Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	3472
Target ID:	1
Parent PID:	4196
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	16:58:17
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,977650232591120726,18254827365428393022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2388 /prefetch:3

Details

Is windows:	true
Is dropped:	false
PID:	6168
Target ID:	2
Parent PID:	3472
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,977650232591120726,18254827365428393022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2388 /prefetch:3
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	16:58:21
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://protect.checkpoint.com/v2/r02/___https://lsems.gravityzone.bitdefender.com/xhfsdfMW5hMR*~*QDcqg1KugH/rhrqqgrWni2pyg1KugH/og75AgMRA37Cu37x!i2GzU2ZBRIJzQYOHZZqqYsmZW5OR00KOX83/48p8j0J8ZqF5gYq/X5p/4JhyRpOG1IqMhIh5WIqxR6iX1YmuV1mTfLuz38uCWp/KRqiVYoq5hZbCTIh/4MqE1rinfpmCiY0KZ8i*~*QYOHf1mO48i1RIOfhqGCjLqKW1mPX0SpSYKxR7Z6YsKOg7qvg7m2RIiAZKJyRpO8Wpt6T2uS4rSTX560TJS93ZOHYqOw0K0vZL6x4styRpOuTIJ80ES1RJWuR0u*~*Z60vZ5KvhL4H05cwip06TYSDV8p/Z1K7hD5DWo0n0rm5ZKiLjLCyg8GNVX5DVs4QWLB6gImt35yRX1yIipSGZruqRIJyRpOQWruzf1uB0oqmZqSXX0FyRpO*~*VpC8gKKvf84NWYR7i2uEi8GogsRyRpOA35u6SYipfsSZi6WpSKuJ47N842V/3sSp08uyf1qqi60Mf1/fZrKISp/BZqWHYZytiIm3Xp95fpqOX6qqYYiqh24CSYKqfLSRVpu/Y7CUY758S2O4W1mm3rN6hL/4T1NEYol9iKWJWpS*~*hKSKi7Op0EOZY5yrWoNyRpNyRp4V02G34Y4B1Zq8QYOHXsGt1Yp6i2W9VYi5S70901cUgLByRpOUjsmEZ64nSZuO0002WJCKT2ZCQYOLYZKq06qH40WxiYm8R2q34puoXsStRI0SQYOHfr0z07Cpj2KBj0iWSIG6ZMiGZEOY46091qmZWLcS4ZcmZomGWrStY8iz4sqyRqSrZpm5iMOX45B5T0WHV7umRZNBg2uIX8ORhpmP1Y0407uVSp/XXI4OW2SCW8G21p/Ki1myh0054ESIfp6NgrOyWJyDi5ByRpO8WsGfgsKWgpKJSEW0j00LgZBCRESPXIF8goOxjqGKg16WfoO*~*jYmXZ5up454mXE4R2EWBf1mNj1iTZ5NBhoqX4qhB4IV5Y6G3irSG4oi*~*isGOWrmP104O0MmXWD5DVq4uiYi2i5b6hJqUX1uWgqS/3pW6ZZ*/2*XIKpf7SMYpx5ZoNyRp43gsSfSLuUi8utV5u4Z544gqSq4sWtWZOfhqGY4ZbyRpNCXY0tRKW*~*j1KKg805WJp7j1SwXpyTjZuSRrKm0oFyRp43Vn5DWn5DWrqK1Z35h1SyR8m8X60f4oSvX2SJZ8NyRpOJ0JyDW2i/h7BB0LC0SKq8gYF8X10335iWda99K97K667Kc*~*7K6aFIF/JJbJI/5b8*~*J59I5H78FbH8bc/*~*5Ka*~*/9KHIKJ/Hc77K?h=6&fru;n=6&fru;ithx=6___.YzJlOmdhbmdzdGVyOmM6bzozNzgzODlmOGVjOWFjMDU4ODA2YzZiNzAzODIwZWExYjo3OjE1MzU6MzgzZDA3MjA0MGU4NmVjOTQ5NjUyYWM1MTBkYzkzNzg4ODQ3Mjg0YTJlN2I1MzhlZWM4YWU1YzI1YWE5Y2UxNjpoOlQ6VA"

Details

Is windows:	true
Is dropped:	false
PID:	7092
Target ID:	6
Parent PID:	4196
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://protect.checkpoint.com/v2/r02/___https://lsems.gravityzone.bitdefender.com/xhfsdfMW5hMR~QDcqg1KugH/rhrqqgrWni2pyg1KugH/og75AgMRA37Cu37x!i2GzU2ZBRIJzQYOHZZqqYsmZW5OR00KOX83/48p8j0J8ZqF5gYq/X5p/4JhyRpOG1IqMhIh5WIqxR6iX1YmuV1mTfLuz38uCWp/KRqiVYoq5hZbCTIh/4MqE1rinfpmCiY0KZ8i~QYOHf1mO48i1RIOfhqGCjLqKW1mPX0SpSYKxR7Z6YsKOg7qvg7m2RIiAZKJyRpO8Wpt6T2uS4rSTX560TJS93ZOHYqOw0K0vZL6x4styRpOuTIJ80ES1RJWuR0u~Z60vZ5KvhL4H05cwip06TYSDV8p/Z1K7hD5DWo0n0rm5ZKiLjLCyg8GNVX5DVs4QWLB6gImt35yRX1yIipSGZruqRIJyRpOQWruzf1uB0oqmZqSXX0FyRpO~VpC8gKKvf84NWYR7i2uEi8GogsRyRpOA35u6SYipfsSZi6WpSKuJ47N842V/3sSp08uyf1qqi60Mf1/fZrKISp/BZqWHYZytiIm3Xp95fpqOX6qqYYiqh24CSYKqfLSRVpu/Y7CUY758S2O4W1mm3rN6hL/4T1NEYol9iKWJWpS~hKSKi7Op0EOZY5yrWoNyRpNyRp4V02G34Y4B1Zq8QYOHXsGt1Yp6i2W9VYi5S70901cUgLByRpOUjsmEZ64nSZuO0002WJCKT2ZCQYOLYZKq06qH40WxiYm8R2q34puoXsStRI0SQYOHfr0z07Cpj2KBj0iWSIG6ZMiGZEOY46091qmZWLcS4ZcmZomGWrStY8iz4sqyRqSrZpm5iMOX45B5T0WHV7umRZNBg2uIX8ORhpmP1Y0407uVSp/XXI4OW2SCW8G21p/Ki1myh0054ESIfp6NgrOyWJyDi5ByRpO8WsGfgsKWgpKJSEW0j00LgZBCRESPXIF8goOxjqGKg16WfoO~jYmXZ5up454mXE4R2EWBf1mNj1iTZ5NBhoqX4qhB4IV5Y6G3irSG4oi~isGOWrmP104O0MmXWD5DVq4uiYi2i5b6hJqUX1uWgqS/3pW6ZZ/2XIKpf7SMYpx5ZoNyRp43gsSfSLuUi8utV5u4Z544gqSq4sWtWZOfhqGY4ZbyRpNCXY0tRKW~j1KKg805WJp7j1SwXpyTjZuSRrKm0oFyRp43Vn5DWn5DWrqK1Z35h1SyR8m8X60f4oSvX2SJZ8NyRpOJ0JyDW2i/h7BB0LC0SKq8gYF8X10335iWda99K97K667Kc~7K6aFIF/JJbJI/5b8~J59I5H78FbH8bc/~5Ka~/9KHIKJ/Hc77K?h=6&fru;n=6&fru;ithx=6___.YzJlOmdhbmdzdGVyOmM6bzozNzgzODlmOGVjOWFjMDU4ODA2YzZiNzAzODIwZWExYjo3OjE1MzU6MzgzZDA3MjA0MGU4NmVjOTQ5NjUyYWM1MTBkYzkzNzg4ODQ3Mjg0YTJlN2I1MzhlZWM4YWU1YzI1YWE5Y2UxNjpoOlQ6VA"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	16:58:28
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff786830000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Windows Defender\MpCmdRun.exe

"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable

Details

Is windows:	true
Is dropped:	false
PID:	4736
Target ID:	19
Parent PID:	7092
Name:	MpCmdRun.exe
Path:	C:\Program Files\Windows Defender\MpCmdRun.exe
Commandline:	"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Size:	468120
MD5:	B3676839B2EE96983F9ED735CD044159
Time:	16:59:31
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	true
Modulebase:	0x7ff75f090000
Modulesize:	479232
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5064
Target ID:	20
Parent PID:	4736
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	16:59:31
Date:	26/03/2025
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	true
Modulebase:	0x7ff62fc20000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://protect.checkpoint.com/v2/r02/___https://lsems.gravityzone.bitdefender.com/xhfsdfMW5hMR*~*QDcqg1KugH/rhrqqgrWni2pyg1KugH/og75AgMRA37Cu37x!i2GzU2ZBRIJzQYOHZZqqYsmZW5OR00KOX83/48p8j0J8ZqF5gYq/X5p/4JhyRpOG1IqMhIh5WIqxR6iX1YmuV1mTfLuz38uCWp/KRqiVYoq5hZbCTIh/4MqE1rinfpmCiY0KZ8i*~*QYOHf1mO48i1RIOfhqGCjLqKW1mPX0SpSYKxR7Z6YsKOg7qvg7m2RIiAZKJyRpO8Wpt6T2uS4rSTX560TJS93ZOHYqOw0K0vZL6x4styRpOuTIJ80ES1RJWuR0u*~*Z60vZ5KvhL4H05cwip06TYSDV8p/Z1K7hD5DWo0n0rm5ZKiLjLCyg8GNVX5DVs4QWLB6gImt35yRX1yIipSGZruqRIJyRpOQWruzf1uB0oqmZqSXX0FyRpO*~*VpC8gKKvf84NWYR7i2uEi8GogsRyRpOA35u6SYipfsSZi6WpSKuJ47N842V/3sSp08uyf1qqi60Mf1/fZrKISp/BZqWHYZytiIm3Xp95fpqOX6qqYYiqh24CSYKqfLSRVpu/Y7CUY758S2O4W1mm3rN6hL/4T1NEYol9iKWJWpS*~*hKSKi7Op0EOZY5yrWoNyRpNyRp4V02G34Y4B1Zq8QYOHXsGt1Yp6i2W9VYi5S70901cUgLByRpOUjsmEZ64nSZuO0002WJCKT2ZCQYOLYZKq06qH40WxiYm8R2q34puoXsStRI0SQYOHfr0z07Cpj2KBj0iWSIG6ZMiGZEOY46091qmZWLcS4ZcmZomGWrStY8iz4sqyRqSrZpm5iMOX45B5T0WHV7umRZNBg2uIX8ORhpmP1Y0407uVSp/XXI4OW2SCW8G21p/Ki1myh0054ESIfp6NgrOyWJyDi5ByRpO8WsGfgsKWgpKJSEW0j00LgZBCRESPXIF8goOxjqGKg16WfoO*~*jYmXZ5up454mXE4R2EWBf1mNj1iTZ5NBhoqX4qhB4IV5Y6G3irSG4oi*~*isGOWrmP104O0MmXWD5DVq4uiYi2i5b6hJqUX1uWgqS/3pW6ZZ*/2*XIKpf7SMYpx5ZoNyRp43gsSfSLuUi8utV5u4Z544gqSq4sWtWZOfhqGY4ZbyRpNCXY0tRKW*~*j1KKg805WJp7j1SwXpyTjZuSRrKm0oFyRp43Vn5DWn5DWrqK1Z35h1SyR8m8X60f4oSvX2SJZ8NyRpOJ0JyDW2i/h7BB0LC0SKq8gYF8X10335iWda99K97K667Kc*~*7K6aFIF/JJbJI/5b8*~*J59I5H78FbH8bc/*~*5Ka*~*/9KHIKJ/Hc77K?h=6&fru;n=6&fru;ithx=6___.YzJlOmdhbmdzdGVyOmM6bzozNzgzODlmOGVjOWFjMDU4ODA2YzZiNzAzODIwZWExYjo3OjE1MzU6MzgzZDA3MjA0MGU4NmVjOTQ5NjUyYWM1MTBkYzkzNzg4ODQ3Mjg0YTJlN2I1MzhlZWM4YWU1YzI1YWE5Y2UxNjpoOlQ6VA

Details

Filetype:

URL

Filename:

Signature Hits	Behavior Group	Mitre Attack
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)	Lowering of HIPS / PFW / Operating System Security Settings	Windows Management Instrumentation File Deletion Security Software Discovery
Creates files inside the system directory	System Summary	Masquerading
Deletes files inside the Windows folder	System Summary	File Deletion
Detected suspicious crossdomain redirect	Networking
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Classification label	System Summary
Connects to IPs without corresponding DNS lookups	Networking
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Downloads files from webservers via HTTP	Networking	Ingress Tool Transfer
Performs DNS lookups	Networking	Non-Application Layer Protocol
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses HTTPS	Networking	Encrypted Channel Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://lsems.gravityzone.bitdefender.com/index.css

13.249.91.64

Details

Name:	https://lsems.gravityzone.bitdefender.com/index.css
IP:	13.249.91.64
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://394-kadoma.trakcid.com/?u=http:%2F%2Femail.double.serviceautopilot.com%2Fc%2FeJwEwDtuxCAQAND

unknown

https://lsems.gravityzone.bitdefender.com/static/css/main.3dfe9f5e.css

13.249.91.64

Details

Name:	https://lsems.gravityzone.bitdefender.com/static/css/main.3dfe9f5e.css
IP:	13.249.91.64
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://email.friendbuy-mail.com/ls/click?upn=u001.-2BQIeNxTGBLUQIKv9gy7yQ7RP4m9yKI9dG-2BAX9Gp74D9l3WRY8iAhNhjnczqFNE2WPN9tqO1879dysZgbjHqu5ESwz-2BihIgwV02ZrPqxiEEhJISd51l3e5NqIoijohW07oPQ-2BwFJ59zMfcNKMU8CxaBBNRkTUjPmlfz-2Bi817W3V0Di1ZzSUjSAjpfBWOkvEu93rCy9Qavs-2F5bVhtPWFxlmopHA-2BvKDl5l8hcKLIkCvCARje01-2BKFjnijpV9aRSRIP-2BzBLwlQjkvHE36uzswpcns-2BocJu57djsTwTd4ZDgb7et9bsdWzmiiewUGinZRaC6NpRTBMKht8XJN4jIIKYeM7eqvq51ehcLBJyOlOOm75rYEhabb5pnY9b3N88tTDFCzpSEwbdW2TOKfF2-2B-2FPUpXe6pYIw-2BJphY95utxA7t7exUoOll-2BOzxsSVb5JIUUWDLE9u1-2FMAeWYBeTlu8w1yXfJcJsh05M-2BjenWldyqpyWQ40uPwAS2SgUxZXTDoMeOaR8AFchOwnfym2SfRHttrRgL49TBCja1B0mzCKrLrHJY5YWjP6NRH6IEsqGpWZNEuhmqUtg3CjMHnbmDKrwL-2BwFpZnqQnAD74UyUFmL133JH07n2lzPEmmQj2zy8RSJdgFaK6L_4pihHygNSB0r9RfW0d44OPXvcAf7zvpIFhJYVITxRG-2BViu7WwO5pIOIjQnSybDuQNyH1dkcGNK4R2-2FXnsZ4jOwzhCJYSFYnSefthEBZrPSeO-2B1I5h0TzyaEoutDI6yckJKNyJM2aaV0-2FXB-2F-2FiEYF4qcm3xwKUZf3jIsDSr-2BDTKrEwysl0TlU4Ywm07IeXcGQ

18.173.132.30

Details

Name:	https://email.friendbuy-mail.com/ls/click?upn=u001.-2BQIeNxTGBLUQIKv9gy7yQ7RP4m9yKI9dG-2BAX9Gp74D9l3WRY8iAhNhjnczqFNE2WPN9tqO1879dysZgbjHqu5ESwz-2BihIgwV02ZrPqxiEEhJISd51l3e5NqIoijohW07oPQ-2BwFJ59zMfcNKMU8CxaBBNRkTUjPmlfz-2Bi817W3V0Di1ZzSUjSAjpfBWOkvEu93rCy9Qavs-2F5bVhtPWFxlmopHA-2BvKDl5l8hcKLIkCvCARje01-2BKFjnijpV9aRSRIP-2BzBLwlQjkvHE36uzswpcns-2BocJu57djsTwTd4ZDgb7et9bsdWzmiiewUGinZRaC6NpRTBMKht8XJN4jIIKYeM7eqvq51ehcLBJyOlOOm75rYEhabb5pnY9b3N88tTDFCzpSEwbdW2TOKfF2-2B-2FPUpXe6pYIw-2BJphY95utxA7t7exUoOll-2BOzxsSVb5JIUUWDLE9u1-2FMAeWYBeTlu8w1yXfJcJsh05M-2BjenWldyqpyWQ40uPwAS2SgUxZXTDoMeOaR8AFchOwnfym2SfRHttrRgL49TBCja1B0mzCKrLrHJY5YWjP6NRH6IEsqGpWZNEuhmqUtg3CjMHnbmDKrwL-2BwFpZnqQnAD74UyUFmL133JH07n2lzPEmmQj2zy8RSJdgFaK6L_4pihHygNSB0r9RfW0d44OPXvcAf7zvpIFhJYVITxRG-2BViu7WwO5pIOIjQnSybDuQNyH1dkcGNK4R2-2FXnsZ4jOwzhCJYSFYnSefthEBZrPSeO-2B1I5h0TzyaEoutDI6yckJKNyJM2aaV0-2FXB-2F-2FiEYF4qcm3xwKUZf3jIsDSr-2BDTKrEwysl0TlU4Ywm07IeXcGQ
IP:	18.173.132.30
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://lsems.gravityzone.bitdefender.com/favicon.ico

13.249.91.64

Details

Name:	https://lsems.gravityzone.bitdefender.com/favicon.ico
IP:	13.249.91.64
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://lsems.gravityzone.bitdefender.com/manifest.json

13.249.91.64

Details

Name:	https://lsems.gravityzone.bitdefender.com/manifest.json
IP:	13.249.91.64
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

https://email.friendbuy-mail.com/ls/click?upn=u001.-2BQIeNxTGBLUQIKv9gy7yQ7RP4m9yKI9dG-2BAX9Gp74D9l3

unknown

https://lsems.gravityzone.bitdefender.com/static/js/main.d62e4927.js

13.249.91.64

Details

Name:	https://lsems.gravityzone.bitdefender.com/static/js/main.d62e4927.js
IP:	13.249.91.64
TargetID:	2
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	network

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Domains

Name

Malicious

api-bd.linkscan.io

13.249.91.68

google.com

142.250.80.78

d3rb3qlp6ej74d.cloudfront.net

13.249.91.64

d1b13yb8esv0x1.cloudfront.net

18.173.132.30

www.google.com

142.250.81.228

d2srg6h49ykvtq.cloudfront.net

3.168.102.96

email.friendbuy-mail.com

unknown

protect.checkpoint.com

unknown

394-kadoma.trakcid.com

unknown

lsems.gravityzone.bitdefender.com

unknown

IPs

Domain

Country

Malicious

13.249.91.49

unknown

United States

Details

IP:	13.249.91.49
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

13.249.91.19

unknown

United States

Details

IP:	13.249.91.19
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

13.249.91.64

d3rb3qlp6ej74d.cloudfront.net

United States

Details

IP:	13.249.91.64
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	d3rb3qlp6ej74d.cloudfront.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

18.173.132.30

d1b13yb8esv0x1.cloudfront.net

United States

Details

IP:	18.173.132.30
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	3
ASN name:	MIT-GATEWAYSUS
Private:	false
Domain:	d1b13yb8esv0x1.cloudfront.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

192.168.2.4

unknown

13.249.91.68

api-bd.linkscan.io

United States

Details

IP:	13.249.91.68
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	api-bd.linkscan.io

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

142.250.81.228

www.google.com

United States

Details

IP:	142.250.81.228
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	www.google.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

3.168.102.96

d2srg6h49ykvtq.cloudfront.net

United States

Details

IP:	3.168.102.96
TargetID:	2
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	d2srg6h49ykvtq.cloudfront.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

DOM / HTML

URL

Malicious

https://lsems.gravityzone.bitdefender.com/scan/aHR0cHM6Ly9lbWFpbC5mcmllbmRidXktbWFpbC5jb20vbHMvY2xpY2s!dXBuPXUwMDEuLTJCUUllTnhUR0JMVVFJS3Y5Z3k3eVE3UlA0bTl5S0k5ZEctMkJBWDlHcDc0RDlsM1dSWThpQWhOaGpuY3pxRk5FMldQTjl0cU8xODc5ZHlzWmdiakhxdTVFU3d6LTJCaWhJZ3dWMDJaclBxeGlFRWhKSVNkNTFsM2U1TnFJb2lqb2hXMDdvUFEtMkJ3Rko1OXpNZmNOS01VOEN4YUJCTlJrVFVqUG1sZnotMkJpODE3VzNWMERpMVp6U1VqU0FqcGZCV09rdkV1OTNyQ3k5UWF2cy0yRjViVmh0UFdGeGxtb3BIQS0yQnZLRGw1bDhoY0tMSWtDdkNBUmplMDEtMkJLRmpuaWpwVjlhUlNSSVAtMkJ6Qkx3bFFqa3ZIRTM2dXpzd3BjbnMtMkJvY0p1NTdkanNUd1RkNFpEZ2I3ZXQ5YnNkV3ptaWlld1VHaW5aUmFDNk5wUlRCTUtodDhYSk40aklJS1llTTdlcXZxNTFlaGNMQkp5T2xPT203NXJZRWhhYmI1cG5ZOWIzTjg4dFRERkN6cFNFd2JkVzJUT0tmRjItMkItMkZQVXBYZTZwWUl3LTJCSnBoWTk1dXR4QTd0N2V4VW9PbGwtMkJPenhzU1ZiNUpJVVVXRExFOXUxLTJGTUFlV1lCZVRsdTh3MXlYZkpjSnNoMDVNLTJCamVuV2xkeXFweVdRNDB1UHdBUzJTZ1V4WlhURG9NZU9hUjhBRmNoT3duZnltMlNmUkh0dHJSZ0w0OVRCQ2phMUIwbXpDS3JMckhKWTVZV2pQNk5SSDZJRXNxR3BXWk5FdWhtcVV0ZzNDak1IbmJtREtyd0wtMkJ3RnBabnFRbkFENzRVeVVGbUwxMzNKSDA3bjJselBFbW1RajJ6eThSU0pkZ0ZhSzZMXzRwa

Details

Filename:	0.0.pages.html.dom
Url:	https://lsems.gravityzone.bitdefender.com/scan/aHR0cHM6Ly9lbWFpbC5mcmllbmRidXktbWFpbC5jb20vbHMvY2xpY2s!dXBuPXUwMDEuLTJCUUllTnhUR0JMVVFJS3Y5Z3k3eVE3UlA0bTl5S0k5ZEctMkJBWDlHcDc0RDlsM1dSWThpQWhOaGpuY3pxRk5FMldQTjl0cU8xODc5ZHlzWmdiakhxdTVFU3d6LTJCaWhJZ3dWMDJaclBxeGlFRWhKSVNkNTFsM2U1TnFJb2lqb2hXMDdvUFEtMkJ3Rko1OXpNZmNOS01VOEN4YUJCTlJrVFVqUG1sZnotMkJpODE3VzNWMERpMVp6U1VqU0FqcGZCV09rdkV1OTNyQ3k5UWF2cy0yRjViVmh0UFdGeGxtb3BIQS0yQnZLRGw1bDhoY0tMSWtDdkNBUmplMDEtMkJLRmpuaWpwVjlhUlNSSVAtMkJ6Qkx3bFFqa3ZIRTM2dXpzd3BjbnMtMkJvY0p1NTdkanNUd1RkNFpEZ2I3ZXQ5YnNkV3ptaWlld1VHaW5aUmFDNk5wUlRCTUtodDhYSk40aklJS1llTTdlcXZxNTFlaGNMQkp5T2xPT203NXJZRWhhYmI1cG5ZOWIzTjg4dFRERkN6cFNFd2JkVzJUT0tmRjItMkItMkZQVXBYZTZwWUl3LTJCSnBoWTk1dXR4QTd0N2V4VW9PbGwtMkJPenhzU1ZiNUpJVVVXRExFOXUxLTJGTUFlV1lCZVRsdTh3MXlYZkpjSnNoMDVNLTJCamVuV2xkeXFweVdRNDB1UHdBUzJTZ1V4WlhURG9NZU9hUjhBRmNoT3duZnltMlNmUkh0dHJSZ0w0OVRCQ2phMUIwbXpDS3JMckhKWTVZV2pQNk5SSDZJRXNxR3BXWk5FdWhtcVV0ZzNDak1IbmJtREtyd0wtMkJ3RnBabnFRbkFENzRVeVVGbUwxMzNKSDA3bjJselBFbW1RajJ6eThSU0pkZ0ZhSzZMXzRwa
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,977650232591120726,18254827365428393022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2388 /prefetch:3

Details

Filename:	0.1.pages.html.dom
Url:	https://lsems.gravityzone.bitdefender.com/scan/aHR0cHM6Ly9lbWFpbC5mcmllbmRidXktbWFpbC5jb20vbHMvY2xpY2s!dXBuPXUwMDEuLTJCUUllTnhUR0JMVVFJS3Y5Z3k3eVE3UlA0bTl5S0k5ZEctMkJBWDlHcDc0RDlsM1dSWThpQWhOaGpuY3pxRk5FMldQTjl0cU8xODc5ZHlzWmdiakhxdTVFU3d6LTJCaWhJZ3dWMDJaclBxeGlFRWhKSVNkNTFsM2U1TnFJb2lqb2hXMDdvUFEtMkJ3Rko1OXpNZmNOS01VOEN4YUJCTlJrVFVqUG1sZnotMkJpODE3VzNWMERpMVp6U1VqU0FqcGZCV09rdkV1OTNyQ3k5UWF2cy0yRjViVmh0UFdGeGxtb3BIQS0yQnZLRGw1bDhoY0tMSWtDdkNBUmplMDEtMkJLRmpuaWpwVjlhUlNSSVAtMkJ6Qkx3bFFqa3ZIRTM2dXpzd3BjbnMtMkJvY0p1NTdkanNUd1RkNFpEZ2I3ZXQ5YnNkV3ptaWlld1VHaW5aUmFDNk5wUlRCTUtodDhYSk40aklJS1llTTdlcXZxNTFlaGNMQkp5T2xPT203NXJZRWhhYmI1cG5ZOWIzTjg4dFRERkN6cFNFd2JkVzJUT0tmRjItMkItMkZQVXBYZTZwWUl3LTJCSnBoWTk1dXR4QTd0N2V4VW9PbGwtMkJPenhzU1ZiNUpJVVVXRExFOXUxLTJGTUFlV1lCZVRsdTh3MXlYZkpjSnNoMDVNLTJCamVuV2xkeXFweVdRNDB1UHdBUzJTZ1V4WlhURG9NZU9hUjhBRmNoT3duZnltMlNmUkh0dHJSZ0w0OVRCQ2phMUIwbXpDS3JMckhKWTVZV2pQNk5SSDZJRXNxR3BXWk5FdWhtcVV0ZzNDak1IbmJtREtyd0wtMkJ3RnBabnFRbkFENzRVeVVGbUwxMzNKSDA3bjJselBFbW1RajJ6eThSU0pkZ0ZhSzZMXzRwa
Target ID:	2
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,977650232591120726,18254827365428393022,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2388 /prefetch:3

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Files

Processes

URLs

Domains

IPs

DOM / HTML