Edit tour

Windows Analysis Report
http://acemlnb.com

Overview

General Information

Sample URL:	http://acemlnb.com
Analysis ID:	1591005
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1908,i,14559979001727124633,18345788462797540144,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://acemlnb.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://acemlnb.activehosted.com/

HTTP Parser: No favicon

Source: global traffic

TCP traffic: 192.168.2.8:52287 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: acemlnb.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: acemlnb.activehosted.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: acemlnb.activehosted.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://acemlnb.activehosted.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=HFfhM9mnsMlnT26rL2Bqf.Vqrd08XSw11kMQgtTlEYA-1736867362-1.0.1.1-IfdrA_ABBxbZH7baGZpnAKvE2n_MSB_1JF_QGOzS4pgt8Rz.2IJGSvO4EQ0WM_zmxIJ27v.Hk0Mq5d3rHyh29g

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: acemlnb.com
Source: global traffic	DNS traffic detected: DNS query: acemlnb.activehosted.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Jan 2025 15:09:22 GMTContent-Type: text/plain; charset=utf-8Content-Length: 14Connection: closex-content-type-options: nosniffCF-Cache-Status: DYNAMICSet-Cookie: __cf_bm=HFfhM9mnsMlnT26rL2Bqf.Vqrd08XSw11kMQgtTlEYA-1736867362-1.0.1.1-IfdrA_ABBxbZH7baGZpnAKvE2n_MSB_1JF_QGOzS4pgt8Rz.2IJGSvO4EQ0WM_zmxIJ27v.Hk0Mq5d3rHyh29g; path=/; expires=Tue, 14-Jan-25 15:39:22 GMT; domain=.activehosted.com; HttpOnly; Secure; SameSite=NoneStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadServer: cloudflareCF-RAY: 901e8bf8ab2643fb-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 14 Jan 2025 15:09:23 GMTContent-Type: text/plain; charset=utf-8Content-Length: 14Connection: closex-content-type-options: nosniffCF-Cache-Status: HITExpires: Tue, 14 Jan 2025 19:09:23 GMTCache-Control: public, max-age=14400Strict-Transport-Security: max-age=63072000; includeSubDomains; preloadServer: cloudflareCF-RAY: 901e8bfd3e319e02-EWR

Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn
Source: sets.json.0.dr	String found in binary or memory: https://zoom.com
Source: sets.json.0.dr	String found in binary or memory: https://zoom.us

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_3436_1862405482

Jump to behavior

Source: classification engine

Classification label: clean2.win@18/15@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1908,i,14559979001727124633,18345788462797540144,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://acemlnb.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1908,i,14559979001727124633,18345788462797540144,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://acemlnb.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
acemlnb.activehosted.com	104.17.205.31	true	false	unknown
acemlnb.com	54.235.205.181	true	false	high
www.google.com	142.250.185.100	true	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://wieistmeineip.de	sets.json.0.dr	false	high
https://mercadoshops.com.co	sets.json.0.dr	false	high
https://gliadomain.com	sets.json.0.dr	false	high
https://poalim.xyz	sets.json.0.dr	false	high
https://mercadolivre.com	sets.json.0.dr	false	high
https://reshim.org	sets.json.0.dr	false	high
https://nourishingpursuits.com	sets.json.0.dr	false	high
https://medonet.pl	sets.json.0.dr	false	high
https://unotv.com	sets.json.0.dr	false	high
https://mercadoshops.com.br	sets.json.0.dr	false	high
https://joyreactor.cc	sets.json.0.dr	false	high
https://zdrowietvn.pl	sets.json.0.dr	false	high
https://johndeere.com	sets.json.0.dr	false	high
https://songstats.com	sets.json.0.dr	false	high
https://baomoi.com	sets.json.0.dr	false	high
https://supereva.it	sets.json.0.dr	false	high
https://elfinancierocr.com	sets.json.0.dr	false	high
https://bolasport.com	sets.json.0.dr	false	high
https://rws1nvtvt.com	sets.json.0.dr	false	high
https://desimartini.com	sets.json.0.dr	false	high
https://hearty.app	sets.json.0.dr	false	high
https://hearty.gift	sets.json.0.dr	false	high
https://mercadoshops.com	sets.json.0.dr	false	high
https://heartymail.com	sets.json.0.dr	false	high
https://nlc.hu	sets.json.0.dr	false	high
https://p106.net	sets.json.0.dr	false	high
https://radio2.be	sets.json.0.dr	false	high
https://finn.no	sets.json.0.dr	false	high
https://hc1.com	sets.json.0.dr	false	high
https://kompas.tv	sets.json.0.dr	false	high
https://mystudentdashboard.com	sets.json.0.dr	false	high
https://songshare.com	sets.json.0.dr	false	high
https://smaker.pl	sets.json.0.dr	false	high
https://mercadopago.com.mx	sets.json.0.dr	false	high
https://p24.hu	sets.json.0.dr	false	high
https://talkdeskqaid.com	sets.json.0.dr	false	high
https://24.hu	sets.json.0.dr	false	high
https://mercadopago.com.pe	sets.json.0.dr	false	high
https://cardsayings.net	sets.json.0.dr	false	high
https://text.com	sets.json.0.dr	false	high
https://mightytext.net	sets.json.0.dr	false	high
https://pudelek.pl	sets.json.0.dr	false	high
https://hazipatika.com	sets.json.0.dr	false	high
https://joyreactor.com	sets.json.0.dr	false	high
https://cookreactor.com	sets.json.0.dr	false	high
https://wildixin.com	sets.json.0.dr	false	high
https://eworkbookcloud.com	sets.json.0.dr	false	high
https://cognitiveai.ru	sets.json.0.dr	false	high
https://nacion.com	sets.json.0.dr	false	high
https://chennien.com	sets.json.0.dr	false	high
https://drimer.travel	sets.json.0.dr	false	high
https://deccoria.pl	sets.json.0.dr	false	high
https://mercadopago.cl	sets.json.0.dr	false	high
https://talkdeskstgid.com	sets.json.0.dr	false	high
https://naukri.com	sets.json.0.dr	false	high
https://interia.pl	sets.json.0.dr	false	high
https://bonvivir.com	sets.json.0.dr	false	high
https://carcostadvisor.be	sets.json.0.dr	false	high
https://salemovetravel.com	sets.json.0.dr	false	high
https://sapo.io	sets.json.0.dr	false	high
https://wpext.pl	sets.json.0.dr	false	high
https://welt.de	sets.json.0.dr	false	high
https://poalim.site	sets.json.0.dr	false	high
https://drimer.io	sets.json.0.dr	false	high
https://infoedgeindia.com	sets.json.0.dr	false	high
https://blackrockadvisorelite.it	sets.json.0.dr	false	high
https://cognitive-ai.ru	sets.json.0.dr	false	high
https://cafemedia.com	sets.json.0.dr	false	high
https://graziadaily.co.uk	sets.json.0.dr	false	high
https://thirdspace.org.au	sets.json.0.dr	false	high
https://mercadoshops.com.ar	sets.json.0.dr	false	high
https://smpn106jkt.sch.id	sets.json.0.dr	false	high
https://elpais.uy	sets.json.0.dr	false	high
https://landyrev.com	sets.json.0.dr	false	high
https://the42.ie	sets.json.0.dr	false	high
https://commentcamarche.com	sets.json.0.dr	false	high
https://tucarro.com.ve	sets.json.0.dr	false	high
https://rws3nvtvt.com	sets.json.0.dr	false	high
https://eleconomista.net	sets.json.0.dr	false	high
https://helpdesk.com	sets.json.0.dr	false	high
https://mercadolivre.com.br	sets.json.0.dr	false	high
https://clmbtech.com	sets.json.0.dr	false	high
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	high
https://07c225f3.online	sets.json.0.dr	false	high
https://salemovefinancial.com	sets.json.0.dr	false	high
https://mercadopago.com.br	sets.json.0.dr	false	high
https://zoom.us	sets.json.0.dr	false	high
https://commentcamarche.net	sets.json.0.dr	false	high
https://etfacademy.it	sets.json.0.dr	false	high
https://mighty-app.appspot.com	sets.json.0.dr	false	high
https://hj.rs	sets.json.0.dr	false	high
https://hearty.me	sets.json.0.dr	false	high
https://mercadolibre.com.gt	sets.json.0.dr	false	high
https://timesinternet.in	sets.json.0.dr	false	high
https://indiatodayne.in	sets.json.0.dr	false	high
https://idbs-staging.com	sets.json.0.dr	false	high
https://blackrock.com	sets.json.0.dr	false	high
https://idbs-eworkbook.com	sets.json.0.dr	false	high
https://motherandbaby.com	sets.json.0.dr	false	high
https://mercadolibre.co.cr	sets.json.0.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.205.31	acemlnb.activehosted.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
54.235.205.181	acemlnb.com	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591005
Start date and time:	2025-01-14 16:08:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://acemlnb.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@18/15@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.184.206, 74.125.133.84, 142.250.185.206, 142.250.185.238, 142.250.184.238, 199.232.210.172, 2.17.190.73, 172.217.16.206, 142.250.186.78, 216.58.206.46, 216.58.212.163, 142.250.186.46, 34.104.35.123, 2.23.242.162, 20.12.23.50, 20.109.210.53, 13.107.246.45
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://acemlnb.com

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://acemlnb.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://acemlnb.com
URL: https://acemlnb.activehosted.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://acemlnb.activehosted.com/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 14:09:17 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9771366112296898
Encrypted:	false
SSDEEP:	48:8R0dbTDziKHj9WidAKZdA1oehwiZUklqeh3y+3:8Rcjia9FYy
MD5:	3B8912B1CD484A32DFF8F9C1516EF4B4
SHA1:	2EFB97DF66C17E1233FD38972E5B0F7E39CE7E9E
SHA-256:	3EED32D46A3F8C066ADFC1B1DDC47A451AD81FC84F647DDB400A501EFA486F04
SHA-512:	063BF50D34CE387B84A0C51B46E189D402EBED8881D369E5C7EF22D8F721EC9BBC171DCDEA529B08BC883446398891BB218E4D6EA24812E47F23C966A6615EAE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....V..G.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Z'y....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z'y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z'y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z'y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z)y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<b.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 14:09:17 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.987964558727066
Encrypted:	false
SSDEEP:	48:830dbTDziKHj9WidAKZdA1leh/iZUkAQkqehIy+2:83cjia9f9Qdy
MD5:	A07CE71847CC4BF4E8E10C941F9DCCDE
SHA1:	FC7498104D177B7F170A4AB760EB59AFFFC93727
SHA-256:	5B1077E278802A99A3986D75FDA7632B36BD3E2082E983FC80BD963E60CD9DA1
SHA-512:	77715D72CB818B5E049F4068B0C52694C608EAE7C930414E8F09F4BA60EA63B173695AA7CB33AD12766C583996DD4C48BB3BD1630608F82E1B80FD2C3F75ABD5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....y.G.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Z'y....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z'y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z'y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z'y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z)y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<b.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005086275820724
Encrypted:	false
SSDEEP:	48:8q0dbTDzbHj9WidAKZdA14t5eh7sFiZUkmgqeh7smy+BX:8qcjv9Pn8y
MD5:	AB163FA91F42FD513CC3DA05F7B6D50B
SHA1:	A78B4EFF43BAA6EE6821C29F35D22A77B6F8DA41
SHA-256:	55B984B0E8F2BC85C87010AA593C5340A3D45B562C7486E2F7B21C1A1C2F40FA
SHA-512:	9230E8965D9D7BB7282D83A2C79D4D7E79478DB69F704B86BC6EC5FCBB0F82EAF31DB84248B3736533D0DFE2245549351DF366F23334BE4476C67CE4FE2119DD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Z'y....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z'y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z'y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z'y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<b.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 14:09:17 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9923976474089344
Encrypted:	false
SSDEEP:	48:8w0dbTDziKHj9WidAKZdA16ehDiZUkwqehUy+R:8wcjia9sey
MD5:	80933D5005E6F76D02AD0605942CC7EB
SHA1:	6E5A465A77171677691AB42CEAC0C188503A9949
SHA-256:	FF945B4908226E6AA39021FE67A12B28B2D71C52C0E23C63618FF41E40C421C2
SHA-512:	53601E745164A23775D578EEF450D44ACBA8D42BD9F4A56F96498F509F651FEF1A85568D0B55B768D033F303207536D6990A06882347A4A6D14B8B7224A4701B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Q.G.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Z'y....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z'y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z'y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z'y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z)y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<b.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 14:09:17 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.98012896407731
Encrypted:	false
SSDEEP:	48:8l0dbTDziKHj9WidAKZdA1UehBiZUk1W1qehKy+C:8lcjia9c9qy
MD5:	2CCA53C0509AF9E46753A075CBBD9E58
SHA1:	F8AF3E6B8637696430D391F22D41866E7FB23D15
SHA-256:	64F8193E2D9978A978B81E3613AB376D9B677D734417C09DBF843AACE752E25A
SHA-512:	4B483277F48E7B048D21281B0E3965B6F420B4029C0C1FD40FDE14F4923024B6AA699F3E2C727805A5FF5990C8B4D65E3695145E4CC45D2B853629CCDD81F4E7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......G.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Z'y....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z'y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z'y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z'y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z)y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<b.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 14:09:17 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9930973293538488
Encrypted:	false
SSDEEP:	48:840dbTDziKHj9WidAKZdA1duTrehOuTbbiZUk5OjqehOuTb8y+yT+:84cjia9ZTYTbxWOvTb8y7T
MD5:	41EC15204FC5B2364E890F06639E7AAD
SHA1:	22CD2239E3BF51832BDBB511AE3F96584AC47604
SHA-256:	D8E84037F9DEB3E9EA5DF74704E2B2764D929C196F5447028EE83F2ED28680C4
SHA-512:	FC11EDC071A72559490FA9114A3F9CB0894FA554179706F282C69620CCC181E8ECDFE8EA6556239A518E851948CA8A2DB48156EC71C491B3C070EB04097B2EEC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......G.f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Z'y....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z'y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z'y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z'y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z)y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........<b.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.018989605004616
Encrypted:	false
SSDEEP:	48:p/hUI1OwEU3AdIq7ak68O40E2szOxxUJ8BPFkf31U4PrHfqY3J5D:RnOwtQIq7aZ40E2sYUJAYRr/qYZ5D
MD5:	C4709C1D483C9233A3A66A7E157624EA
SHA1:	99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
SHA-256:	225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
SHA-512:	B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.820000180714897
Encrypted:	false
SSDEEP:	3:SVzHL3phUmWRDNKydvgHVz:SBHLLUmWRbCp
MD5:	BBEC7670A2519FEB0627F17D0C0B5276
SHA1:	9C30B996F1B069F86EF7C0136DFAF7E614674DEA
SHA-256:	670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
SHA-512:	1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
Malicious:	false
Reputation:	low
Preview:	1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1kULJVPY:F6VlM8aRWpqS1kSJVg
MD5:	084E339C0C9FE898102815EAC9A7CDEA
SHA1:	6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
SHA-256:	52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
SHA-512:	0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	4.629347296880043
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJl:v5C4ql7BkIVmtRTGXvcxBsl
MD5:	8C702C686B703020BC0290BAFC90D7A0
SHA1:	EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
SHA-256:	97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
SHA-512:	6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	14
Entropy (8bit):	3.2359263506290334
Encrypted:	false
SSDEEP:	3:YKeZn:YKeZn
MD5:	C4D739504325785B8428171F78F81680
SHA1:	34B2E9604CAB9370FC358176677358F26689FDDE
SHA-256:	5316717F872A3B46022C0C6B37009E1A18DF8809A0CD70A58D8C47FD97F9919C
SHA-512:	4B29321BAC40149FC5E068EA9BE432A95EB0E37648F0ECD98DB2920BDA9924892C861B54DBF8DE83B453D9E2E2FE1E524CA5654ADE6DE2DE3D9AC6A9E2A1C889
Malicious:	false
Reputation:	low
URL:	https://acemlnb.activehosted.com/
Preview:	404 not found.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	14
Entropy (8bit):	3.2359263506290334
Encrypted:	false
SSDEEP:	3:YKeZn:YKeZn
MD5:	C4D739504325785B8428171F78F81680
SHA1:	34B2E9604CAB9370FC358176677358F26689FDDE
SHA-256:	5316717F872A3B46022C0C6B37009E1A18DF8809A0CD70A58D8C47FD97F9919C
SHA-512:	4B29321BAC40149FC5E068EA9BE432A95EB0E37648F0ECD98DB2920BDA9924892C861B54DBF8DE83B453D9E2E2FE1E524CA5654ADE6DE2DE3D9AC6A9E2A1C889
Malicious:	false
Reputation:	low
URL:	https://acemlnb.activehosted.com/favicon.ico
Preview:	404 not found.

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 76
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 16:09:08.635699034 CET	49673	443	192.168.2.8	23.206.229.226
Jan 14, 2025 16:09:09.026200056 CET	49672	443	192.168.2.8	23.206.229.226
Jan 14, 2025 16:09:11.088795900 CET	49676	443	192.168.2.8	52.182.143.211
Jan 14, 2025 16:09:13.713757992 CET	49677	80	192.168.2.8	192.229.211.108
Jan 14, 2025 16:09:18.236555099 CET	49673	443	192.168.2.8	23.206.229.226
Jan 14, 2025 16:09:18.627190113 CET	49672	443	192.168.2.8	23.206.229.226
Jan 14, 2025 16:09:19.730074883 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:19.730113029 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:19.730233908 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:19.730556011 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:19.730566978 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:20.353540897 CET	443	49703	23.206.229.226	192.168.2.8
Jan 14, 2025 16:09:20.353615999 CET	49703	443	192.168.2.8	23.206.229.226
Jan 14, 2025 16:09:20.384263992 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:20.384644985 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:20.384654045 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:20.385763884 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:20.385931015 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:20.387104034 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:20.387171030 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:20.440237045 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:20.440252066 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:20.487049103 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:21.265301943 CET	49713	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.265571117 CET	49714	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.266688108 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.266711950 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.266768932 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.266973019 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.266983032 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.270111084 CET	80	49713	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.270179033 CET	49713	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.270448923 CET	80	49714	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.270523071 CET	49714	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.933918953 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.934190989 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.934225082 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.935348988 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.935416937 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.935427904 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.935477972 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.940579891 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.940700054 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.940937042 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:21.940946102 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:21.988153934 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:22.045979977 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:22.046068907 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:22.046206951 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:22.046422005 CET	49715	443	192.168.2.8	54.235.205.181
Jan 14, 2025 16:09:22.046447039 CET	443	49715	54.235.205.181	192.168.2.8
Jan 14, 2025 16:09:22.059607029 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.059647083 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.059811115 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.060050011 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.060064077 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.586168051 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.586427927 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.586448908 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.587956905 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.588046074 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.594362974 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.594577074 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.594785929 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.594795942 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.645371914 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.765166998 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.765279055 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.766535044 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.766535044 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.833185911 CET	49718	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.833245993 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:22.833511114 CET	49718	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.833720922 CET	49718	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:22.833755016 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.075958967 CET	49717	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:23.075989962 CET	443	49717	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.306371927 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.306715012 CET	49718	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:23.306730032 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.307179928 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.307548046 CET	49718	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:23.307625055 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.307687998 CET	49718	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:23.351340055 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.498698950 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.498811960 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:23.498877048 CET	49718	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:23.500458956 CET	49718	443	192.168.2.8	104.17.205.31
Jan 14, 2025 16:09:23.500479937 CET	443	49718	104.17.205.31	192.168.2.8
Jan 14, 2025 16:09:30.283236980 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:30.283328056 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:09:30.283442020 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:32.113369942 CET	49711	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:09:32.113389969 CET	443	49711	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:06.283260107 CET	49714	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:10:06.283263922 CET	49713	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:10:06.288157940 CET	80	49714	54.235.205.181	192.168.2.8
Jan 14, 2025 16:10:06.288173914 CET	80	49713	54.235.205.181	192.168.2.8
Jan 14, 2025 16:10:17.525645018 CET	52287	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:10:17.530507088 CET	53	52287	1.1.1.1	192.168.2.8
Jan 14, 2025 16:10:17.530606031 CET	52287	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:10:17.535454035 CET	53	52287	1.1.1.1	192.168.2.8
Jan 14, 2025 16:10:18.041898012 CET	52287	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:10:18.047169924 CET	53	52287	1.1.1.1	192.168.2.8
Jan 14, 2025 16:10:18.047275066 CET	52287	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:10:19.785285950 CET	52289	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:10:19.785310984 CET	443	52289	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:19.785409927 CET	52289	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:10:19.785613060 CET	52289	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:10:19.785620928 CET	443	52289	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:20.414750099 CET	443	52289	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:20.415117025 CET	52289	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:10:20.415132999 CET	443	52289	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:20.415483952 CET	443	52289	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:20.415802002 CET	52289	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:10:20.415859938 CET	443	52289	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:20.455715895 CET	52289	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:10:22.114443064 CET	49713	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:10:22.114490986 CET	49714	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:10:22.119415045 CET	80	49713	54.235.205.181	192.168.2.8
Jan 14, 2025 16:10:22.119468927 CET	49713	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:10:22.119659901 CET	80	49714	54.235.205.181	192.168.2.8
Jan 14, 2025 16:10:22.119704008 CET	49714	80	192.168.2.8	54.235.205.181
Jan 14, 2025 16:10:30.320662975 CET	443	52289	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:30.320740938 CET	443	52289	142.250.185.100	192.168.2.8
Jan 14, 2025 16:10:30.320813894 CET	52289	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:10:32.113966942 CET	52289	443	192.168.2.8	142.250.185.100
Jan 14, 2025 16:10:32.113986969 CET	443	52289	142.250.185.100	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 16:09:15.818779945 CET	53	54929	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:15.918049097 CET	53	62307	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:16.887187004 CET	53	50839	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:19.722237110 CET	50613	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:09:19.722362041 CET	63291	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:09:19.728990078 CET	53	50613	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:19.729017973 CET	53	63291	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:21.242849112 CET	60441	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:09:21.243338108 CET	49883	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:09:21.248440027 CET	51560	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:09:21.248591900 CET	62702	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:09:21.257611036 CET	53	49883	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:21.257869959 CET	53	60441	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:21.263493061 CET	53	51560	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:21.266227007 CET	53	62702	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:22.048923016 CET	49658	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:09:22.050394058 CET	64508	53	192.168.2.8	1.1.1.1
Jan 14, 2025 16:09:22.057257891 CET	53	49658	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:22.058780909 CET	53	64508	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:33.792334080 CET	53	52712	1.1.1.1	192.168.2.8
Jan 14, 2025 16:09:51.899791956 CET	138	138	192.168.2.8	192.168.2.255
Jan 14, 2025 16:09:52.589220047 CET	53	54212	1.1.1.1	192.168.2.8
Jan 14, 2025 16:10:14.921325922 CET	53	50385	1.1.1.1	192.168.2.8
Jan 14, 2025 16:10:15.485961914 CET	53	52496	1.1.1.1	192.168.2.8
Jan 14, 2025 16:10:17.525230885 CET	53	50815	1.1.1.1	192.168.2.8
Jan 14, 2025 16:10:45.806890965 CET	53	65273	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 14, 2025 16:09:19.722237110 CET	192.168.2.8	1.1.1.1	0xec58	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:19.722362041 CET	192.168.2.8	1.1.1.1	0xe09a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 14, 2025 16:09:21.242849112 CET	192.168.2.8	1.1.1.1	0xefe5	Standard query (0)	acemlnb.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.243338108 CET	192.168.2.8	1.1.1.1	0xaa47	Standard query (0)	acemlnb.com	65	IN (0x0001)	false
Jan 14, 2025 16:09:21.248440027 CET	192.168.2.8	1.1.1.1	0xa1d5	Standard query (0)	acemlnb.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.248591900 CET	192.168.2.8	1.1.1.1	0x13d0	Standard query (0)	acemlnb.com	65	IN (0x0001)	false
Jan 14, 2025 16:09:22.048923016 CET	192.168.2.8	1.1.1.1	0xc8bd	Standard query (0)	acemlnb.activehosted.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:22.050394058 CET	192.168.2.8	1.1.1.1	0x31a5	Standard query (0)	acemlnb.activehosted.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 14, 2025 16:09:19.728990078 CET	1.1.1.1	192.168.2.8	0xec58	No error (0)	www.google.com	142.250.185.100	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:19.729017973 CET	1.1.1.1	192.168.2.8	0xe09a	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 14, 2025 16:09:21.257869959 CET	1.1.1.1	192.168.2.8	0xefe5	No error (0)	acemlnb.com	54.235.205.181	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.257869959 CET	1.1.1.1	192.168.2.8	0xefe5	No error (0)	acemlnb.com	54.225.69.136	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.257869959 CET	1.1.1.1	192.168.2.8	0xefe5	No error (0)	acemlnb.com	34.237.253.202	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.257869959 CET	1.1.1.1	192.168.2.8	0xefe5	No error (0)	acemlnb.com	54.82.80.250	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.263493061 CET	1.1.1.1	192.168.2.8	0xa1d5	No error (0)	acemlnb.com	54.235.205.181	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.263493061 CET	1.1.1.1	192.168.2.8	0xa1d5	No error (0)	acemlnb.com	54.82.80.250	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.263493061 CET	1.1.1.1	192.168.2.8	0xa1d5	No error (0)	acemlnb.com	54.225.69.136	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:21.263493061 CET	1.1.1.1	192.168.2.8	0xa1d5	No error (0)	acemlnb.com	34.237.253.202	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:22.057257891 CET	1.1.1.1	192.168.2.8	0xc8bd	No error (0)	acemlnb.activehosted.com	104.17.205.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:22.057257891 CET	1.1.1.1	192.168.2.8	0xc8bd	No error (0)	acemlnb.activehosted.com	104.17.206.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:22.057257891 CET	1.1.1.1	192.168.2.8	0xc8bd	No error (0)	acemlnb.activehosted.com	104.17.203.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:22.057257891 CET	1.1.1.1	192.168.2.8	0xc8bd	No error (0)	acemlnb.activehosted.com	104.17.204.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:22.057257891 CET	1.1.1.1	192.168.2.8	0xc8bd	No error (0)	acemlnb.activehosted.com	104.17.202.31	A (IP address)	IN (0x0001)	false
Jan 14, 2025 16:09:22.058780909 CET	1.1.1.1	192.168.2.8	0x31a5	No error (0)	acemlnb.activehosted.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

acemlnb.com

acemlnb.activehosted.com

https:

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49714	54.235.205.181	80	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 16:10:06.283260107 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49713	54.235.205.181	80	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 14, 2025 16:10:06.283263922 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49715	54.235.205.181	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 15:09:21 UTC	654	OUT	GET / HTTP/1.1 Host: acemlnb.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 15:09:22 UTC	250	IN	HTTP/1.1 307 Temporary Redirect cache-control: public, max-age=2628000 location: https://acemlnb.activehosted.com/ date: Tue, 14 Jan 2025 15:09:21 GMT content-length: 0 x-envoy-upstream-service-time: 2 server: istio-envoy connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49717	104.17.205.31	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 15:09:22 UTC	667	OUT	GET / HTTP/1.1 Host: acemlnb.activehosted.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 15:09:22 UTC	600	IN	HTTP/1.1 404 Not Found Date: Tue, 14 Jan 2025 15:09:22 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 14 Connection: close x-content-type-options: nosniff CF-Cache-Status: DYNAMIC Set-Cookie: __cf_bm=HFfhM9mnsMlnT26rL2Bqf.Vqrd08XSw11kMQgtTlEYA-1736867362-1.0.1.1-IfdrA_ABBxbZH7baGZpnAKvE2n_MSB_1JF_QGOzS4pgt8Rz.2IJGSvO4EQ0WM_zmxIJ27v.Hk0Mq5d3rHyh29g; path=/; expires=Tue, 14-Jan-25 15:39:22 GMT; domain=.activehosted.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: cloudflare CF-RAY: 901e8bf8ab2643fb-EWR
2025-01-14 15:09:22 UTC	14	IN	Data Raw: 34 30 34 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49718	104.17.205.31	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 15:09:23 UTC	771	OUT	GET /favicon.ico HTTP/1.1 Host: acemlnb.activehosted.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://acemlnb.activehosted.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=HFfhM9mnsMlnT26rL2Bqf.Vqrd08XSw11kMQgtTlEYA-1736867362-1.0.1.1-IfdrA_ABBxbZH7baGZpnAKvE2n_MSB_1JF_QGOzS4pgt8Rz.2IJGSvO4EQ0WM_zmxIJ27v.Hk0Mq5d3rHyh29g
2025-01-14 15:09:23 UTC	399	IN	HTTP/1.1 404 Not Found Date: Tue, 14 Jan 2025 15:09:23 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 14 Connection: close x-content-type-options: nosniff CF-Cache-Status: HIT Expires: Tue, 14 Jan 2025 19:09:23 GMT Cache-Control: public, max-age=14400 Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: cloudflare CF-RAY: 901e8bfd3e319e02-EWR
2025-01-14 15:09:23 UTC	14	IN	Data Raw: 34 30 34 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 not found

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3436, Parent PID: 4416

Function Logs

General

Target ID:	0
Start time:	10:09:09
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7092, Parent PID: 3436

Function Logs

General

Target ID:	2
Start time:	10:09:14
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1908,i,14559979001727124633,18345788462797540144,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2944, Parent PID: 4416

Function Logs

General

Target ID:	3
Start time:	10:09:20
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://acemlnb.com"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://acemlnb.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3436_1072874037\sets.json

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3436, Parent PID: 4416

Windows Analysis Report
http://acemlnb.com