Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://aka.ms/alcs

Overview

General Information

Sample URL:http://aka.ms/alcs
Analysis ID:1582676
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1892,i,11508418087111820222,14098348221808460346,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /alcs HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: aka.ms
Source: global trafficDNS traffic detected: DNS query: account.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: classification engineClassification label: clean0.win@23/0@6/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1892,i,11508418087111820222,14098348221808460346,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1892,i,11508418087111820222,14098348221808460346,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1582676 URL: http://aka.ms/alcs Startdate: 31/12/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49723 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.185.196, 443, 49738, 49830 GOOGLEUS United States 10->17 19 aka.ms 104.119.110.121, 49740, 49741, 80 AKAMAI-ASUS United States 10->19 21 account.live.com 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://aka.ms/alcs0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.185.196
truefalse
    		high
    aka.ms
    		104.119.110.121
    		truefalse
      		high
      account.live.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://aka.ms/alcsfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          142.250.185.196
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          104.119.110.121
          		aka.msUnited States
          		16625AKAMAI-ASUSfalse

          Private

          IP
          192.168.2.4

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1582676
          Start date and time:2024-12-31 09:09:14 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 0s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://aka.ms/alcs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:8
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean0.win@23/0@6/4
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.181.238, 173.194.76.84, 13.107.42.22, 95.101.150.103, 84.201.210.39, 192.229.221.95, 172.217.16.195, 184.28.90.27, 20.12.23.50, 13.107.246.45
          • Excluded domains from analysis (whitelisted): account.microsoft.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, e9412.b.akamaiedge.net, account.microsoft.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, account.msa.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, edgedl.me.gvt1.com, l-0013.l-msedge.net, update.googleapis.com, account.msa.msidentity.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: http://aka.ms/alcs

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          No static file info

          Network Behavior

          Download Network PCAP: filteredfull

          Network Port Distribution

          • Total Packets: 40
          • 443 (HTTPS)
          • 80 (HTTP)
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Dec 31, 2024 09:10:17.604785919 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:17.604816914 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:17.604880095 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:17.605113983 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:17.605127096 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:18.234025002 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:18.234402895 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:18.234433889 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:18.235332012 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:18.235421896 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:18.236588001 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:18.236656904 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:18.277614117 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:18.277628899 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:18.324454069 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:19.195560932 CET4974080192.168.2.4104.119.110.121
          Dec 31, 2024 09:10:19.195810080 CET4974180192.168.2.4104.119.110.121
          Dec 31, 2024 09:10:19.200432062 CET8049740104.119.110.121192.168.2.4
          Dec 31, 2024 09:10:19.200489044 CET4974080192.168.2.4104.119.110.121
          Dec 31, 2024 09:10:19.200642109 CET4974080192.168.2.4104.119.110.121
          Dec 31, 2024 09:10:19.200795889 CET8049741104.119.110.121192.168.2.4
          Dec 31, 2024 09:10:19.200848103 CET4974180192.168.2.4104.119.110.121
          Dec 31, 2024 09:10:19.205424070 CET8049740104.119.110.121192.168.2.4
          Dec 31, 2024 09:10:19.985728025 CET8049740104.119.110.121192.168.2.4
          Dec 31, 2024 09:10:20.029903889 CET4974080192.168.2.4104.119.110.121
          Dec 31, 2024 09:10:26.917785883 CET4972380192.168.2.4199.232.214.172
          Dec 31, 2024 09:10:26.922761917 CET8049723199.232.214.172192.168.2.4
          Dec 31, 2024 09:10:26.922820091 CET4972380192.168.2.4199.232.214.172
          Dec 31, 2024 09:10:28.161020994 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:28.161109924 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:28.161160946 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:28.402777910 CET49738443192.168.2.4142.250.185.196
          Dec 31, 2024 09:10:28.402823925 CET44349738142.250.185.196192.168.2.4
          Dec 31, 2024 09:10:55.169640064 CET8049741104.119.110.121192.168.2.4
          Dec 31, 2024 09:10:55.169769049 CET8049741104.119.110.121192.168.2.4
          Dec 31, 2024 09:10:55.169826984 CET4974180192.168.2.4104.119.110.121
          Dec 31, 2024 09:11:04.988274097 CET4974080192.168.2.4104.119.110.121
          Dec 31, 2024 09:11:04.993453979 CET8049740104.119.110.121192.168.2.4
          Dec 31, 2024 09:11:15.872525930 CET4972480192.168.2.4199.232.214.172
          Dec 31, 2024 09:11:15.877523899 CET8049724199.232.214.172192.168.2.4
          Dec 31, 2024 09:11:15.877588987 CET4972480192.168.2.4199.232.214.172
          Dec 31, 2024 09:11:17.654361010 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:17.654407978 CET44349830142.250.185.196192.168.2.4
          Dec 31, 2024 09:11:17.654489040 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:17.654757023 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:17.654769897 CET44349830142.250.185.196192.168.2.4
          Dec 31, 2024 09:11:18.291143894 CET44349830142.250.185.196192.168.2.4
          Dec 31, 2024 09:11:18.333756924 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:18.355753899 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:18.355761051 CET44349830142.250.185.196192.168.2.4
          Dec 31, 2024 09:11:18.356189966 CET44349830142.250.185.196192.168.2.4
          Dec 31, 2024 09:11:18.383445024 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:18.383512020 CET44349830142.250.185.196192.168.2.4
          Dec 31, 2024 09:11:18.424485922 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:20.404480934 CET4974180192.168.2.4104.119.110.121
          Dec 31, 2024 09:11:20.404499054 CET4974180192.168.2.4104.119.110.121
          Dec 31, 2024 09:11:20.409277916 CET8049741104.119.110.121192.168.2.4
          Dec 31, 2024 09:11:20.409348965 CET4974180192.168.2.4104.119.110.121
          Dec 31, 2024 09:11:28.196894884 CET44349830142.250.185.196192.168.2.4
          Dec 31, 2024 09:11:28.196954012 CET44349830142.250.185.196192.168.2.4
          Dec 31, 2024 09:11:28.197006941 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:28.415477037 CET49830443192.168.2.4142.250.185.196
          Dec 31, 2024 09:11:28.415491104 CET44349830142.250.185.196192.168.2.4
          TimestampSource PortDest PortSource IPDest IP
          Dec 31, 2024 09:10:13.982002020 CET53553241.1.1.1192.168.2.4
          Dec 31, 2024 09:10:14.045372009 CET53588621.1.1.1192.168.2.4
          Dec 31, 2024 09:10:15.129550934 CET53545451.1.1.1192.168.2.4
          Dec 31, 2024 09:10:17.595921993 CET6475653192.168.2.41.1.1.1
          Dec 31, 2024 09:10:17.596067905 CET5065153192.168.2.41.1.1.1
          Dec 31, 2024 09:10:17.602794886 CET53506511.1.1.1192.168.2.4
          Dec 31, 2024 09:10:17.604042053 CET53647561.1.1.1192.168.2.4
          Dec 31, 2024 09:10:19.178082943 CET5608153192.168.2.41.1.1.1
          Dec 31, 2024 09:10:19.180351019 CET5783853192.168.2.41.1.1.1
          Dec 31, 2024 09:10:19.185362101 CET53560811.1.1.1192.168.2.4
          Dec 31, 2024 09:10:19.188059092 CET53578381.1.1.1192.168.2.4
          Dec 31, 2024 09:10:19.988049030 CET6090553192.168.2.41.1.1.1
          Dec 31, 2024 09:10:19.988389015 CET5588253192.168.2.41.1.1.1
          Dec 31, 2024 09:10:27.414212942 CET138138192.168.2.4192.168.2.255
          Dec 31, 2024 09:10:32.051496029 CET53628251.1.1.1192.168.2.4
          Dec 31, 2024 09:10:50.990643024 CET53567741.1.1.1192.168.2.4
          Dec 31, 2024 09:11:13.443505049 CET53511321.1.1.1192.168.2.4
          Dec 31, 2024 09:11:13.553817987 CET53560331.1.1.1192.168.2.4
          TimestampSource IPDest IPChecksumCodeType
          Dec 31, 2024 09:10:20.018861055 CET192.168.2.41.1.1.1c28e(Port unreachable)Destination Unreachable

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Dec 31, 2024 09:10:17.595921993 CET192.168.2.41.1.1.10xfa62Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Dec 31, 2024 09:10:17.596067905 CET192.168.2.41.1.1.10xe29aStandard query (0)www.google.com65IN (0x0001)false
          Dec 31, 2024 09:10:19.178082943 CET192.168.2.41.1.1.10xae2Standard query (0)aka.msA (IP address)IN (0x0001)false
          Dec 31, 2024 09:10:19.180351019 CET192.168.2.41.1.1.10xf149Standard query (0)aka.ms65IN (0x0001)false
          Dec 31, 2024 09:10:19.988049030 CET192.168.2.41.1.1.10x4e38Standard query (0)account.live.comA (IP address)IN (0x0001)false
          Dec 31, 2024 09:10:19.988389015 CET192.168.2.41.1.1.10x3a99Standard query (0)account.live.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Dec 31, 2024 09:10:17.602794886 CET1.1.1.1192.168.2.40xe29aNo error (0)www.google.com65IN (0x0001)false
          Dec 31, 2024 09:10:17.604042053 CET1.1.1.1192.168.2.40xfa62No error (0)www.google.com142.250.185.196A (IP address)IN (0x0001)false
          Dec 31, 2024 09:10:19.185362101 CET1.1.1.1192.168.2.40xae2No error (0)aka.ms104.119.110.121A (IP address)IN (0x0001)false
          Dec 31, 2024 09:10:19.995367050 CET1.1.1.1192.168.2.40x4e38No error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false
          Dec 31, 2024 09:10:20.018760920 CET1.1.1.1192.168.2.40x3a99No error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false

          HTTP Request Dependency Graph

          • aka.ms

          HTTP Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.449740104.119.110.121808C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          Dec 31, 2024 09:10:19.200642109 CET425OUTGET /alcs HTTP/1.1
          Host: aka.ms
          Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Dec 31, 2024 09:10:19.985728025 CET371INHTTP/1.1 301 Moved Permanently
          Content-Length: 0
          Server: Kestrel
          Location: https://account.live.com/
          Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
          X-Response-Cache-Status: True
          Expires: Tue, 31 Dec 2024 08:10:19 GMT
          Cache-Control: max-age=0, no-cache, no-store
          Pragma: no-cache
          Date: Tue, 31 Dec 2024 08:10:19 GMT
          Connection: keep-alive
          Dec 31, 2024 09:11:04.988274097 CET6OUTData Raw: 00
          Data Ascii:


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.449741104.119.110.121808C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          Dec 31, 2024 09:10:55.169640064 CET510INHTTP/1.0 408 Request Time-out
          Server: AkamaiGHost
          Mime-Version: 1.0
          Date: Tue, 31 Dec 2024 08:10:55 GMT
          Content-Type: text/html
          Content-Length: 314
          Expires: Tue, 31 Dec 2024 08:10:55 GMT
          Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 48 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 74 69 6d 65 64 20 6f 75 74 20 77 68 69 6c 65 20 77 61 69 74 69 6e 67 20 66 6f 72 20 74 68 65 20 62 72 6f 77 73 65 72 27 73 20 72 65 71 75 65 73 74 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 32 26 23 34 36 3b 36 34 62 32 30 66 31 37 26 23 34 36 3b 31 37 33 35 36 33 32 36 35 35 26 23 34 36 3b 30 0a 3c 50 3e 68 74 74 70 73 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 65 72 72 6f 72 73 26 23 34 36 3b 65 64 67 65 73 75 69 74 65 26 23 34 36 3b 6e 65 74 26 23 34 37 3b 32 26 23 34 36 3b 36 34 62 32 30 66 31 37 26 23 34 36 3b 31 37 33 35 36 33 32 36 35 35 26 23 34 36 3b 30 3c 2f 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
          Data Ascii: <HTML><HEAD><TITLE>Request Timeout</TITLE></HEAD><BODY><H1>Request Timeout</H1>The server timed out while waiting for the browser's request.<P>Reference&#32;&#35;2&#46;64b20f17&#46;1735632655&#46;0<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;2&#46;64b20f17&#46;1735632655&#46;0</P></BODY></HTML>


          Statistics

          CPU Usage

          020406080s020406080100

          Click to jump to process

          Memory Usage

          020406080s0.0020406080100MB

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:03:10:06
          Start date:31/12/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false
          Show Windows behavior

          File Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Process Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Memory Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Process Token Activities


          General

          Target ID:2
          Start time:03:10:12
          Start date:31/12/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1892,i,11508418087111820222,14098348221808460346,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false
          Show Windows behavior

          File Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Memory Activities


          General

          Target ID:3
          Start time:03:10:18
          Start date:31/12/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs"
          Imagebase:0x7ff76e190000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          Disassembly

          No disassembly