Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863

Overview

General Information

Sample URL:https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863
Analysis ID:800712
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

  • System is w10x64
  • chrome.exe (PID: 5812 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 6004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,2876507980441582479,18001650036527390366,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 4520 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863 HTTP/1.1Host: click.e.miro.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /expired.html HTTP/1.1Host: click.e.miro.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: click.e.miro.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://click.e.miro.com/expired.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: accounts.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 07 Feb 2023 17:34:43 GMTConnection: closeContent-Length: 1245
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: classification engineClassification label: clean0.win@25/0@5/8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,2876507980441582479,18001650036527390366,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,2876507980441582479,18001650036527390366,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a8068630%VirustotalBrowse
https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a8068630%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://click.e.miro.com/favicon.ico0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
216.58.209.45
truefalse
    high
    www.google.com
    142.250.184.100
    truefalse
      high
      clients.l.google.com
      142.250.180.174
      truefalse
        high
        click.e.miro.com
        159.92.136.102
        truefalse
          unknown
          clients2.google.com
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
              high
              https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863false
                unknown
                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                  high
                  https://click.e.miro.com/favicon.icofalse
                  • Avira URL Cloud: safe
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  159.92.136.102
                  click.e.miro.comUnited States
                  14340SALESFORCEUSfalse
                  239.255.255.250
                  unknownReserved
                  unknownunknownfalse
                  216.58.209.45
                  accounts.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.184.100
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  142.250.180.174
                  clients.l.google.comUnited States
                  15169GOOGLEUSfalse
                  IP
                  192.168.2.1
                  192.168.2.4
                  127.0.0.1
                  Joe Sandbox Version:36.0.0 Rainbow Opal
                  Analysis ID:800712
                  Start date and time:2023-02-07 18:33:34 +01:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 5m 46s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:11
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean0.win@25/0@5/8
                  EGA Information:Failed
                  HDC Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  • Exclude process from analysis (whitelisted): SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.184.99, 34.104.35.123, 142.250.180.163
                  • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, edgedl.me.gvt1.com, login.live.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                  No simulations
                  No context
                  No context
                  No context
                  No context
                  No context
                  No created / dropped files found
                  No static file info
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 7, 2023 18:34:41.689753056 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:41.689815998 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:41.689889908 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:41.690248966 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:41.690291882 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:41.690361977 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:41.690685987 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:41.690726042 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:41.690797091 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:41.692467928 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:41.692497969 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:41.692990065 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:41.693020105 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:41.693567038 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:41.693584919 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:41.810769081 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:41.826823950 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:41.845438957 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:41.866954088 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:41.874937057 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:41.974988937 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:42.221183062 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:42.221223116 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:42.227319956 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:42.227427959 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:42.227504015 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:42.230400085 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:42.230443954 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:42.230746031 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:42.230783939 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:42.231617928 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:42.231637955 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:42.231801987 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:42.232466936 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:42.232661009 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:42.233311892 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:42.233424902 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:42.274995089 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.005573988 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:43.005652905 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:43.005899906 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:43.005959988 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:43.005974054 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:43.006944895 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:43.006987095 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:43.007134914 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:43.007148027 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:43.007369995 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.007394075 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:43.007441998 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.007606983 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.007654905 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.007678986 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.048363924 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.048465014 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.048505068 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:43.048578024 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:43.048607111 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:43.048738956 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:43.048821926 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:43.071314096 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:43.071453094 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:43.071484089 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:43.071695089 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:43.071768999 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:43.179939985 CET49714443192.168.2.7216.58.209.45
                  Feb 7, 2023 18:34:43.180010080 CET44349714216.58.209.45192.168.2.7
                  Feb 7, 2023 18:34:43.187951088 CET49713443192.168.2.7142.250.180.174
                  Feb 7, 2023 18:34:43.187999964 CET44349713142.250.180.174192.168.2.7
                  Feb 7, 2023 18:34:43.365984917 CET49715443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.366015911 CET44349715159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.370598078 CET49716443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.370650053 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.370764017 CET49716443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.371145010 CET49716443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.371162891 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.432178020 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.443118095 CET49716443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.443161964 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.444225073 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.445157051 CET49716443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.445188046 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.445318937 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.445494890 CET49716443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.445506096 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.490669012 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.491390944 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.491453886 CET49716443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.492955923 CET49716443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.492986917 CET44349716159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.752362013 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.752413034 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.752506018 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.752805948 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.752825022 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.813182116 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.813718081 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.813756943 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.814476967 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.815272093 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.815291882 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.815432072 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.815494061 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.815500975 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.862649918 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:34:43.862724066 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:43.862802029 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:34:43.863338947 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:34:43.863357067 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:43.865557909 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.865639925 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.865655899 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.865711927 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.867116928 CET49719443192.168.2.7159.92.136.102
                  Feb 7, 2023 18:34:43.867141962 CET44349719159.92.136.102192.168.2.7
                  Feb 7, 2023 18:34:43.935369015 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:43.935883045 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:34:43.935913086 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:43.937130928 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:43.937247992 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:34:43.939735889 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:34:43.939750910 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:43.939934969 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:43.981190920 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:34:43.981224060 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:44.090604067 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:34:53.934983969 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:53.935128927 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:34:53.935225010 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:38.953978062 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:38.954035997 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:43.892687082 CET49720443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:43.892729998 CET44349720142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:43.893392086 CET49749443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:43.893456936 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:43.893575907 CET49749443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:43.894148111 CET49749443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:43.894185066 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:43.960186005 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:43.961184025 CET49749443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:43.961244106 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:43.961796045 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:43.963239908 CET49749443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:43.963304043 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:43.963434935 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:44.016892910 CET49749443192.168.2.7142.250.184.100
                  Feb 7, 2023 18:35:53.945646048 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:53.945748091 CET44349749142.250.184.100192.168.2.7
                  Feb 7, 2023 18:35:53.945858002 CET49749443192.168.2.7142.250.184.100
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 7, 2023 18:34:41.567933083 CET6392653192.168.2.78.8.8.8
                  Feb 7, 2023 18:34:41.573301077 CET5100753192.168.2.78.8.8.8
                  Feb 7, 2023 18:34:41.575326920 CET5051353192.168.2.78.8.8.8
                  Feb 7, 2023 18:34:41.586741924 CET53639268.8.8.8192.168.2.7
                  Feb 7, 2023 18:34:41.594961882 CET53510078.8.8.8192.168.2.7
                  Feb 7, 2023 18:34:41.596585035 CET53505138.8.8.8192.168.2.7
                  Feb 7, 2023 18:34:43.804826021 CET5002453192.168.2.78.8.8.8
                  Feb 7, 2023 18:34:43.822906017 CET53500248.8.8.8192.168.2.7
                  Feb 7, 2023 18:35:43.869703054 CET6318753192.168.2.78.8.8.8
                  Feb 7, 2023 18:35:43.889578104 CET53631878.8.8.8192.168.2.7
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Feb 7, 2023 18:34:41.567933083 CET192.168.2.78.8.8.80x24daStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                  Feb 7, 2023 18:34:41.573301077 CET192.168.2.78.8.8.80x7271Standard query (0)click.e.miro.comA (IP address)IN (0x0001)false
                  Feb 7, 2023 18:34:41.575326920 CET192.168.2.78.8.8.80x4480Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                  Feb 7, 2023 18:34:43.804826021 CET192.168.2.78.8.8.80x26a7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Feb 7, 2023 18:35:43.869703054 CET192.168.2.78.8.8.80x57e1Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Feb 7, 2023 18:34:41.586741924 CET8.8.8.8192.168.2.70x24daNo error (0)accounts.google.com216.58.209.45A (IP address)IN (0x0001)false
                  Feb 7, 2023 18:34:41.594961882 CET8.8.8.8192.168.2.70x7271No error (0)click.e.miro.com159.92.136.102A (IP address)IN (0x0001)false
                  Feb 7, 2023 18:34:41.596585035 CET8.8.8.8192.168.2.70x4480No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                  Feb 7, 2023 18:34:41.596585035 CET8.8.8.8192.168.2.70x4480No error (0)clients.l.google.com142.250.180.174A (IP address)IN (0x0001)false
                  Feb 7, 2023 18:34:43.822906017 CET8.8.8.8192.168.2.70x26a7No error (0)www.google.com142.250.184.100A (IP address)IN (0x0001)false
                  Feb 7, 2023 18:35:43.889578104 CET8.8.8.8192.168.2.70x57e1No error (0)www.google.com142.250.184.100A (IP address)IN (0x0001)false
                  • clients2.google.com
                  • accounts.google.com
                  • click.e.miro.com
                  • https:
                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.749713142.250.180.174443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-02-07 17:34:43 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                  Host: clients2.google.com
                  Connection: keep-alive
                  X-Goog-Update-Interactivity: fg
                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                  X-Goog-Update-Updater: chromecrx-104.0.5112.81
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-02-07 17:34:43 UTC2INHTTP/1.1 200 OK
                  Content-Security-Policy: script-src 'report-sample' 'nonce-RHBkjc-qOO7LcuV016nLlw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Tue, 07 Feb 2023 17:34:43 GMT
                  Content-Type: text/xml; charset=UTF-8
                  X-Daynum: 5881
                  X-Daystart: 34483
                  X-Content-Type-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  X-XSS-Protection: 1; mode=block
                  Server: GSE
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2023-02-07 17:34:43 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 38 38 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 34 34 38 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5881" elapsed_seconds="34483"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                  2023-02-07 17:34:43 UTC3INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                  Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                  2023-02-07 17:34:43 UTC3INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.749714216.58.209.45443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-02-07 17:34:43 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                  Host: accounts.google.com
                  Connection: keep-alive
                  Content-Length: 1
                  Origin: https://www.google.com
                  Content-Type: application/x-www-form-urlencoded
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-02-07 17:34:43 UTC1OUTData Raw: 20
                  Data Ascii:
                  2023-02-07 17:34:43 UTC3INHTTP/1.1 200 OK
                  Content-Type: application/json; charset=utf-8
                  Access-Control-Allow-Origin: https://www.google.com
                  Access-Control-Allow-Credentials: true
                  X-Content-Type-Options: nosniff
                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                  Pragma: no-cache
                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                  Date: Tue, 07 Feb 2023 17:34:43 GMT
                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  Content-Security-Policy: script-src 'report-sample' 'nonce-k93B_Bj0NcfxF9fWJzXVIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                  Cross-Origin-Opener-Policy: same-origin
                  Server: ESF
                  X-XSS-Protection: 0
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Accept-Ranges: none
                  Vary: Accept-Encoding
                  Connection: close
                  Transfer-Encoding: chunked
                  2023-02-07 17:34:43 UTC5INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                  Data Ascii: 11["gaia.l.a.r",[]]
                  2023-02-07 17:34:43 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  2192.168.2.749715159.92.136.102443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-02-07 17:34:43 UTC1OUTGET /?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863 HTTP/1.1
                  Host: click.e.miro.com
                  Connection: keep-alive
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-02-07 17:34:43 UTC1INHTTP/1.1 302 Found
                  Cache-Control: private
                  Content-Type: text/html; charset=utf-8
                  Location: /expired.html
                  Date: Tue, 07 Feb 2023 17:34:42 GMT
                  Connection: close
                  Content-Length: 130
                  2023-02-07 17:34:43 UTC2INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 65 78 70 69 72 65 64 2e 68 74 6d 6c 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="/expired.html">here</a>.</h2></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  3192.168.2.749716159.92.136.102443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-02-07 17:34:43 UTC5OUTGET /expired.html HTTP/1.1
                  Host: click.e.miro.com
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-02-07 17:34:43 UTC5INHTTP/1.1 200 OK
                  Content-Type: text/html
                  Last-Modified: Tue, 24 Jan 2023 03:18:50 GMT
                  Accept-Ranges: bytes
                  ETag: "0c91894a22fd91:0"
                  Date: Tue, 07 Feb 2023 17:34:43 GMT
                  Connection: close
                  Content-Length: 269
                  2023-02-07 17:34:43 UTC6INData Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 52 4f 42 4f 54 53 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 54 68 69 73 20 6c 69 6e 6b 20 68 61 73 20 65 78 70 69 72 65 64 2e 20 20 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 6e 64 65 72 20 6f 66 20 74 68 65 20 65 6d 61 69 6c 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0d 0a 3c 2f 62 6f
                  Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta name="ROBOTS" content="NOINDEX, NOFOLLOW"> <title></title></head><body>This link has expired. Please contact the sender of the email for more information.</bo


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  4192.168.2.749719159.92.136.102443C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampkBytes transferredDirectionData
                  2023-02-07 17:34:43 UTC6OUTGET /favicon.ico HTTP/1.1
                  Host: click.e.miro.com
                  Connection: keep-alive
                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://click.e.miro.com/expired.html
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2023-02-07 17:34:43 UTC6INHTTP/1.1 404 Not Found
                  Content-Type: text/html
                  Date: Tue, 07 Feb 2023 17:34:43 GMT
                  Connection: close
                  Content-Length: 1245
                  2023-02-07 17:34:43 UTC7INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - Fil
                  2023-02-07 17:34:43 UTC8INData Raw: 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: king for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                  Click to jump to process

                  Click to jump to process

                  Click to dive into process behavior distribution

                  Click to jump to process

                  Target ID:0
                  Start time:18:34:37
                  Start date:07/02/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff7c2920000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Target ID:1
                  Start time:18:34:39
                  Start date:07/02/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,2876507980441582479,18001650036527390366,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff7c2920000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  Target ID:2
                  Start time:18:34:39
                  Start date:07/02/2023
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.e.miro.com/?qs=c3e69aad2d9381bc648c78299feae71fdb22ac757a070f4e5905cd8c7629ef7e370f37ef935070c1c307b7ee869054f949dffacb0988454aa20b89404a806863
                  Imagebase:0x7ff7c2920000
                  File size:2851656 bytes
                  MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low

                  No disassembly