Edit tour

Windows Analysis Report
http://aka.ms/alcs

Overview

General Information

Sample URL:http://aka.ms/alcs
Analysis ID:1623100
Infos:

Detection

Score:0
Range:0 - 100
Confidence:100%

Signatures

Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 3584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2164,i,12876599960963653215,2297226302192471720,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:52974 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: account.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /alcs HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: aka.ms
Source: global trafficDNS traffic detected: DNS query: account.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52979
Source: unknownNetwork traffic detected: HTTP traffic on port 52979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53084
Source: unknownNetwork traffic detected: HTTP traffic on port 53084 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: classification engineClassification label: clean0.win@23/0@6/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2164,i,12876599960963653215,2297226302192471720,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2164,i,12876599960963653215,2297226302192471720,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1623100 URL: http://aka.ms/alcs Startdate: 24/02/2025 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49738 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 l-0013.l-msedge.net 13.107.42.22, 443, 52979 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->17 19 www.google.com 172.217.18.4, 443, 49738, 53084 GOOGLEUS United States 10->19 21 4 other IPs or domains 10->21

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://aka.ms/alcs0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
l-0013.l-msedge.net
13.107.42.22
truefalse
    high
    www.google.com
    172.217.18.4
    truefalse
      high
      aka.ms
      23.211.6.73
      truefalse
        high
        account.live.com
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          http://aka.ms/alcsfalse
            high
            https://account.live.com/false
              high
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              13.107.42.22
              l-0013.l-msedge.netUnited States
              8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              239.255.255.250
              unknownReserved
              unknownunknownfalse
              172.217.18.4
              www.google.comUnited States
              15169GOOGLEUSfalse
              23.211.6.73
              aka.msUnited States
              16625AKAMAI-ASUSfalse
              IP
              192.168.2.4
              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1623100
              Start date and time:2025-02-24 21:13:02 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 3s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://aka.ms/alcs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:8
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean0.win@23/0@6/5
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.251.5.84, 142.250.185.206, 142.250.185.110, 142.250.181.238, 142.250.65.206, 74.125.6.233, 95.101.150.103, 199.232.214.172, 184.30.131.245, 216.58.206.35, 2.19.106.160, 172.202.163.200, 13.107.246.60
              • Excluded domains from analysis (whitelisted): account.microsoft.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, e9412.b.akamaiedge.net, account.microsoft.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, r4---sn-5ualdnls.gvt1.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, r4.sn-5ualdnls.gvt1.com
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: http://aka.ms/alcs
              No simulations
              No context
              No context
              No context
              No context
              No context
              No created / dropped files found
              No static file info

              Download Network PCAP: filteredfull

              • Total Packets: 52
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Feb 24, 2025 21:14:02.373167038 CET49675443192.168.2.4173.222.162.32
              Feb 24, 2025 21:14:05.959264040 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:05.959378958 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:05.959450006 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:05.959757090 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:05.959794998 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:06.602292061 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:06.602996111 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:06.603065968 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:06.604064941 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:06.604249001 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:06.605750084 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:06.605819941 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:06.651573896 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:06.651624918 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:06.698427916 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:07.550412893 CET5297453192.168.2.41.1.1.1
              Feb 24, 2025 21:14:07.555490971 CET53529741.1.1.1192.168.2.4
              Feb 24, 2025 21:14:07.555587053 CET5297453192.168.2.41.1.1.1
              Feb 24, 2025 21:14:07.555660963 CET5297453192.168.2.41.1.1.1
              Feb 24, 2025 21:14:07.560725927 CET53529741.1.1.1192.168.2.4
              Feb 24, 2025 21:14:07.816833973 CET5297580192.168.2.423.211.6.73
              Feb 24, 2025 21:14:07.817034960 CET5297680192.168.2.423.211.6.73
              Feb 24, 2025 21:14:07.821923018 CET805297523.211.6.73192.168.2.4
              Feb 24, 2025 21:14:07.821983099 CET5297580192.168.2.423.211.6.73
              Feb 24, 2025 21:14:07.822084904 CET805297623.211.6.73192.168.2.4
              Feb 24, 2025 21:14:07.822129965 CET5297680192.168.2.423.211.6.73
              Feb 24, 2025 21:14:07.831203938 CET5297580192.168.2.423.211.6.73
              Feb 24, 2025 21:14:07.836208105 CET805297523.211.6.73192.168.2.4
              Feb 24, 2025 21:14:08.022547007 CET53529741.1.1.1192.168.2.4
              Feb 24, 2025 21:14:08.023305893 CET5297453192.168.2.41.1.1.1
              Feb 24, 2025 21:14:08.028683901 CET53529741.1.1.1192.168.2.4
              Feb 24, 2025 21:14:08.028734922 CET5297453192.168.2.41.1.1.1
              Feb 24, 2025 21:14:08.656815052 CET805297523.211.6.73192.168.2.4
              Feb 24, 2025 21:14:08.668183088 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:08.668255091 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:08.668320894 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:08.668695927 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:08.668718100 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:08.702317953 CET5297580192.168.2.423.211.6.73
              Feb 24, 2025 21:14:09.242378950 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:09.242707014 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:09.242744923 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:09.243683100 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:09.243850946 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:09.249761105 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:09.249761105 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:09.249789953 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:09.249852896 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:09.304585934 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:09.304601908 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:09.354840994 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:09.449747086 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:09.449831009 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:09.450278997 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:09.452311039 CET52979443192.168.2.413.107.42.22
              Feb 24, 2025 21:14:09.452341080 CET4435297913.107.42.22192.168.2.4
              Feb 24, 2025 21:14:16.501070023 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:16.501152039 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:16.501223087 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:16.701591969 CET49738443192.168.2.4172.217.18.4
              Feb 24, 2025 21:14:16.701622963 CET44349738172.217.18.4192.168.2.4
              Feb 24, 2025 21:14:43.951514006 CET805297623.211.6.73192.168.2.4
              Feb 24, 2025 21:14:43.951598883 CET805297623.211.6.73192.168.2.4
              Feb 24, 2025 21:14:43.951798916 CET5297680192.168.2.423.211.6.73
              Feb 24, 2025 21:14:53.666614056 CET5297580192.168.2.423.211.6.73
              Feb 24, 2025 21:14:53.671788931 CET805297523.211.6.73192.168.2.4
              Feb 24, 2025 21:15:06.013756037 CET53084443192.168.2.4172.217.18.4
              Feb 24, 2025 21:15:06.013803959 CET44353084172.217.18.4192.168.2.4
              Feb 24, 2025 21:15:06.013879061 CET53084443192.168.2.4172.217.18.4
              Feb 24, 2025 21:15:06.014153004 CET53084443192.168.2.4172.217.18.4
              Feb 24, 2025 21:15:06.014167070 CET44353084172.217.18.4192.168.2.4
              Feb 24, 2025 21:15:06.652848005 CET44353084172.217.18.4192.168.2.4
              Feb 24, 2025 21:15:06.654300928 CET53084443192.168.2.4172.217.18.4
              Feb 24, 2025 21:15:06.654315948 CET44353084172.217.18.4192.168.2.4
              Feb 24, 2025 21:15:06.655775070 CET44353084172.217.18.4192.168.2.4
              Feb 24, 2025 21:15:06.656223059 CET53084443192.168.2.4172.217.18.4
              Feb 24, 2025 21:15:06.656478882 CET44353084172.217.18.4192.168.2.4
              Feb 24, 2025 21:15:06.698220015 CET53084443192.168.2.4172.217.18.4
              Feb 24, 2025 21:15:07.858764887 CET5297680192.168.2.423.211.6.73
              Feb 24, 2025 21:15:07.858808994 CET5297680192.168.2.423.211.6.73
              Feb 24, 2025 21:15:07.863869905 CET805297623.211.6.73192.168.2.4
              Feb 24, 2025 21:15:07.863945961 CET5297680192.168.2.423.211.6.73
              Feb 24, 2025 21:15:16.550935030 CET44353084172.217.18.4192.168.2.4
              Feb 24, 2025 21:15:16.551038027 CET44353084172.217.18.4192.168.2.4
              Feb 24, 2025 21:15:16.551076889 CET53084443192.168.2.4172.217.18.4
              Feb 24, 2025 21:15:16.670612097 CET53084443192.168.2.4172.217.18.4
              Feb 24, 2025 21:15:16.670630932 CET44353084172.217.18.4192.168.2.4
              TimestampSource PortDest PortSource IPDest IP
              Feb 24, 2025 21:14:02.489808083 CET53526741.1.1.1192.168.2.4
              Feb 24, 2025 21:14:02.502490997 CET53572241.1.1.1192.168.2.4
              Feb 24, 2025 21:14:03.506043911 CET53546521.1.1.1192.168.2.4
              Feb 24, 2025 21:14:05.950393915 CET6032953192.168.2.41.1.1.1
              Feb 24, 2025 21:14:05.950753927 CET5951553192.168.2.41.1.1.1
              Feb 24, 2025 21:14:05.958031893 CET53603291.1.1.1192.168.2.4
              Feb 24, 2025 21:14:05.958075047 CET53595151.1.1.1192.168.2.4
              Feb 24, 2025 21:14:07.549738884 CET53620091.1.1.1192.168.2.4
              Feb 24, 2025 21:14:07.806796074 CET6310953192.168.2.41.1.1.1
              Feb 24, 2025 21:14:07.807003021 CET5413353192.168.2.41.1.1.1
              Feb 24, 2025 21:14:07.815093040 CET53541331.1.1.1192.168.2.4
              Feb 24, 2025 21:14:07.815206051 CET53631091.1.1.1192.168.2.4
              Feb 24, 2025 21:14:08.659619093 CET6394753192.168.2.41.1.1.1
              Feb 24, 2025 21:14:08.659674883 CET6546853192.168.2.41.1.1.1
              Feb 24, 2025 21:14:08.667455912 CET53639471.1.1.1192.168.2.4
              Feb 24, 2025 21:14:08.667622089 CET53654681.1.1.1192.168.2.4
              Feb 24, 2025 21:14:15.475858927 CET138138192.168.2.4192.168.2.255
              Feb 24, 2025 21:15:01.429389000 CET53508571.1.1.1192.168.2.4
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Feb 24, 2025 21:14:05.950393915 CET192.168.2.41.1.1.10xdf81Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Feb 24, 2025 21:14:05.950753927 CET192.168.2.41.1.1.10x2f36Standard query (0)www.google.com65IN (0x0001)false
              Feb 24, 2025 21:14:07.806796074 CET192.168.2.41.1.1.10xa461Standard query (0)aka.msA (IP address)IN (0x0001)false
              Feb 24, 2025 21:14:07.807003021 CET192.168.2.41.1.1.10x35f1Standard query (0)aka.ms65IN (0x0001)false
              Feb 24, 2025 21:14:08.659619093 CET192.168.2.41.1.1.10xf6b9Standard query (0)account.live.comA (IP address)IN (0x0001)false
              Feb 24, 2025 21:14:08.659674883 CET192.168.2.41.1.1.10x4bd4Standard query (0)account.live.com65IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Feb 24, 2025 21:14:05.958031893 CET1.1.1.1192.168.2.40xdf81No error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
              Feb 24, 2025 21:14:05.958075047 CET1.1.1.1192.168.2.40x2f36No error (0)www.google.com65IN (0x0001)false
              Feb 24, 2025 21:14:07.815206051 CET1.1.1.1192.168.2.40xa461No error (0)aka.ms23.211.6.73A (IP address)IN (0x0001)false
              Feb 24, 2025 21:14:08.667455912 CET1.1.1.1192.168.2.40xf6b9No error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false
              Feb 24, 2025 21:14:08.667455912 CET1.1.1.1192.168.2.40xf6b9No error (0)account.msa.msidentity.comaccount.msa.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
              Feb 24, 2025 21:14:08.667455912 CET1.1.1.1192.168.2.40xf6b9No error (0)account.msa.trafficmanager.netl-0013.l-msedge.netCNAME (Canonical name)IN (0x0001)false
              Feb 24, 2025 21:14:08.667455912 CET1.1.1.1192.168.2.40xf6b9No error (0)l-0013.l-msedge.net13.107.42.22A (IP address)IN (0x0001)false
              Feb 24, 2025 21:14:08.667622089 CET1.1.1.1192.168.2.40x4bd4No error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false
              Feb 24, 2025 21:14:08.667622089 CET1.1.1.1192.168.2.40x4bd4No error (0)account.msa.msidentity.comaccount.msa.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
              Feb 24, 2025 21:14:08.667622089 CET1.1.1.1192.168.2.40x4bd4No error (0)account.msa.trafficmanager.netl-0013.l-msedge.netCNAME (Canonical name)IN (0x0001)false
              • account.live.com
              • aka.ms
              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.45297523.211.6.73803400C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Feb 24, 2025 21:14:07.831203938 CET425OUTGET /alcs HTTP/1.1
              Host: aka.ms
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Feb 24, 2025 21:14:08.656815052 CET371INHTTP/1.1 301 Moved Permanently
              Content-Length: 0
              Server: Kestrel
              Location: https://account.live.com/
              Request-Context: appId=cid-v1:d94c0f68-64bf-4036-8409-a0e761bb7ee1
              X-Response-Cache-Status: True
              Expires: Mon, 24 Feb 2025 20:14:08 GMT
              Cache-Control: max-age=0, no-cache, no-store
              Pragma: no-cache
              Date: Mon, 24 Feb 2025 20:14:08 GMT
              Connection: keep-alive
              Feb 24, 2025 21:14:53.666614056 CET6OUTData Raw: 00
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.45297623.211.6.73803400C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Feb 24, 2025 21:14:43.951514006 CET508INHTTP/1.0 408 Request Time-out
              Server: AkamaiGHost
              Mime-Version: 1.0
              Date: Mon, 24 Feb 2025 20:14:43 GMT
              Content-Type: text/html
              Content-Length: 312
              Expires: Mon, 24 Feb 2025 20:14:43 GMT
              Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 52 65 71 75 65 73 74 20 54 69 6d 65 6f 75 74 3c 2f 48 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 74 69 6d 65 64 20 6f 75 74 20 77 68 69 6c 65 20 77 61 69 74 69 6e 67 20 66 6f 72 20 74 68 65 20 62 72 6f 77 73 65 72 27 73 20 72 65 71 75 65 73 74 2e 3c 50 3e 0a 52 65 66 65 72 65 6e 63 65 26 23 33 32 3b 26 23 33 35 3b 32 26 23 34 36 3b 35 35 32 34 33 35 30 26 23 34 36 3b 31 37 34 30 34 32 38 30 38 33 26 23 34 36 3b 30 0a 3c 50 3e 68 74 74 70 73 26 23 35 38 3b 26 23 34 37 3b 26 23 34 37 3b 65 72 72 6f 72 73 26 23 34 36 3b 65 64 67 65 73 75 69 74 65 26 23 34 36 3b 6e 65 74 26 23 34 37 3b 32 26 23 34 36 3b 35 35 32 34 33 35 30 26 23 34 36 3b 31 37 34 30 34 32 38 30 38 33 26 23 34 36 3b 30 3c 2f 50 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a
              Data Ascii: <HTML><HEAD><TITLE>Request Timeout</TITLE></HEAD><BODY><H1>Request Timeout</H1>The server timed out while waiting for the browser's request.<P>Reference&#32;&#35;2&#46;5524350&#46;1740428083&#46;0<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;2&#46;5524350&#46;1740428083&#46;0</P></BODY></HTML>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.45297913.107.42.224433400C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-02-24 20:14:09 UTC659OUTGET / HTTP/1.1
              Host: account.live.com
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-02-24 20:14:09 UTC1238INHTTP/1.1 301 Moved Permanently
              Cache-Control: no-cache, no-store
              Pragma: no-cache
              Content-Length: 201
              Content-Type: text/html; charset=utf-8
              Expires: -1
              Location: https://account.microsoft.com/?lang=en-US&refd=account.live.com&refp=landing
              P3P: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PUR
              Set-Cookie: amsc=22f+N26vA/W7LN6vnub9waPFwEktCJ6njadNKbniIHiElHOc9tLqhL26aaLuCKyJ2FqfJjR0sSbPmSx63e9zmT6fLL5Bn8O7+Zk5LG8Lgc9JlOFztfnI7IxpsajvARu/q6nvX7A64tZWSoI0s66yISYQKFKdwC1wBbEj2/fIz1Aoy0G+PHUx5zTJem2WS42GYHWB0Gw690B7xnYsYRaXUxRFqzKvvJvKtwDr0CDArDkuJRb3FD+moBaKyXghglmm:2:3c; domain=.live.com; path=/; secure; HttpOnly; SameSite=None
              X-Frame-Options: deny
              x-ms-amserver: WUSXXXX01L2 (2.0.3775.2)
              x-ms-amserver-tm: 0ms
              x-ms-request-id: 0e91153b-626e-4ce8-a410-45c01f55f820
              Referrer-Policy: strict-origin-when-cross-origin
              AMServer: WUSXXXXFD0001L2
              X-Content-Type-Options: nosniff
              X-XSS-Protection: 1; mode=block
              Strict-Transport-Security: max-age=31536000; includeSubDomains
              X-Cache: CONFIG_NOCACHE
              X-MSEdge-Ref: Ref A: 0E91153B626E4CE8A41045C01F55F820 Ref B: EWR311000104021 Ref C: 2025-02-24T20:14:09Z
              Date: Mon, 24 Feb 2025 20:14:09 GMT
              Connection: close
              2025-02-24 20:14:09 UTC201INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 3f 6c 61 6e 67 3d 65 6e 2d 55 53 26 61 6d 70 3b 72 65 66 64 3d 61 63 63 6f 75 6e 74 2e 6c 69 76 65 2e 63 6f 6d 26 61 6d 70 3b 72 65 66 70 3d 6c 61 6e 64 69 6e 67 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
              Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://account.microsoft.com/?lang=en-US&amp;refd=account.live.com&amp;refp=landing">here</a>.</h2></body></html>


              020406080s020406080100

              Click to jump to process

              020406080s0.0020406080100MB

              Click to jump to process

              Target ID:0
              Start time:15:13:58
              Start date:24/02/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:2
              Start time:15:14:00
              Start date:24/02/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2164,i,12876599960963653215,2297226302192471720,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:3
              Start time:15:14:06
              Start date:24/02/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              No disassembly