Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://camservices.lt.acemlnc.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZkcmFjb29uLnRlYW0lMkZwdWJsaWMlMkZkb3dubG9hZC1zaGFyZXMlMkZiblFMVjUyeEFQWHRHMTRHc1Frdk83RWlXbUpldTJXcw==&sig=7BXGdPpscYTJDrVmNKVcsJMUFqVTiobP6GgMqPFZKzMj&iat=1664797054&a=%7C%7C27821780%7C%7C&account=camservices%2Eactiv

Overview

General Information

Sample URL:https://camservices.lt.acemlnc.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZkcmFjb29uLnRlYW0lMkZwdWJsaWMlMkZkb3dubG9hZC1zaGFyZXMlMkZiblFMVjUyeEFQWHRHMTRHc1Frdk83RWlXbUpldTJXcw==&sig=7BXGdPpscY
Analysis ID:715089
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

HTTP GET or POST without a user agent

Classification

  • System is w10x64
  • chrome.exe (PID: 6128 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 5200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1808,i,10812047769471386771,6805671885659538109,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 2792 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://camservices.lt.acemlnc.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZkcmFjb29uLnRlYW0lMkZwdWJsaWMlMkZkb3dubG9hZC1zaGFyZXMlMkZiblFMVjUyeEFQWHRHMTRHc1Frdk83RWlXbUpldTJXcw==&sig=7BXGdPpscYTJDrVmNKVcsJMUFqVTiobP6GgMqPFZKzMj&iat=1664797054&a=%7C%7C27821780%7C%7C&account=camservices%2Eactivehosted%2Ecom&email=V1inbcilbyhq5q3GQe2WGyBAWaAotQkn8fTjdS3g5M8%3D&s=d0f7bfb8e988e50796ae4b5ee42e911e&i=1A3A1A3 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownHTTPS traffic detected: 141.95.22.201:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.60.103.227:443 -> 192.168.2.3:49954 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.60.103.227:443 -> 192.168.2.3:49956 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.19.155.83:443 -> 192.168.2.3:49958 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.19.155.83:443 -> 192.168.2.3:49959 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.19.155.83:443 -> 192.168.2.3:49968 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.60.103.227:443 -> 192.168.2.3:49969 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.60.103.227:443 -> 192.168.2.3:49970 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.19.155.83:443 -> 192.168.2.3:49976 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.60.103.227:443 -> 192.168.2.3:49981 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.60.103.227:443 -> 192.168.2.3:49980 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.6.210:443 -> 192.168.2.3:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.19.155.83:443 -> 192.168.2.3:49997 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.19.155.83:443 -> 192.168.2.3:50000 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.60.103.227:443 -> 192.168.2.3:50003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.60.103.227:443 -> 192.168.2.3:50022 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.193.213.20:443 -> 192.168.2.3:50189 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.193.213.20:443 -> 192.168.2.3:50190 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.193.213.20:443 -> 192.168.2.3:50198 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.193.213.20:443 -> 192.168.2.3:50207 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.193.213.20:443 -> 192.168.2.3:50208 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.193.213.20:443 -> 192.168.2.3:50209 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.193.213.20:443 -> 192.168.2.3:50210 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.193.213.20:443 -> 192.168.2.3:50212 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET",qe,c0)}head(qe,c0={}){return this.request("HEAD",qe,c0)}jsonp(qe,c0){return this.request("JSONP",qe,{params:(new I).append(c0,"JSONP_CALLBACK"),observe:"body",responseType:"json"})}options(qe,c0={}){return this.request("OPTIONS",qe,c0)}patch(qe,c0,Et={}){return this.request("PATCH",qe,oe(Et,c0))}post(qe,c0,Et={}){return this.request("POST",qe,oe(Et,c0))}put(qe,c0,Et={}){return this.request("PUT",qe,oe(Et,c0))}}return st.\u0275fac=function(qe){return new(qe||st)(s.LFG(y))},st.\u0275prov=s.Yz7({token:st,factory:st.\u0275fac}),st})();class re{constructor(et,qe){this.next=et,this.interceptor=qe}handle(et){return this.interceptor.intercept(et,this.next)}}const le=new s.OlP("HTTP_INTERCEPTORS");let ve=(()=>{class st{intercept(qe,c0){return c0.handle(qe)}}return st.\u0275fac=function(qe){return new(qe||st)},st.\u0275prov=s.Yz7({token:st,factory:st.\u0275fac}),st})();const rt=/^\)\]\}',?\n/;let Pe=(()=>{class st{constructor(qe){this.xhrFactory=qe}handle(qe){if("JSONP"===qe.method)throw new Error("Attempted to construct Jsonp request without HttpClientJsonpModule installed.");return new p.y(c0=>{const Et=this.xhrFactory.build();if(Et.open(qe.method,qe.urlWithParams),qe.withCredentials&&(Et.withCredentials=!0),qe.headers.forEach((r0,y0)=>Et.setRequestHeader(r0,y0.join(","))),qe.headers.has("Accept")||Et.setRequestHeader("Accept","application/json, text/plain, */*"),!qe.headers.has("Content-Type")){const r0=qe.detectContentTypeHeader();null!==r0&&Et.setRequestHeader("Content-Type",r0)}if(qe.responseType){const r0=qe.responseType.toLowerCase();Et.responseType="json"!==r0?r0:"text"}const rn=qe.serializeBody();let an=null;const Sn=()=>{if(null!==an)return an;const r0=Et.statusText||"OK",y0=new M(Et.getAllResponseHeaders()),k0=function ze(st){return"responseURL"in st&&st.responseURL?st.responseURL:/^X-Request-URL:/m.test(st.getAllResponseHeaders())?st.getResponseHeader("X-Request-URL"):null}(Et)||qe.url;return an=new ne({headers:y0,status:Et.status,statusText:r0,url:k0}),an},P0=()=>{let{headers:r0,status:y0,statusText:k0,url:Vt}=Sn(),B0=null;204!==y0&&(B0=typeof Et.response>"u"?Et.responseText:Et.response),0===y0&&(y0=B0?200:0);let L0=y0>=200&&y0<300;if("json"===qe.responseType&&"string"==typeof B0){const wn=B0;B0=B0.replace(rt,"");try{B0=""!==B0?JSON.parse(B0):null}catch(S0){B0=wn,L0&&(L0=!1,B0={error:S0,text:B0})}}L0?(c0.next(new se({body:B0,headers:r0,status:y0,statusText:k0,url:Vt||void 0})),c0.complete()):c0.error(new fe({error:B0,headers:r0,status:y0,statusText:k0,url:Vt||void 0}))},tn=r0=>{const{url:y0}=Sn(),k0=new fe({error:r0,status:Et.status||0,statusText:Et.statusText||"Unknown Error",url:y0||void 0});c0.error(k0)};let Zt=!1;const g0=r0=>{Zt||(c0.next(Sn()),Zt=!0);let y0={type:X.DownloadProgress,loaded:r0.loaded};r0.lengthComputable&&(y0.total=r0.total),"text"===qe.responseType&&!!Et.responseText&&(y0.partialText=Et.responseText),c0.next(y0)},N0=r0=>{let y0={type:X.UploadProgress,loaded:r0.loaded};r0.lengthComputable&&(y0.total=r0.total),c0.next
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971