Edit tour

Windows Analysis Report
http://aka.ms/alcs

Overview

General Information

Sample URL:http://aka.ms/alcs
Analysis ID:1657075
Infos:

Detection

Score:1
Range:0 - 100
Confidence:100%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 1432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,6612443001295991405,1539537213539770634,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2372 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 1388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 142.251.40.196:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.47.169.168:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.47.169.168:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.47.169.168:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.42.22:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /alcs HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: account.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: aka.ms
Source: global trafficDNS traffic detected: DNS query: account.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 142.251.40.196:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.47.169.168:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.47.169.168:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.47.169.168:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.42.22:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir1432_1617175514Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir1432_1617175514Jump to behavior
Source: classification engineClassification label: clean1.win@21/0@10/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,6612443001295991405,1539537213539770634,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2372 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,6612443001295991405,1539537213539770634,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2372 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1657075 URL: http://aka.ms/alcs Startdate: 05/04/2025 Architecture: WINDOWS Score: 1 5 chrome.exe 2 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.4, 138, 443, 49708 unknown unknown 5->13 10 chrome.exe 5->10         started        process4 dnsIp5 15 l-0013.l-msedge.net 13.107.42.22, 443, 49726 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->15 17 www.google.com 142.251.40.196, 443, 49720, 49739 GOOGLEUS United States 10->17 19 5 other IPs or domains 10->19

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://aka.ms/alcs0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
l-0013.l-msedge.net
13.107.42.22
truefalse
    high
    www.google.com
    142.251.40.196
    truefalse
      high
      aka.ms
      23.55.206.208
      truefalse
        high
        account.live.com
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://aka.ms/alcsfalse
            high
            http://c.pki.goog/r/gsr1.crlfalse
              high
              http://c.pki.goog/r/r4.crlfalse
                high
                https://account.live.com/false
                  high
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  13.107.42.22
                  l-0013.l-msedge.netUnited States
                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  23.47.169.168
                  unknownUnited States
                  16625AKAMAI-ASUSfalse
                  142.251.40.196
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  IP
                  192.168.2.4
                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1657075
                  Start date and time:2025-04-05 03:37:21 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 3m 10s
                  Hypervisor based Inspection enabled:false
                  Report type:light
                  Cookbook file name:browseurl.jbs
                  Sample URL:http://aka.ms/alcs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:21
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:CLEAN
                  Classification:clean1.win@21/0@10/4
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                  • TCP Packets have been reduced to 100
                  • Excluded IPs from analysis (whitelisted): 142.251.40.142, 142.250.65.195, 142.250.80.110, 142.251.111.84, 142.250.65.174, 142.251.40.238, 142.250.81.238, 23.200.197.105, 23.203.176.221, 208.89.73.25, 172.217.165.142, 142.250.65.206, 142.251.35.174, 142.251.32.99, 142.251.32.110, 172.217.165.131, 184.31.69.3, 131.253.33.254, 20.12.23.50
                  • Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, account.microsoft.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, e9412.b.akamaiedge.net, account.microsoft.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtOpenFile calls found.
                  • VT rate limit hit for: http://aka.ms/alcs
                  No simulations
                  No context
                  No context
                  No context
                  No context
                  No context
                  No created / dropped files found
                  No static file info
                  • Total Packets: 70
                  • 443 (HTTPS)
                  • 80 (HTTP)
                  • 53 (DNS)
                  TimestampSource PortDest PortSource IPDest IP
                  Apr 5, 2025 03:38:19.410129070 CEST49671443192.168.2.4204.79.197.203
                  Apr 5, 2025 03:38:19.721869946 CEST49671443192.168.2.4204.79.197.203
                  Apr 5, 2025 03:38:20.331320047 CEST49671443192.168.2.4204.79.197.203
                  Apr 5, 2025 03:38:21.534337044 CEST49671443192.168.2.4204.79.197.203
                  Apr 5, 2025 03:38:24.003098011 CEST49671443192.168.2.4204.79.197.203
                  Apr 5, 2025 03:38:28.175023079 CEST49678443192.168.2.420.189.173.27
                  Apr 5, 2025 03:38:28.487071037 CEST49678443192.168.2.420.189.173.27
                  Apr 5, 2025 03:38:28.815233946 CEST49671443192.168.2.4204.79.197.203
                  Apr 5, 2025 03:38:29.096623898 CEST49678443192.168.2.420.189.173.27
                  Apr 5, 2025 03:38:29.808237076 CEST49720443192.168.2.4142.251.40.196
                  Apr 5, 2025 03:38:29.808335066 CEST44349720142.251.40.196192.168.2.4
                  Apr 5, 2025 03:38:29.808449030 CEST49720443192.168.2.4142.251.40.196
                  Apr 5, 2025 03:38:29.808609962 CEST49720443192.168.2.4142.251.40.196
                  Apr 5, 2025 03:38:29.808635950 CEST44349720142.251.40.196192.168.2.4
                  Apr 5, 2025 03:38:30.018460989 CEST44349720142.251.40.196192.168.2.4
                  Apr 5, 2025 03:38:30.018536091 CEST49720443192.168.2.4142.251.40.196
                  Apr 5, 2025 03:38:30.019875050 CEST49720443192.168.2.4142.251.40.196
                  Apr 5, 2025 03:38:30.019882917 CEST44349720142.251.40.196192.168.2.4
                  Apr 5, 2025 03:38:30.020404100 CEST44349720142.251.40.196192.168.2.4
                  Apr 5, 2025 03:38:30.066574097 CEST49720443192.168.2.4142.251.40.196
                  Apr 5, 2025 03:38:30.300972939 CEST49678443192.168.2.420.189.173.27
                  Apr 5, 2025 03:38:31.578085899 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.578169107 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.578241110 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.578660011 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.578700066 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.669918060 CEST49724443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.669953108 CEST4434972423.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.670028925 CEST49724443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.670551062 CEST49725443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.670619011 CEST4434972523.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.670694113 CEST49725443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.670878887 CEST49724443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.670908928 CEST4434972423.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.671072960 CEST49725443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.671109915 CEST4434972523.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.883970022 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.884041071 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.888170958 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.888180017 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.888540983 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.888777971 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.936280966 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.963903904 CEST4434972523.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.964070082 CEST49725443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.966950893 CEST4434972423.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.967037916 CEST49724443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.967793941 CEST49724443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.967811108 CEST4434972423.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.968255043 CEST49725443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:31.968271017 CEST4434972423.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.968285084 CEST4434972523.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:31.968640089 CEST4434972523.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:32.017453909 CEST49724443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:32.017460108 CEST49725443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:32.174612045 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:32.174969912 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:32.175048113 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:32.176875114 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:32.176876068 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:32.176915884 CEST4434972323.47.169.168192.168.2.4
                  Apr 5, 2025 03:38:32.177089930 CEST49723443192.168.2.423.47.169.168
                  Apr 5, 2025 03:38:32.311862946 CEST49726443192.168.2.413.107.42.22
                  Apr 5, 2025 03:38:32.311959982 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:32.312175035 CEST49726443192.168.2.413.107.42.22
                  Apr 5, 2025 03:38:32.312434912 CEST49726443192.168.2.413.107.42.22
                  Apr 5, 2025 03:38:32.312469006 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:32.707947969 CEST49678443192.168.2.420.189.173.27
                  Apr 5, 2025 03:38:33.304486990 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:33.304591894 CEST49726443192.168.2.413.107.42.22
                  Apr 5, 2025 03:38:33.305843115 CEST49726443192.168.2.413.107.42.22
                  Apr 5, 2025 03:38:33.305875063 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:33.306216002 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:33.306538105 CEST49726443192.168.2.413.107.42.22
                  Apr 5, 2025 03:38:33.352298021 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:33.807018042 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:33.807209015 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:33.807285070 CEST49726443192.168.2.413.107.42.22
                  Apr 5, 2025 03:38:33.809926987 CEST49726443192.168.2.413.107.42.22
                  Apr 5, 2025 03:38:33.809966087 CEST4434972613.107.42.22192.168.2.4
                  Apr 5, 2025 03:38:36.872416019 CEST4968180192.168.2.42.17.190.73
                  Apr 5, 2025 03:38:37.178082943 CEST4968180192.168.2.42.17.190.73
                  Apr 5, 2025 03:38:37.227953911 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.230549097 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.232247114 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.321255922 CEST4434970852.113.196.254192.168.2.4
                  Apr 5, 2025 03:38:37.322662115 CEST4434970852.113.196.254192.168.2.4
                  Apr 5, 2025 03:38:37.322701931 CEST4434970852.113.196.254192.168.2.4
                  Apr 5, 2025 03:38:37.322751045 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.322751045 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.323671103 CEST4434970852.113.196.254192.168.2.4
                  Apr 5, 2025 03:38:37.325396061 CEST4434970852.113.196.254192.168.2.4
                  Apr 5, 2025 03:38:37.325462103 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.328095913 CEST4434970852.113.196.254192.168.2.4
                  Apr 5, 2025 03:38:37.328182936 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.328290939 CEST4434970852.113.196.254192.168.2.4
                  Apr 5, 2025 03:38:37.328347921 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.457134008 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.509073019 CEST49708443192.168.2.452.113.196.254
                  Apr 5, 2025 03:38:37.520731926 CEST49678443192.168.2.420.189.173.27
                  TimestampSource PortDest PortSource IPDest IP
                  Apr 5, 2025 03:38:25.847260952 CEST53615421.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:25.899998903 CEST53575251.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:26.315474033 CEST53633481.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:26.952765942 CEST53499591.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:27.233221054 CEST53654391.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:29.708638906 CEST5032653192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:29.708928108 CEST5137453192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:29.807269096 CEST53513741.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:29.807390928 CEST53503261.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:31.459109068 CEST5862453192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:31.459630966 CEST5739053192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:31.478332043 CEST6388553192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:31.478594065 CEST6023153192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:31.556765079 CEST53586241.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:31.565797091 CEST53573901.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:31.568036079 CEST5698353192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:31.568212032 CEST5843853192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:31.575689077 CEST53638851.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:31.577586889 CEST53602311.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:31.666440964 CEST53584381.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:31.666779041 CEST53569831.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:32.177632093 CEST5593653192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:32.177957058 CEST5898353192.168.2.41.1.1.1
                  Apr 5, 2025 03:38:32.279289007 CEST53559361.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:32.318355083 CEST53589831.1.1.1192.168.2.4
                  Apr 5, 2025 03:38:44.274149895 CEST53597581.1.1.1192.168.2.4
                  Apr 5, 2025 03:39:03.144577980 CEST53630021.1.1.1192.168.2.4
                  Apr 5, 2025 03:39:25.293171883 CEST53604421.1.1.1192.168.2.4
                  Apr 5, 2025 03:39:25.757478952 CEST53592421.1.1.1192.168.2.4
                  Apr 5, 2025 03:39:27.638098001 CEST138138192.168.2.4192.168.2.255
                  Apr 5, 2025 03:39:27.977217913 CEST53615331.1.1.1192.168.2.4
                  TimestampSource IPDest IPChecksumCodeType
                  Apr 5, 2025 03:38:32.318454981 CEST192.168.2.41.1.1.1c287(Port unreachable)Destination Unreachable
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Apr 5, 2025 03:38:29.708638906 CEST192.168.2.41.1.1.10x8740Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:29.708928108 CEST192.168.2.41.1.1.10x187fStandard query (0)www.google.com65IN (0x0001)false
                  Apr 5, 2025 03:38:31.459109068 CEST192.168.2.41.1.1.10x268aStandard query (0)aka.msA (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:31.459630966 CEST192.168.2.41.1.1.10xf444Standard query (0)aka.ms65IN (0x0001)false
                  Apr 5, 2025 03:38:31.478332043 CEST192.168.2.41.1.1.10x794aStandard query (0)aka.msA (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:31.478594065 CEST192.168.2.41.1.1.10x43f9Standard query (0)aka.ms65IN (0x0001)false
                  Apr 5, 2025 03:38:31.568036079 CEST192.168.2.41.1.1.10xcd41Standard query (0)aka.msA (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:31.568212032 CEST192.168.2.41.1.1.10x12e0Standard query (0)aka.ms65IN (0x0001)false
                  Apr 5, 2025 03:38:32.177632093 CEST192.168.2.41.1.1.10x3a7fStandard query (0)account.live.comA (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:32.177957058 CEST192.168.2.41.1.1.10xc936Standard query (0)account.live.com65IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Apr 5, 2025 03:38:29.807269096 CEST1.1.1.1192.168.2.40x187fNo error (0)www.google.com65IN (0x0001)false
                  Apr 5, 2025 03:38:29.807390928 CEST1.1.1.1192.168.2.40x8740No error (0)www.google.com142.251.40.196A (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:31.556765079 CEST1.1.1.1192.168.2.40x268aNo error (0)aka.ms23.55.206.208A (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:31.575689077 CEST1.1.1.1192.168.2.40x794aNo error (0)aka.ms23.47.169.168A (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:31.666779041 CEST1.1.1.1192.168.2.40xcd41No error (0)aka.ms23.47.169.168A (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:32.279289007 CEST1.1.1.1192.168.2.40x3a7fNo error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false
                  Apr 5, 2025 03:38:32.279289007 CEST1.1.1.1192.168.2.40x3a7fNo error (0)account.msa.msidentity.comaccount.msa.akadns6.netCNAME (Canonical name)IN (0x0001)false
                  Apr 5, 2025 03:38:32.279289007 CEST1.1.1.1192.168.2.40x3a7fNo error (0)account.msa.akadns6.netl-0013.l-msedge.netCNAME (Canonical name)IN (0x0001)false
                  Apr 5, 2025 03:38:32.279289007 CEST1.1.1.1192.168.2.40x3a7fNo error (0)l-0013.l-msedge.net13.107.42.22A (IP address)IN (0x0001)false
                  Apr 5, 2025 03:38:32.318355083 CEST1.1.1.1192.168.2.40xc936No error (0)account.live.comaccount.msa.msidentity.comCNAME (Canonical name)IN (0x0001)false
                  Apr 5, 2025 03:38:32.318355083 CEST1.1.1.1192.168.2.40xc936No error (0)account.msa.msidentity.comaccount.msa.akadns6.netCNAME (Canonical name)IN (0x0001)false
                  Apr 5, 2025 03:38:32.318355083 CEST1.1.1.1192.168.2.40xc936No error (0)account.msa.akadns6.netl-0013.l-msedge.netCNAME (Canonical name)IN (0x0001)false
                  • aka.ms
                  • account.live.com
                  • c.pki.goog
                  All data are 0.

                  Target ID:1
                  Start time:21:38:20
                  Start date:04/04/2025
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                  Imagebase:0x7ff786830000
                  File size:3'388'000 bytes
                  MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                  Target ID:3
                  Start time:21:38:24
                  Start date:04/04/2025
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,6612443001295991405,1539537213539770634,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2372 /prefetch:3
                  Imagebase:0x7ff786830000
                  File size:3'388'000 bytes
                  MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false
                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                  Target ID:10
                  Start time:21:38:30
                  Start date:04/04/2025
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://aka.ms/alcs"
                  Imagebase:0x7ff786830000
                  File size:3'388'000 bytes
                  MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  No disassembly