Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

2450856955_.svg

HTML document, ASCII text, with very long lines (3271)

initial sample

C:\Windows\SystemTemp\chrome_BITS_7908_220010099\puffpatch_out

Google Chrome extension, version 3

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\_metadata\verified_contents.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\manifest.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\privacy-sandbox-attestations.dat

data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\_metadata\verified_contents.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\manifest.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\ssl_error_assistant.pb

data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\_metadata\verified_contents.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\download_file_types.pb

data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\manifest.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\Filtering Rules

data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\LICENSE.txt

ASCII text, with CRLF line terminators

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\_metadata\verified_contents.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\manifest.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\_metadata\verified_contents.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\history_search_strings_farmhashed.binarypb

data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\manifest.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\LICENSE

ASCII text

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\_metadata\verified_contents.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\keys.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\manifest.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\LICENSE

ASCII text

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\_metadata\verified_contents.json

JSON data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\crl-set

data

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\manifest.fingerprint

ASCII text, with no line terminators

dropped

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\manifest.json

JSON data

dropped

Chrome Cache Entry: 106

ASCII text, with very long lines (48316), with no line terminators

downloaded

Chrome Cache Entry: 107

HTML document, ASCII text, with CRLF line terminators

downloaded

Chrome Cache Entry: 108

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

downloaded

Chrome Cache Entry: 109

ASCII text, with very long lines (65447)

downloaded

Chrome Cache Entry: 110

ASCII text, with very long lines (48238)

downloaded

Chrome Cache Entry: 111

PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

dropped

Chrome Cache Entry: 112

HTML document, ASCII text, with very long lines (65368)

downloaded

There are 30 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	7908
Target ID:	0
Parent PID:	4200
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	13:50:07
Date:	17/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,12485301464721545060,17313609642391752455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3

Details

Is windows:	true
Is dropped:	false
PID:	8084
Target ID:	1
Parent PID:	7908
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,12485301464721545060,17313609642391752455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	13:50:08
Date:	17/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\2450856955_.svg"

Details

Is windows:	true
Is dropped:	false
PID:	1044
Target ID:	3
Parent PID:	4200
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\2450856955_.svg"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	13:50:14
Date:	17/03/2025
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://mediavine.com

unknown

https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/

188.114.97.3

https://connatix.com

unknown

https://yelp.com

unknown

https://nodals.io

unknown

https://getyourguide.com

unknown

https://mediaintelligence.de

unknown

https://privacy-sandcastle-dev-dsp.web.app

unknown

https://privacy-sandbox-demos-dsp-a.dev

unknown

https://permutive.app

unknown

https://privacy-sandbox-demos-dsp.dev

unknown

https://adthrive.com

unknown

https://ad.gt

unknown

https://easylist.to/)

unknown

https://gumgum.com

unknown

https://trkkn.com

unknown

https://logly.co.jp

unknown

https://media6degrees.com

unknown

https://privacy-sandcastle-dev-ssp.web.app

unknown

https://inmobi.com

unknown

https://33across.com

unknown

https://dreammail.jp

unknown

https://jkforum.net

unknown

https://iobeya.com

unknown

https://a-mo.net

unknown

https://ebis.ne.jp

unknown

https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js

104.18.94.41

https://privacy-sandbox-demos-ssp-y.dev

unknown

https://aphub.ai

unknown

https://gama.globo

unknown

https://audienceproject.com

unknown

https://adsrvr.org

unknown

https://finn.no

unknown

https://lucead.com

unknown

https://verve.com

unknown

https://r2b2.io

unknown

https://bluems.com

unknown

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

https://edkt.io

unknown

https://atomex.net

unknown

https://crcldu.com

unknown

https://rubiconproject.com

unknown

https://sitescout.com

unknown

https://apex-football.com

unknown

https://dotomi.com

unknown

https://ctnsnet.com

unknown

https://toponad.com

unknown

https://shinobi.jp

unknown

https://superfine.org

unknown

https://360yield.com

unknown

https://usemax.de

unknown

https://display.io

unknown

https://adform.net

unknown

https://eloan.co.jp

unknown

https://postrelease.com

unknown

https://aqfer.com

unknown

https://docomo.ne.jp

unknown

https://shared-storage-demo-publisher-a.web.app

unknown

https://weborama-tech.ru

unknown

https://innovid.com

unknown

https://demand.supply

unknown

https://nexxen.tech

unknown

https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/#3matias%40ontinet.com

https://2k.com

unknown

https://advividnetwork.com

unknown

https://undertone.com

unknown

https://creative-serving.com

unknown

https://unrulymedia.com

unknown

https://tailtarget.com

unknown

https://paa-reporting-advertising.amazon

unknown

https://privacy-sandbox-demos-ssp-b.dev

unknown

https://bypass.jp

unknown

https://dotdashmeredith.com

unknown

https://atirun.com

unknown

https://adingo.jp

unknown

https://impact-ad.jp

unknown

https://admatrix.jp

unknown

https://openx.net

unknown

https://taboola.com

unknown

https://ayads.io

unknown

https://i-mobile.co.jp

unknown

https://uinterbox.com

unknown

https://mail.ru

unknown

https://simeola.com

unknown

https://gmossp-sp.jp

unknown

https://primecaster.net

unknown

https://privacy-sandcastle-dev-ssp-a.web.app

unknown

https://worldhistory.org

unknown

https://adnxs.com

unknown

https://dabbs.net

unknown

https://seedtag.com

unknown

https://casalemedia.com

unknown

https://privacy-sandcastle-dev-dsp-x.web.app

unknown

https://authorizedvault.com

unknown

https://privacy-sandcastle-dev-ssp-y.web.app

unknown

https://sportradarserving.com

unknown

https://semafor.com

unknown

https://lwadm.com

unknown

https://appconsent.io

unknown

https://vg.no

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru

188.114.97.3

Details

Name:	my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru
IP:	188.114.97.3
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

a.nel.cloudflare.com

35.190.80.1

Details

Name:	a.nel.cloudflare.com
IP:	35.190.80.1
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

code.jquery.com

151.101.130.137

Details

Name:	code.jquery.com
IP:	151.101.130.137
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

developers.cloudflare.com

104.16.4.189

Details

Name:	developers.cloudflare.com
IP:	104.16.4.189
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

cdnjs.cloudflare.com

104.17.25.14

Details

Name:	cdnjs.cloudflare.com
IP:	104.17.25.14
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

challenges.cloudflare.com

104.18.94.41

Details

Name:	challenges.cloudflare.com
IP:	104.18.94.41
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

www.google.com

142.250.184.196

Details

Name:	www.google.com
IP:	142.250.184.196
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

jgsbfomp3t.moydovv.com

104.21.80.1

Details

Name:	jgsbfomp3t.moydovv.com
IP:	104.21.80.1
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

142.250.184.196

www.google.com

United States

104.18.94.41

challenges.cloudflare.com

United States

192.168.2.16

unknown

192.168.2.7

unknown

192.168.2.4

unknown

104.21.80.1

jgsbfomp3t.moydovv.com

United States

151.101.130.137

code.jquery.com

United States

192.168.2.5

unknown

188.114.97.3

my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru

European Union

104.21.96.1

unknown

United States

35.190.80.1

a.nel.cloudflare.com

United States

104.16.4.189

developers.cloudflare.com

United States

104.17.25.14

cdnjs.cloudflare.com

United States

There are 3 hidden IPs, click here to show them.

DOM / HTML

URL

Malicious

https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/#3matias%40ontinet.com

Details

Filename:	2.0.pages.html.dom
Url:	https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/#3matias%40ontinet.com
Target ID:	1
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,12485301464721545060,17313609642391752455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3

Signature Hits	Behavior Group	Mitre Attack
Yara detected Invisible JS	Phishing
Yara detected Obfuscation Via HangulCharacter	Phishing
Yara detected Tycoon 2FA PaaS	Phishing

https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/#3matias%40ontinet.com

Details

Filename:	2.1.pages.html.dom
Url:	https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/#3matias%40ontinet.com
Target ID:	1
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,12485301464721545060,17313609642391752455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3

Signature Hits	Behavior Group	Mitre Attack
Yara detected Invisible JS	Phishing
Yara detected Obfuscation Via HangulCharacter	Phishing
Yara detected Tycoon 2FA PaaS	Phishing

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
2450856955_.svg

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report2450856955_.svg

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
2450856955_.svg