7 61 64 c3 55 88 24 aa 10 8e c8 bb 4d 42 10 07 89 3b 10 8e cb 6f 5c be 41 8c ed 6c 06 d1 9c 83 fa 68 1e bf 7f f9 59 78 cf 35 6b b1 b4 26 02
        Data Ascii: |"l7fZ=G%H]5kpSCaN:'()[#~4HW1n_?.^>?,?&\J.&l9f*pfn5i:X>Zk$Bi.7xfadU$MB;o\AlhYx5k&
        2025-01-08 12:35:13 UTC16384INData Raw: 97 9f 1e c3 5d 2f 75 20 91 91 32 6d 48 9c ca 73 9b 0a 2d dd 58 3c 61 9b f5 05 b1 7d 55 3d de 79 e1 2a 54 95 79 0b f7 4f 3d 6b 17 94 9a 89 a5 26 c2 88 5a e3 5f eb 58 c6 fc fb 63 4d ee d1 d9 e5 eb 3f 3f 84 d6 01 a6 9f dc 72 2f 7f aa 9b f3 e4 24 88 a3 5d 31 77 6b 7e 51 51 1a c4 47 af 5c 85 12 11 74 a6 1b 84 13 02 21 2e 22 2f 21 9f 5e bd 6b a4 63 aa e4 24 67 0f bf de 2a b6 63 6e ac e5 39 1e 5d 03 31 fc e0 f9 66 1c ef 8f b1 f6 66 ea c5 6c cd c8 9b 5a e5 90 27 6e eb 2a 4a f0 c1 ab 36 ba 07 4e 9e d2 50 00 b7 9e db 80 8a 80 5d fa 6b 34 b6 ce cd c6 49 2e ff 15 32 8e 35 d0 ac 3f 81 27 0e 76 e3 3b cf b7 ce c9 25 c0 3c a2 09 89 ff 9d 9d d8 79 6c c0 a4 8a c9 52 53 ea c7 3b ce 5f 66 26 9f 9d 12 18 9d ee e6 4c b0 e3 8c 25 f8 ec 7b cf c3 e6 a5 55 ee 9e d1 30 34 e8 ac 9a
        Data Ascii: ]/u 2mHs-X<a}U=y*TyO=k&Z_XcM??r/$]1wk~QQG\t!."/!^kc$g*cn9]1fflZ'n*J6NP]k4I.25?'v;%<ylRS;_f&L%{U04
        2025-01-08 12:35:13 UTC1833INData Raw: 0e 3a 44 00 37 75 85 d1 da 1b c7 b1 9e 38 f6 b5 87 dd b3 87 19 1b 48 b9 82 35 0b bf 04 23 9d 59 be c8 9d a5 d9 2a 28 be ef 3b 6a 76 66 f3 ae 30 af e8 39 65 a6 51 71 ab 28 8a a2 28 8a a2 28 c5 c5 bc 13 b7 f9 e0 52 45 9c b5 39 91 92 cf 14 67 6f ce a0 ad 27 6c 86 38 ef 6f e9 c1 a1 8e 30 76 1d 8f 23 ce 25 8a 72 b0 01 c7 19 9c 81 80 04 23 d7 d3 e5 ec cc 9c ba 2a e0 58 39 9b 05 67 77 16 81 eb ce de 6c 85 ad 15 b7 9c d8 4a a5 ed ec a0 e2 56 51 14 45 51 14 45 51 8a 0b 15 b7 13 60 43 c6 15 a0 f2 67 77 cb 00 0e 1e 0f e3 d5 a6 5e ec 6d 1d 34 6e 30 e9 20 ed 2b 11 d9 ea 20 98 4d f1 4c a3 9c 4a b2 49 b3 e9 20 24 3f a5 92 f2 65 a2 e8 9b 00 00 06 3f 49 44 41 54 1c 85 ad 85 d7 f5 44 d6 54 60 d7 fe f5 90 2f 53 79 f1 22 43 c5 ad a2 28 8a a2 28 8a a2 14 17 2a 6e 4f 93 fd cd
        Data Ascii: :D7u8H5#Y*(;jvf09eQq(((RE9go'l8o0v#%r#*X9gwlJVQEQEQ`Cgw^m4n0 + MLJI $?e?IDATDT`/Sy"C((*nO


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        4192.168.2.449746149.255.62.1404434928C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2025-01-08 12:35:13 UTC369OUTGET /owa-auth-logon.aspx/favicon.ico HTTP/1.1
        Host: mickhall.co.uk
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: */*
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: cors
        Sec-Fetch-Dest: empty
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2025-01-08 12:35:14 UTC254INHTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 08 Jan 2025 12:35:14 GMT
        Content-Type: image/x-icon
        Content-Length: 7886
        Connection: close
        Vary: Accept-Encoding
        Last-Modified: Mon, 09 Dec 2024 10:30:21 GMT
        Vary: Accept-Encoding
        Accept-Ranges: bytes
        2025-01-08 12:35:14 UTC7886INData Raw: 00 00 01 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 36 00 00 00 18 18 00 00 01 00 20 00 88 09 00 00 de 10 00 00 10 10 00 00 01 00 20 00 68 04 00 00 66 1a 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c2 6c 00 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        Data Ascii: 6 hf( @ l


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:07:35:00
        Start date:08/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:2
        Start time:07:35:03
        Start date:08/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2204,i,17988096547459354591,2257509875742310024,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:3
        Start time:07:35:09
        Start date:08/01/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mickhall.co.uk/owa-auth-logon.aspx/index.html"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Disassembly

        No disassembly