Create Interactive Tour

Windows Analysis Report
http://storage.ml-cachehost.net

Overview

General Information

Sample URL:http://storage.ml-cachehost.net
Analysis ID:1661829
Infos:

Detection

Score:1
Range:0 - 100
Confidence:80%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 3580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2504,i,15659630990417481259,14184788585244410566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2568 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://storage.ml-cachehost.net" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.17.111:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 208.89.73.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: storage.ml-cachehost.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: storage.ml-cachehost.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://storage.ml-cachehost.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: storage.ml-cachehost.net
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 10 Apr 2025 11:56:32 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 111Connection: closeX-Guploader-Uploadid: AKDAyIurN-5u7atQ0B4asvmrp5cNBu7usEgSaafWUErs-bN_09uaUmm8Z6BCJfX9diZ6uU3KnOCmaG8Expires: Thu, 10 Apr 2025 11:56:32 GMTCache-Control: private, max-age=0Server: cloudflareCf-Cache-Status: DYNAMICCF-RAY: 92e20fbe5d2941fe-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 10 Apr 2025 11:56:33 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 111Connection: closeServer: cloudflareX-Guploader-Uploadid: AKDAyIuagDqEWsXby2fDLvfivw1EEV-CU5ZXXD4Ea8fbDa5YAdz130R3dXweG08Vmm2XZ1NbExpires: Thu, 10 Apr 2025 11:56:33 GMTCache-Control: private, max-age=0Cf-Cache-Status: BYPASSCF-RAY: 92e20fc248a10c8a-EWRalt-svc: h3=":443"; ma=86400
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.17.111:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2500_1366774876Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2500_1366774876Jump to behavior
Source: classification engineClassification label: clean1.win@22/4@6/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2504,i,15659630990417481259,14184788585244410566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2568 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://storage.ml-cachehost.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2504,i,15659630990417481259,14184788585244410566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2568 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1661829 URL: http://storage.ml-cachehost.net Startdate: 10/04/2025 Architecture: WINDOWS Score: 1 5 chrome.exe 2 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49710 unknown unknown 5->13 10 chrome.exe 5->10         started        process4 dnsIp5 15 www.google.com 142.251.40.132, 443, 49724, 49740 GOOGLEUS United States 10->15 17 storage.ml-cachehost.net 104.21.17.111, 443, 49726, 49727 CLOUDFLARENETUS United States 10->17

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://storage.ml-cachehost.net0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://storage.ml-cachehost.net/0%Avira URL Cloudsafe
https://storage.ml-cachehost.net/favicon.ico0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
storage.ml-cachehost.net
104.21.17.111
truefalse
    high
    www.google.com
    142.251.40.132
    truefalse
      high
      NameMaliciousAntivirus DetectionReputation
      https://storage.ml-cachehost.net/favicon.icofalse
      • Avira URL Cloud: safe
      unknown
      http://c.pki.goog/r/gsr1.crlfalse
        high
        http://c.pki.goog/r/r4.crlfalse
          high
          https://storage.ml-cachehost.net/false
          • Avira URL Cloud: safe
          unknown
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          142.251.40.132
          www.google.comUnited States
          15169GOOGLEUSfalse
          104.21.17.111
          storage.ml-cachehost.netUnited States
          13335CLOUDFLARENETUSfalse
          IP
          192.168.2.4
          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1661829
          Start date and time:2025-04-10 13:55:26 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 2s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://storage.ml-cachehost.net
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:20
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean1.win@22/4@6/3
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.251.41.14, 142.251.40.195, 172.253.63.84, 142.250.65.174, 23.203.176.221, 208.89.73.21, 142.250.80.35, 23.1.62.115, 20.12.23.50
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, ocsp.digicert.com, update.googleapis.com, clients.l.google.com, c.pki.goog
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtOpenFile calls found.
          • VT rate limit hit for: http://storage.ml-cachehost.net
          No simulations
          No context
          No context
          No context
          No context
          No context
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:XML 1.0 document, ASCII text, with no line terminators
          Category:downloaded
          Size (bytes):111
          Entropy (8bit):4.62062991365628
          Encrypted:false
          SSDEEP:3:vFWWMNCmXyKgCC6beXqZj+PBMkmKqWWU667wtKPU9KgqLn:TM3i0b9ZjZvKtWRbtmBg6n
          MD5:E7A9350210B4DBA641F6020447C96045
          SHA1:581ACCEF4A8B7FBED97291FE7DD4E113F794EC80
          SHA-256:08142330655DEB1526DCC56795C92EB5C13012F75B599D5AC68DB4027953ED80
          SHA-512:2DCB8AD4EAC1B103DA4F806A49D7A0EFCC64D362865A18EFB257B45059BC1453D053136073009929415200F48F47B03F8E19E52A8AF7CB846AD081E0318586A2
          Malicious:false
          Reputation:low
          URL:https://storage.ml-cachehost.net/
          Preview:<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:XML 1.0 document, ASCII text, with no line terminators
          Category:downloaded
          Size (bytes):111
          Entropy (8bit):4.62062991365628
          Encrypted:false
          SSDEEP:3:vFWWMNCmXyKgCC6beXqZj+PBMkmKqWWU667wtKPU9KgqLn:TM3i0b9ZjZvKtWRbtmBg6n
          MD5:E7A9350210B4DBA641F6020447C96045
          SHA1:581ACCEF4A8B7FBED97291FE7DD4E113F794EC80
          SHA-256:08142330655DEB1526DCC56795C92EB5C13012F75B599D5AC68DB4027953ED80
          SHA-512:2DCB8AD4EAC1B103DA4F806A49D7A0EFCC64D362865A18EFB257B45059BC1453D053136073009929415200F48F47B03F8E19E52A8AF7CB846AD081E0318586A2
          Malicious:false
          Reputation:low
          URL:https://storage.ml-cachehost.net/favicon.ico
          Preview:<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>
          No static file info

          Download Network PCAP: filteredfull

          • Total Packets: 71
          • 443 (HTTPS)
          • 80 (HTTP)
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Apr 10, 2025 13:56:19.019541979 CEST49680443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:19.550494909 CEST4968180192.168.2.42.17.190.73
          Apr 10, 2025 13:56:24.800882101 CEST49671443192.168.2.4204.79.197.203
          Apr 10, 2025 13:56:25.112787008 CEST49671443192.168.2.4204.79.197.203
          Apr 10, 2025 13:56:25.722171068 CEST49671443192.168.2.4204.79.197.203
          Apr 10, 2025 13:56:26.928380013 CEST49671443192.168.2.4204.79.197.203
          Apr 10, 2025 13:56:28.628114939 CEST49680443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:29.158962011 CEST4968180192.168.2.42.17.190.73
          Apr 10, 2025 13:56:29.330898046 CEST49671443192.168.2.4204.79.197.203
          Apr 10, 2025 13:56:30.016047001 CEST49724443192.168.2.4142.251.40.132
          Apr 10, 2025 13:56:30.016083956 CEST44349724142.251.40.132192.168.2.4
          Apr 10, 2025 13:56:30.016324043 CEST49724443192.168.2.4142.251.40.132
          Apr 10, 2025 13:56:30.016587973 CEST49724443192.168.2.4142.251.40.132
          Apr 10, 2025 13:56:30.016596079 CEST44349724142.251.40.132192.168.2.4
          Apr 10, 2025 13:56:30.213385105 CEST44349724142.251.40.132192.168.2.4
          Apr 10, 2025 13:56:30.213824034 CEST49724443192.168.2.4142.251.40.132
          Apr 10, 2025 13:56:30.216286898 CEST49724443192.168.2.4142.251.40.132
          Apr 10, 2025 13:56:30.216298103 CEST44349724142.251.40.132192.168.2.4
          Apr 10, 2025 13:56:30.217003107 CEST44349724142.251.40.132192.168.2.4
          Apr 10, 2025 13:56:30.272389889 CEST49724443192.168.2.4142.251.40.132
          Apr 10, 2025 13:56:32.025111914 CEST49726443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.025146008 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.025260925 CEST49726443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.027681112 CEST49726443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.027695894 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.220027924 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.220113993 CEST49726443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.221329927 CEST49726443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.221335888 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.221824884 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.224595070 CEST49726443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.268292904 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.471101046 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.471254110 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.471297979 CEST49726443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.493453979 CEST49726443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.493472099 CEST44349726104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.636077881 CEST49727443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.636118889 CEST44349727104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.636172056 CEST49727443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.636626959 CEST49727443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.636641026 CEST44349727104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.832161903 CEST44349727104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.879815102 CEST49727443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.890635014 CEST49727443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.890644073 CEST44349727104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:32.890980959 CEST49727443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:32.890985966 CEST44349727104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:33.103280067 CEST44349727104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:33.103360891 CEST44349727104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:33.103406906 CEST49727443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:33.104455948 CEST49727443192.168.2.4104.21.17.111
          Apr 10, 2025 13:56:33.104477882 CEST44349727104.21.17.111192.168.2.4
          Apr 10, 2025 13:56:33.572920084 CEST49678443192.168.2.420.189.173.27
          Apr 10, 2025 13:56:33.884855032 CEST49678443192.168.2.420.189.173.27
          Apr 10, 2025 13:56:34.134848118 CEST49671443192.168.2.4204.79.197.203
          Apr 10, 2025 13:56:34.494795084 CEST49678443192.168.2.420.189.173.27
          Apr 10, 2025 13:56:35.706578016 CEST49678443192.168.2.420.189.173.27
          Apr 10, 2025 13:56:38.111812115 CEST49678443192.168.2.420.189.173.27
          Apr 10, 2025 13:56:38.376280069 CEST49710443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:38.376280069 CEST49710443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:38.380325079 CEST49710443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:38.465076923 CEST44349710204.79.197.222192.168.2.4
          Apr 10, 2025 13:56:38.465176105 CEST44349710204.79.197.222192.168.2.4
          Apr 10, 2025 13:56:38.465954065 CEST44349710204.79.197.222192.168.2.4
          Apr 10, 2025 13:56:38.466044903 CEST44349710204.79.197.222192.168.2.4
          Apr 10, 2025 13:56:38.466074944 CEST49710443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:38.468043089 CEST49710443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:38.471975088 CEST44349710204.79.197.222192.168.2.4
          Apr 10, 2025 13:56:38.472107887 CEST49710443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:38.472908020 CEST44349710204.79.197.222192.168.2.4
          Apr 10, 2025 13:56:38.472923994 CEST44349710204.79.197.222192.168.2.4
          Apr 10, 2025 13:56:38.473176956 CEST49710443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:38.489130974 CEST49710443192.168.2.4204.79.197.222
          Apr 10, 2025 13:56:38.573239088 CEST44349710204.79.197.222192.168.2.4
          Apr 10, 2025 13:56:38.787533045 CEST4973380192.168.2.4142.250.65.195
          Apr 10, 2025 13:56:38.884052038 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:56:38.884174109 CEST4973380192.168.2.4142.250.65.195
          Apr 10, 2025 13:56:38.884243011 CEST4973380192.168.2.4142.250.65.195
          Apr 10, 2025 13:56:38.983320951 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:56:38.991178036 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:56:38.991211891 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:56:38.991231918 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:56:38.991271973 CEST4973380192.168.2.4142.250.65.195
          Apr 10, 2025 13:56:38.994697094 CEST4973380192.168.2.4142.250.65.195
          Apr 10, 2025 13:56:39.088505983 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:56:39.095552921 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:56:39.095594883 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:56:39.097531080 CEST4973380192.168.2.4142.250.65.195
          Apr 10, 2025 13:56:40.198206902 CEST44349724142.251.40.132192.168.2.4
          Apr 10, 2025 13:56:40.198337078 CEST44349724142.251.40.132192.168.2.4
          Apr 10, 2025 13:56:40.198381901 CEST49724443192.168.2.4142.251.40.132
          Apr 10, 2025 13:56:40.490211964 CEST49724443192.168.2.4142.251.40.132
          Apr 10, 2025 13:56:40.490231991 CEST44349724142.251.40.132192.168.2.4
          Apr 10, 2025 13:56:42.924350023 CEST49678443192.168.2.420.189.173.27
          Apr 10, 2025 13:56:43.753962040 CEST49671443192.168.2.4204.79.197.203
          Apr 10, 2025 13:56:52.534706116 CEST49678443192.168.2.420.189.173.27
          Apr 10, 2025 13:57:10.196702003 CEST8049711208.89.73.27192.168.2.4
          Apr 10, 2025 13:57:10.197077036 CEST4971180192.168.2.4208.89.73.27
          Apr 10, 2025 13:57:29.971776009 CEST49740443192.168.2.4142.251.40.132
          Apr 10, 2025 13:57:29.971805096 CEST44349740142.251.40.132192.168.2.4
          Apr 10, 2025 13:57:29.971919060 CEST49740443192.168.2.4142.251.40.132
          Apr 10, 2025 13:57:29.972110987 CEST49740443192.168.2.4142.251.40.132
          Apr 10, 2025 13:57:29.972126007 CEST44349740142.251.40.132192.168.2.4
          Apr 10, 2025 13:57:30.166481972 CEST44349740142.251.40.132192.168.2.4
          Apr 10, 2025 13:57:30.166940928 CEST49740443192.168.2.4142.251.40.132
          Apr 10, 2025 13:57:30.166982889 CEST44349740142.251.40.132192.168.2.4
          Apr 10, 2025 13:57:39.392904043 CEST4973380192.168.2.4142.250.65.195
          Apr 10, 2025 13:57:39.488115072 CEST8049733142.250.65.195192.168.2.4
          Apr 10, 2025 13:57:39.488223076 CEST4973380192.168.2.4142.250.65.195
          Apr 10, 2025 13:57:40.160877943 CEST44349740142.251.40.132192.168.2.4
          Apr 10, 2025 13:57:40.160942078 CEST44349740142.251.40.132192.168.2.4
          Apr 10, 2025 13:57:40.161007881 CEST49740443192.168.2.4142.251.40.132
          Apr 10, 2025 13:57:40.487973928 CEST49740443192.168.2.4142.251.40.132
          Apr 10, 2025 13:57:40.487984896 CEST44349740142.251.40.132192.168.2.4
          TimestampSource PortDest PortSource IPDest IP
          Apr 10, 2025 13:56:26.564352989 CEST53524171.1.1.1192.168.2.4
          Apr 10, 2025 13:56:26.584031105 CEST53636751.1.1.1192.168.2.4
          Apr 10, 2025 13:56:27.279716015 CEST53527411.1.1.1192.168.2.4
          Apr 10, 2025 13:56:27.458173037 CEST53583411.1.1.1192.168.2.4
          Apr 10, 2025 13:56:29.910655022 CEST6368153192.168.2.41.1.1.1
          Apr 10, 2025 13:56:29.910655022 CEST5150253192.168.2.41.1.1.1
          Apr 10, 2025 13:56:30.013624907 CEST53636811.1.1.1192.168.2.4
          Apr 10, 2025 13:56:30.013652086 CEST53515021.1.1.1192.168.2.4
          Apr 10, 2025 13:56:31.904242039 CEST5386053192.168.2.41.1.1.1
          Apr 10, 2025 13:56:31.904628992 CEST5108053192.168.2.41.1.1.1
          Apr 10, 2025 13:56:31.932682991 CEST5374453192.168.2.41.1.1.1
          Apr 10, 2025 13:56:31.933343887 CEST6536853192.168.2.41.1.1.1
          Apr 10, 2025 13:56:31.994052887 CEST53538601.1.1.1192.168.2.4
          Apr 10, 2025 13:56:31.994070053 CEST53510801.1.1.1192.168.2.4
          Apr 10, 2025 13:56:32.022794962 CEST53537441.1.1.1192.168.2.4
          Apr 10, 2025 13:56:32.023842096 CEST53653681.1.1.1192.168.2.4
          Apr 10, 2025 13:56:44.330452919 CEST53553241.1.1.1192.168.2.4
          Apr 10, 2025 13:57:03.350344896 CEST53617891.1.1.1192.168.2.4
          Apr 10, 2025 13:57:05.088037968 CEST5361306162.159.36.2192.168.2.4
          Apr 10, 2025 13:57:25.869334936 CEST53643001.1.1.1192.168.2.4
          Apr 10, 2025 13:57:25.941437006 CEST53629321.1.1.1192.168.2.4
          Apr 10, 2025 13:57:33.086124897 CEST138138192.168.2.4192.168.2.255
          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Apr 10, 2025 13:56:29.910655022 CEST192.168.2.41.1.1.10xbbd9Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Apr 10, 2025 13:56:29.910655022 CEST192.168.2.41.1.1.10xfb26Standard query (0)www.google.com65IN (0x0001)false
          Apr 10, 2025 13:56:31.904242039 CEST192.168.2.41.1.1.10x7f5fStandard query (0)storage.ml-cachehost.netA (IP address)IN (0x0001)false
          Apr 10, 2025 13:56:31.904628992 CEST192.168.2.41.1.1.10x12a3Standard query (0)storage.ml-cachehost.net65IN (0x0001)false
          Apr 10, 2025 13:56:31.932682991 CEST192.168.2.41.1.1.10xbf9cStandard query (0)storage.ml-cachehost.netA (IP address)IN (0x0001)false
          Apr 10, 2025 13:56:31.933343887 CEST192.168.2.41.1.1.10xc8c9Standard query (0)storage.ml-cachehost.net65IN (0x0001)false
          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Apr 10, 2025 13:56:30.013624907 CEST1.1.1.1192.168.2.40xbbd9No error (0)www.google.com142.251.40.132A (IP address)IN (0x0001)false
          Apr 10, 2025 13:56:30.013652086 CEST1.1.1.1192.168.2.40xfb26No error (0)www.google.com65IN (0x0001)false
          Apr 10, 2025 13:56:31.994052887 CEST1.1.1.1192.168.2.40x7f5fNo error (0)storage.ml-cachehost.net104.21.17.111A (IP address)IN (0x0001)false
          Apr 10, 2025 13:56:31.994052887 CEST1.1.1.1192.168.2.40x7f5fNo error (0)storage.ml-cachehost.net172.67.175.195A (IP address)IN (0x0001)false
          Apr 10, 2025 13:56:31.994070053 CEST1.1.1.1192.168.2.40x12a3No error (0)storage.ml-cachehost.net65IN (0x0001)false
          Apr 10, 2025 13:56:32.022794962 CEST1.1.1.1192.168.2.40xbf9cNo error (0)storage.ml-cachehost.net104.21.17.111A (IP address)IN (0x0001)false
          Apr 10, 2025 13:56:32.022794962 CEST1.1.1.1192.168.2.40xbf9cNo error (0)storage.ml-cachehost.net172.67.175.195A (IP address)IN (0x0001)false
          Apr 10, 2025 13:56:32.023842096 CEST1.1.1.1192.168.2.40xc8c9No error (0)storage.ml-cachehost.net65IN (0x0001)false
          • storage.ml-cachehost.net
          • c.pki.goog
          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.449733142.250.65.19580
          TimestampBytes transferredDirectionData
          Apr 10, 2025 13:56:38.884243011 CEST202OUTGET /r/gsr1.crl HTTP/1.1
          Cache-Control: max-age = 3000
          Connection: Keep-Alive
          Accept: */*
          If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
          User-Agent: Microsoft-CryptoAPI/10.0
          Host: c.pki.goog
          Apr 10, 2025 13:56:38.991178036 CEST1031INHTTP/1.1 200 OK
          Accept-Ranges: bytes
          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
          Cross-Origin-Resource-Policy: cross-origin
          Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
          Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
          Content-Length: 1739
          X-Content-Type-Options: nosniff
          Server: sffe
          X-XSS-Protection: 0
          Date: Thu, 10 Apr 2025 11:26:39 GMT
          Expires: Thu, 10 Apr 2025 12:16:39 GMT
          Cache-Control: public, max-age=3000
          Age: 1799
          Last-Modified: Mon, 07 Apr 2025 13:58:00 GMT
          Content-Type: application/pkix-crl
          Vary: Accept-Encoding
          Data Raw: 30 82 06 c7 30 82 05 af 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 67 6e 20 6e 76 2d 73 61 31 10 30 0e 06 03 55 04 0b 13 07 52 6f 6f 74 20 43 41 31 1b 30 19 06 03 55 04 03 13 12 47 6c 6f 62 61 6c 53 69 67 6e 20 52 6f 6f 74 20 43 41 17 0d 32 35 30 34 30 37 30 30 30 30 30 30 5a 17 0d 32 35 30 37 31 35 30 30 30 30 30 30 5a 30 82 04 f1 30 2a 02 0b 04 00 00 00 00 01 1e 44 a5 e4 04 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 29 45 c3 a8 0f 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 20 19 c1 8d 68 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2c 5e 7f 1a 88 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03
          Data Ascii: 000*H0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA250407000000Z250715000000Z00*D141125000000Z00U0*)E141125000000Z00U0* h141125000000Z00U0*,^141125000000Z00
          Apr 10, 2025 13:56:38.991211891 CEST1031INData Raw: 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 15 4b 5a c5 a7 17 0d 31 36 30 31 30 37 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2f 4e e1 49 52 17 0d 31 37 30 34 31 39 30 30 30 30 30 30 5a
          Data Ascii: U0*KZ160107000000Z00U0*/NIR170419000000Z00U0*/NG170419000000Z00U0*/N9191120000000Z00U0*/N=k191204000000Z00U0*/N;X
          Apr 10, 2025 13:56:38.991231918 CEST391INData Raw: 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2d 02 0e 46 74 37 73 59 b7 a7 4a 8b d8 50 94 c5 cb 17 0d 32 32 30 37 30 37 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 a0 2f 30 2d 30 0a 06 03 55 1d 14 04 03 02 01 61
          Data Ascii: 0000Z00U0-Ft7sYJP220707000000Z00U/0-0Ua0U#0`{fEP/}4K0*HZS.y2F6_.r!Owk[NyhMP|tiCTx@
          Apr 10, 2025 13:56:38.994697094 CEST200OUTGET /r/r4.crl HTTP/1.1
          Cache-Control: max-age = 3000
          Connection: Keep-Alive
          Accept: */*
          If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
          User-Agent: Microsoft-CryptoAPI/10.0
          Host: c.pki.goog
          Apr 10, 2025 13:56:39.095552921 CEST1031INHTTP/1.1 200 OK
          Accept-Ranges: bytes
          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
          Cross-Origin-Resource-Policy: cross-origin
          Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
          Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
          Content-Length: 530
          X-Content-Type-Options: nosniff
          Server: sffe
          X-XSS-Protection: 0
          Date: Thu, 10 Apr 2025 11:08:38 GMT
          Expires: Thu, 10 Apr 2025 11:58:38 GMT
          Cache-Control: public, max-age=3000
          Age: 2881
          Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
          Content-Type: application/pkix-crl
          Vary: Accept-Encoding
          Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c
          Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,
          Apr 10, 2025 13:56:39.095594883 CEST212INData Raw: 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 a0 2f 30 2d 30 0a 06 03 55 1d 14 04 03 02 01 17 30 1f 06 03 55 1d 23 04 18 30 16 80 14 80 4c d6 eb 74 ff 49 36 a3
          Data Ascii: XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.449726104.21.17.1114433580C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-04-10 11:56:32 UTC674OUTGET / HTTP/1.1
          Host: storage.ml-cachehost.net
          Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          Accept-Encoding: gzip, deflate, br, zstd
          Accept-Language: en-US,en;q=0.9
          2025-04-10 11:56:32 UTC433INHTTP/1.1 403 Forbidden
          Date: Thu, 10 Apr 2025 11:56:32 GMT
          Content-Type: application/xml; charset=UTF-8
          Content-Length: 111
          Connection: close
          X-Guploader-Uploadid: AKDAyIurN-5u7atQ0B4asvmrp5cNBu7usEgSaafWUErs-bN_09uaUmm8Z6BCJfX9diZ6uU3KnOCmaG8
          Expires: Thu, 10 Apr 2025 11:56:32 GMT
          Cache-Control: private, max-age=0
          Server: cloudflare
          Cf-Cache-Status: DYNAMIC
          CF-RAY: 92e20fbe5d2941fe-EWR
          alt-svc: h3=":443"; ma=86400
          2025-04-10 11:56:32 UTC111INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e
          Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.449727104.21.17.1114433580C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-04-10 11:56:32 UTC611OUTGET /favicon.ico HTTP/1.1
          Host: storage.ml-cachehost.net
          Connection: keep-alive
          sec-ch-ua-platform: "Windows"
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
          sec-ch-ua-mobile: ?0
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: image
          Referer: https://storage.ml-cachehost.net/
          Accept-Encoding: gzip, deflate, br, zstd
          Accept-Language: en-US,en;q=0.9
          2025-04-10 11:56:33 UTC425INHTTP/1.1 403 Forbidden
          Date: Thu, 10 Apr 2025 11:56:33 GMT
          Content-Type: application/xml; charset=UTF-8
          Content-Length: 111
          Connection: close
          Server: cloudflare
          X-Guploader-Uploadid: AKDAyIuagDqEWsXby2fDLvfivw1EEV-CU5ZXXD4Ea8fbDa5YAdz130R3dXweG08Vmm2XZ1Nb
          Expires: Thu, 10 Apr 2025 11:56:33 GMT
          Cache-Control: private, max-age=0
          Cf-Cache-Status: BYPASS
          CF-RAY: 92e20fc248a10c8a-EWR
          alt-svc: h3=":443"; ma=86400
          2025-04-10 11:56:33 UTC111INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e
          Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>


          020406080s020406080100

          Click to jump to process

          020406080s0.0050100MB

          Click to jump to process

          Target ID:1
          Start time:07:56:22
          Start date:10/04/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff786830000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:2
          Start time:07:56:24
          Start date:10/04/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2504,i,15659630990417481259,14184788585244410566,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2568 /prefetch:3
          Imagebase:0x7ff786830000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:4
          Start time:07:56:31
          Start date:10/04/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://storage.ml-cachehost.net"
          Imagebase:0x7ff786830000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          No disassembly