Edit tour

Windows Analysis Report
https://storage.ml-cachehost.net/lib/config-a.js

Overview

General Information

Sample URL:	https://storage.ml-cachehost.net/lib/config-a.js
Analysis ID:	1661475
Infos:

Detection

Score:	1
Range:	0 - 100
Confidence:	80%

Signatures

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2284,i,10161967835841160043,1602249641456405231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2312 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2284,i,10161967835841160043,1602249641456405231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4972 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.ml-cachehost.net/lib/config-a.js" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

HTTP traffic detected: POST /report/v4?s=9B0nBO9RbhgJGzEcBTwWeYbqpjBvk0XITObWu8uQE6C9108Ru61aYrdiuN7RclfC%2B2THD99Zk%2F7OEhHnY0hl1F%2FRO6GBHotNaukv8imAC2hhNJ3tiKIk3obXLZwenVk6TLw2dFQE9Qs8zgw%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 454Content-Type: application/reports+jsonOrigin: https://storage.ml-cachehost.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 10 Apr 2025 05:41:39 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 111Connection: closeX-GUploader-UploadID: AKDAyIsFCXecE4Nvil7gZfjf3o7woc1heYS4B5oPWlYojCGVarJOz-FMjm0bg3xTOqvixriTQAT79jsExpires: Thu, 10 Apr 2025 05:41:39 GMTCache-Control: private, max-age=0CF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9B0nBO9RbhgJGzEcBTwWeYbqpjBvk0XITObWu8uQE6C9108Ru61aYrdiuN7RclfC%2B2THD99Zk%2F7OEhHnY0hl1F%2FRO6GBHotNaukv8imAC2hhNJ3tiKIk3obXLZwenVk6TLw2dFQE9Qs8zgw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 92dfea983cd1430d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=98748&min_rtt=98380&rtt_var=21307&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1198&delivery_rate=37446&cwnd=237&unsent_bytes=0&cid=0ae2a9a1b212a81e&ts=499&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49675
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 142.250.64.100:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.175.195:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.175.195:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.5:49712 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6492_303161668

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6492_303161668

Jump to behavior

Source: classification engine

Classification label: clean1.win@23/2@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2284,i,10161967835841160043,1602249641456405231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2312 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2284,i,10161967835841160043,1602249641456405231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4972 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.ml-cachehost.net/lib/config-a.js"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2284,i,10161967835841160043,1602249641456405231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2312 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2284,i,10161967835841160043,1602249641456405231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4972 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://storage.ml-cachehost.net/lib/config-a.js	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://storage.ml-cachehost.net/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
storage.ml-cachehost.net	172.67.175.195	true	false	high
www.google.com	142.250.64.100	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://storage.ml-cachehost.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=9B0nBO9RbhgJGzEcBTwWeYbqpjBvk0XITObWu8uQE6C9108Ru61aYrdiuN7RclfC%2B2THD99Zk%2F7OEhHnY0hl1F%2FRO6GBHotNaukv8imAC2hhNJ3tiKIk3obXLZwenVk6TLw2dFQE9Qs8zgw%3D	false		high
https://storage.ml-cachehost.net/lib/config-a.js	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.175.195	storage.ml-cachehost.net	United States	13335	CLOUDFLARENETUS	false
142.250.64.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1661475
Start date and time:	2025-04-10 07:40:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://storage.ml-cachehost.net/lib/config-a.js
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@23/2@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.41.14, 142.251.41.3, 142.250.72.110, 142.250.31.84, 142.251.35.174, 142.250.65.238, 142.250.81.238, 142.250.80.110, 142.250.65.206, 199.232.214.172, 142.250.176.206, 184.31.69.3, 4.245.163.56, 150.171.31.254
Excluded domains from analysis (whitelisted): ev2-ring.msedge.net, fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://storage.ml-cachehost.net/lib/config-a.js

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	111
Entropy (8bit):	4.62062991365628
Encrypted:	false
SSDEEP:	3:vFWWMNCmXyKgCC6beXqZj+PBMkmKqWWU667wtKPU9KgqLn:TM3i0b9ZjZvKtWRbtmBg6n
MD5:	E7A9350210B4DBA641F6020447C96045
SHA1:	581ACCEF4A8B7FBED97291FE7DD4E113F794EC80
SHA-256:	08142330655DEB1526DCC56795C92EB5C13012F75B599D5AC68DB4027953ED80
SHA-512:	2DCB8AD4EAC1B103DA4F806A49D7A0EFCC64D362865A18EFB257B45059BC1453D053136073009929415200F48F47B03F8E19E52A8AF7CB846AD081E0318586A2
Malicious:	false
Reputation:	low
URL:	https://storage.ml-cachehost.net/favicon.ico
Preview:	<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>

Total Packets: 73
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 10, 2025 07:41:24.571604967 CEST	49679	80	192.168.2.5	2.23.77.188
Apr 10, 2025 07:41:25.227818966 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 10, 2025 07:41:29.096075058 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 10, 2025 07:41:29.384171009 CEST	49679	80	192.168.2.5	2.23.77.188
Apr 10, 2025 07:41:29.399801970 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 10, 2025 07:41:30.009164095 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 10, 2025 07:41:30.040386915 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 10, 2025 07:41:31.226752996 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 10, 2025 07:41:33.634752989 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 10, 2025 07:41:37.093781948 CEST	49703	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:41:37.093822002 CEST	443	49703	142.250.64.100	192.168.2.5
Apr 10, 2025 07:41:37.093974113 CEST	49703	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:41:37.094127893 CEST	49703	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:41:37.094134092 CEST	443	49703	142.250.64.100	192.168.2.5
Apr 10, 2025 07:41:37.306977987 CEST	443	49703	142.250.64.100	192.168.2.5
Apr 10, 2025 07:41:37.307085037 CEST	49703	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:41:37.308383942 CEST	49703	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:41:37.308394909 CEST	443	49703	142.250.64.100	192.168.2.5
Apr 10, 2025 07:41:37.308736086 CEST	443	49703	142.250.64.100	192.168.2.5
Apr 10, 2025 07:41:37.353127003 CEST	49703	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:41:38.446866035 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 10, 2025 07:41:38.641782045 CEST	49704	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.641833067 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.641908884 CEST	49704	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.642291069 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.642333031 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.642393112 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.642564058 CEST	49704	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.642580032 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.642736912 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.642756939 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.852853060 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.852921009 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.852998018 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.853183985 CEST	49704	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.855952024 CEST	49704	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.855966091 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.856302977 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.856494904 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.856511116 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.856822014 CEST	49704	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.856899977 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.901187897 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:38.904273987 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:38.995300055 CEST	49679	80	192.168.2.5	2.23.77.188
Apr 10, 2025 07:41:39.097985983 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:39.098068953 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:39.098231077 CEST	49704	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:39.139992952 CEST	49704	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:39.140064955 CEST	443	49704	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:39.191715002 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:39.236279011 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:39.339004993 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:39.339097023 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:39.339176893 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:39.382739067 CEST	49705	443	192.168.2.5	172.67.175.195
Apr 10, 2025 07:41:39.382771015 CEST	443	49705	172.67.175.195	192.168.2.5
Apr 10, 2025 07:41:39.497433901 CEST	49707	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.497467041 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.497685909 CEST	49707	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.500895977 CEST	49707	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.500921011 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.641316891 CEST	49672	443	192.168.2.5	204.79.197.203
Apr 10, 2025 07:41:39.720684052 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.720791101 CEST	49707	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.727097988 CEST	49707	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.727108955 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.727524042 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.728120089 CEST	49707	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.772280931 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.949368954 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.949475050 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.949527979 CEST	49707	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.949877977 CEST	49707	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.949894905 CEST	443	49707	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.950844049 CEST	49708	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.950861931 CEST	443	49708	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:39.950915098 CEST	49708	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.951050043 CEST	49708	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:39.951059103 CEST	443	49708	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:40.148827076 CEST	443	49708	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:40.149285078 CEST	49708	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:40.149303913 CEST	443	49708	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:40.149720907 CEST	49708	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:40.149725914 CEST	443	49708	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:40.368274927 CEST	443	49708	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:40.368360996 CEST	443	49708	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:40.368418932 CEST	49708	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:40.368707895 CEST	49708	443	192.168.2.5	35.190.80.1
Apr 10, 2025 07:41:40.368724108 CEST	443	49708	35.190.80.1	192.168.2.5
Apr 10, 2025 07:41:47.000272036 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 10, 2025 07:41:47.000308990 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 10, 2025 07:41:47.000360012 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 10, 2025 07:41:47.000360012 CEST	49675	443	192.168.2.5	2.23.227.208
Apr 10, 2025 07:41:47.000368118 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 10, 2025 07:41:47.000375032 CEST	443	49675	2.23.227.208	192.168.2.5
Apr 10, 2025 07:41:47.001079082 CEST	49712	443	192.168.2.5	2.23.227.208
Apr 10, 2025 07:41:47.001128912 CEST	443	49712	2.23.227.208	192.168.2.5
Apr 10, 2025 07:41:47.001187086 CEST	49712	443	192.168.2.5	2.23.227.208
Apr 10, 2025 07:41:47.001431942 CEST	49712	443	192.168.2.5	2.23.227.208
Apr 10, 2025 07:41:47.001450062 CEST	443	49712	2.23.227.208	192.168.2.5
Apr 10, 2025 07:41:47.300318956 CEST	443	49703	142.250.64.100	192.168.2.5
Apr 10, 2025 07:41:47.300457001 CEST	443	49703	142.250.64.100	192.168.2.5
Apr 10, 2025 07:41:47.300553083 CEST	49703	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:41:47.375205994 CEST	443	49712	2.23.227.208	192.168.2.5
Apr 10, 2025 07:41:47.375287056 CEST	49712	443	192.168.2.5	2.23.227.208
Apr 10, 2025 07:41:47.386291981 CEST	49703	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:41:47.386322021 CEST	443	49703	142.250.64.100	192.168.2.5
Apr 10, 2025 07:41:48.055767059 CEST	49676	443	192.168.2.5	20.189.173.14
Apr 10, 2025 07:42:06.541290045 CEST	443	49712	2.23.227.208	192.168.2.5
Apr 10, 2025 07:42:06.541409969 CEST	49712	443	192.168.2.5	2.23.227.208
Apr 10, 2025 07:42:37.058224916 CEST	49718	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:42:37.058274984 CEST	443	49718	142.250.64.100	192.168.2.5
Apr 10, 2025 07:42:37.058393002 CEST	49718	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:42:37.058583975 CEST	49718	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:42:37.058595896 CEST	443	49718	142.250.64.100	192.168.2.5
Apr 10, 2025 07:42:37.261087894 CEST	443	49718	142.250.64.100	192.168.2.5
Apr 10, 2025 07:42:37.261517048 CEST	49718	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:42:37.261559963 CEST	443	49718	142.250.64.100	192.168.2.5
Apr 10, 2025 07:42:47.267292023 CEST	443	49718	142.250.64.100	192.168.2.5
Apr 10, 2025 07:42:47.267443895 CEST	443	49718	142.250.64.100	192.168.2.5
Apr 10, 2025 07:42:47.267513990 CEST	49718	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:42:47.386454105 CEST	49718	443	192.168.2.5	142.250.64.100
Apr 10, 2025 07:42:47.386482954 CEST	443	49718	142.250.64.100	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 10, 2025 07:41:33.211477995 CEST	53	64145	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:33.247328043 CEST	53	57179	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:33.794040918 CEST	53	53140	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:33.954781055 CEST	53	52255	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:36.994921923 CEST	50852	53	192.168.2.5	1.1.1.1
Apr 10, 2025 07:41:36.995035887 CEST	52439	53	192.168.2.5	1.1.1.1
Apr 10, 2025 07:41:37.092518091 CEST	53	52439	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:37.092546940 CEST	53	50852	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:38.539513111 CEST	64835	53	192.168.2.5	1.1.1.1
Apr 10, 2025 07:41:38.539709091 CEST	49627	53	192.168.2.5	1.1.1.1
Apr 10, 2025 07:41:38.637785912 CEST	53	49627	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:38.637814999 CEST	53	64835	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:39.381669044 CEST	54838	53	192.168.2.5	1.1.1.1
Apr 10, 2025 07:41:39.381726980 CEST	57794	53	192.168.2.5	1.1.1.1
Apr 10, 2025 07:41:39.481004000 CEST	53	54838	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:39.482599974 CEST	53	57794	1.1.1.1	192.168.2.5
Apr 10, 2025 07:41:51.010874987 CEST	53	55821	1.1.1.1	192.168.2.5
Apr 10, 2025 07:42:10.005043030 CEST	53	60588	1.1.1.1	192.168.2.5
Apr 10, 2025 07:42:32.343650103 CEST	138	138	192.168.2.5	192.168.2.255
Apr 10, 2025 07:42:32.960557938 CEST	53	53970	1.1.1.1	192.168.2.5
Apr 10, 2025 07:42:33.033773899 CEST	53	51800	1.1.1.1	192.168.2.5
Apr 10, 2025 07:42:34.200905085 CEST	53	53220	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 10, 2025 07:41:36.994921923 CEST	192.168.2.5	1.1.1.1	0xf11d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 10, 2025 07:41:36.995035887 CEST	192.168.2.5	1.1.1.1	0xc59a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 10, 2025 07:41:38.539513111 CEST	192.168.2.5	1.1.1.1	0x166	Standard query (0)	storage.ml-cachehost.net	A (IP address)	IN (0x0001)	false
Apr 10, 2025 07:41:38.539709091 CEST	192.168.2.5	1.1.1.1	0x61cf	Standard query (0)	storage.ml-cachehost.net	65	IN (0x0001)	false
Apr 10, 2025 07:41:39.381669044 CEST	192.168.2.5	1.1.1.1	0x8aa3	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 10, 2025 07:41:39.381726980 CEST	192.168.2.5	1.1.1.1	0x9e6	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 10, 2025 07:41:37.092518091 CEST	1.1.1.1	192.168.2.5	0xc59a	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 10, 2025 07:41:37.092546940 CEST	1.1.1.1	192.168.2.5	0xf11d	No error (0)	www.google.com	142.250.64.100	A (IP address)	IN (0x0001)	false
Apr 10, 2025 07:41:38.637785912 CEST	1.1.1.1	192.168.2.5	0x61cf	No error (0)	storage.ml-cachehost.net		65	IN (0x0001)	false
Apr 10, 2025 07:41:38.637814999 CEST	1.1.1.1	192.168.2.5	0x166	No error (0)	storage.ml-cachehost.net	172.67.175.195	A (IP address)	IN (0x0001)	false
Apr 10, 2025 07:41:38.637814999 CEST	1.1.1.1	192.168.2.5	0x166	No error (0)	storage.ml-cachehost.net	104.21.17.111	A (IP address)	IN (0x0001)	false
Apr 10, 2025 07:41:39.481004000 CEST	1.1.1.1	192.168.2.5	0x8aa3	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

storage.ml-cachehost.net

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	172.67.175.195	443	6932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-10 05:41:38 UTC	689	OUT	GET /lib/config-a.js HTTP/1.1 Host: storage.ml-cachehost.net Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-10 05:41:39 UTC	1361	IN	HTTP/1.1 200 OK Date: Thu, 10 Apr 2025 05:41:39 GMT Content-Type: text/javascript Content-Length: 0 Connection: close Cf-Ray: 92dfea96feaeb731-EWR Server: cloudflare X-Guploader-Uploadid: AKDAyIs1QxUW-2ckJmtFNAi891Uf7cURqSex5H0D0DA2rS10kKjH_kGlm55MuDvY4E7ughlxH_skHY0 Expires: Mon, 07 Apr 2025 11:15:26 GMT Cache-Control: public, max-age=1209600 Last-Modified: Fri, 28 Mar 2025 17:51:11 GMT Etag: "d41d8cd98f00b204e9800998ecf8427e" X-Goog-Generation: 1743184271495855 X-Goog-Metageneration: 4 X-Goog-Stored-Content-Encoding: identity X-Goog-Stored-Content-Length: 0 X-Goog-Hash: crc32c=AAAAAA== X-Goog-Hash: md5=1B2M2Y8AsgTpgAmY7PhCfg== X-Goog-Storage-Class: STANDARD Accept-Ranges: bytes Age: 242773 Cf-Cache-Status: HIT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=54PpabgIQKg01u8OxP%2Fzu55EOWE9RNeVbB8bo3k6c6ENn8QYolA3uQFx6S8ZacobfwGhNL67d3VFghDkmME4DNpVipZA3%2B%2B3dvFDALGvlsDBTmgtXfV3KwDDUnewIWNtfmBzKXarMk1nPAU%3D"}],"group":"cf-nel","max_age":604800} Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Access-Control-Allow-Origin: * alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=99299&min_rtt=98755&rtt_var=21655&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1261&delivery_rate=37093&cwnd=234&unsent_bytes=0&cid=ea7fa7763e88c9fc&ts=256&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	172.67.175.195	443	6932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-10 05:41:39 UTC	626	OUT	GET /favicon.ico HTTP/1.1 Host: storage.ml-cachehost.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://storage.ml-cachehost.net/lib/config-a.js Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-10 05:41:39 UTC	985	IN	HTTP/1.1 403 Forbidden Date: Thu, 10 Apr 2025 05:41:39 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 111 Connection: close X-GUploader-UploadID: AKDAyIsFCXecE4Nvil7gZfjf3o7woc1heYS4B5oPWlYojCGVarJOz-FMjm0bg3xTOqvixriTQAT79js Expires: Thu, 10 Apr 2025 05:41:39 GMT Cache-Control: private, max-age=0 CF-Cache-Status: BYPASS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9B0nBO9RbhgJGzEcBTwWeYbqpjBvk0XITObWu8uQE6C9108Ru61aYrdiuN7RclfC%2B2THD99Zk%2F7OEhHnY0hl1F%2FRO6GBHotNaukv8imAC2hhNJ3tiKIk3obXLZwenVk6TLw2dFQE9Qs8zgw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 92dfea983cd1430d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=98748&min_rtt=98380&rtt_var=21307&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1198&delivery_rate=37446&cwnd=237&unsent_bytes=0&cid=0ae2a9a1b212a81e&ts=499&x=0"
2025-04-10 05:41:39 UTC	111	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49707	35.190.80.1	443	6932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-10 05:41:39 UTC	563	OUT	OPTIONS /report/v4?s=9B0nBO9RbhgJGzEcBTwWeYbqpjBvk0XITObWu8uQE6C9108Ru61aYrdiuN7RclfC%2B2THD99Zk%2F7OEhHnY0hl1F%2FRO6GBHotNaukv8imAC2hhNJ3tiKIk3obXLZwenVk6TLw2dFQE9Qs8zgw%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://storage.ml-cachehost.net Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-10 05:41:39 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Thu, 10 Apr 2025 05:41:39 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49708	35.190.80.1	443	6932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-10 05:41:40 UTC	538	OUT	POST /report/v4?s=9B0nBO9RbhgJGzEcBTwWeYbqpjBvk0XITObWu8uQE6C9108Ru61aYrdiuN7RclfC%2B2THD99Zk%2F7OEhHnY0hl1F%2FRO6GBHotNaukv8imAC2hhNJ3tiKIk3obXLZwenVk6TLw2dFQE9Qs8zgw%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 454 Content-Type: application/reports+json Origin: https://storage.ml-cachehost.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-10 05:41:40 UTC	454	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 38 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 61 67 65 2e 6d 6c 2d 63 61 63 68 65 68 6f 73 74 2e 6e 65 74 2f 6c 69 62 2f 63 6f 6e 66 69 67 2d 61 2e 6a 73 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 37 35 2e 31 39 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 Data Ascii: [{"age":0,"body":{"elapsed_time":189,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://storage.ml-cachehost.net/lib/config-a.js","sampling_fraction":1.0,"server_ip":"172.67.175.195","status_code":403,"type":"http.error"},"type
2025-04-10 05:41:40 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Thu, 10 Apr 2025 05:41:39 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	01:41:28
Start date:	10/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7965d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	01:41:31
Start date:	10/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2284,i,10161967835841160043,1602249641456405231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2312 /prefetch:3
Imagebase:	0x7ff7965d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	01:41:34
Start date:	10/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2284,i,10161967835841160043,1602249641456405231,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4972 /prefetch:8
Imagebase:	0x7ff7965d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	01:41:37
Start date:	10/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.ml-cachehost.net/lib/config-a.js"
Imagebase:	0x7ff7965d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /lib/config-a.js HTTP/1.1Host: storage.ml-cachehost.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: storage.ml-cachehost.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://storage.ml-cachehost.net/lib/config-a.jsAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: storage.ml-cachehost.net
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://storage.ml-cachehost.net/lib/config-a.js

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6492, Parent PID: 1116

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Process Created

Process Terminated

Windows Analysis Report
https://storage.ml-cachehost.net/lib/config-a.js