Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	6272
Target ID:	0
Parent PID:	4780
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	00:10:12
Date:	10/04/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff68f410000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,7466857020853385346,12186381282290386696,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2160 /prefetch:3

Details

Is windows:	true
Is dropped:	false
PID:	6976
Target ID:	1
Parent PID:	6272
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,7466857020853385346,12186381282290386696,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2160 /prefetch:3
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	00:10:14
Date:	10/04/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff68f410000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,7466857020853385346,12186381282290386696,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5008 /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	6580
Target ID:	2
Parent PID:	6272
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,7466857020853385346,12186381282290386696,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5008 /prefetch:8
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	00:10:17
Date:	10/04/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff68f410000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.reuters.com/markets/deals/dealmakers-wait-see-mode-expect-ma-pace-pick-up-later-2025-2025-03-06/%3Cscript%20type=%22application/javascript%22%20src=%22https:/pixel.adsafeprotected.com/rjss/st/2412881/86283336/skeleton.js?bidurl=%%PATTERN:url%%%22%3E%3C/SCRIPT%3E%20%3CNOSCRIPT%3E%3CIMG%20SRC=%22https://pixel.adsafeprotected.com/rfw/st/2412881/86283334/skeleton.gif?gdpr=$%7BGDPR%7D&gdpr_consent=$%7BGDPR_CONSENT_278%7D&gdpr_pd=$%7BGDPR_PD%7D&bidurl=%%PATTERN:url%%%22%20BORDER=0%20WIDTH=1%20HEIGHT=1%20ALT=%22%22%3E%3C/NOSCRIPT%3E"

Details

Is windows:	true
Is dropped:	false
PID:	7264
Target ID:	5
Parent PID:	4780
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.reuters.com/markets/deals/dealmakers-wait-see-mode-expect-ma-pace-pick-up-later-2025-2025-03-06/%3Cscript%20type=%22application/javascript%22%20src=%22https:/pixel.adsafeprotected.com/rjss/st/2412881/86283336/skeleton.js?bidurl=%%PATTERN:url%%%22%3E%3C/SCRIPT%3E%20%3CNOSCRIPT%3E%3CIMG%20SRC=%22https://pixel.adsafeprotected.com/rfw/st/2412881/86283334/skeleton.gif?gdpr=$%7BGDPR%7D&gdpr_consent=$%7BGDPR_CONSENT_278%7D&gdpr_pd=$%7BGDPR_PD%7D&bidurl=%%PATTERN:url%%%22%20BORDER=0%20WIDTH=1%20HEIGHT=1%20ALT=%22%22%3E%3C/NOSCRIPT%3E"
Size:	3388000
MD5:	E81F54E6C1129887AEA47E7D092680BF
Time:	00:10:20
Date:	10/04/2025
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff68f410000
Modulesize:	3469312
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://www.reuters.com/markets/deals/dealmakers-wait-see-mode-expect-ma-pace-pick-up-later-2025-2025-03-06/%3Cscript%20type=%22application/javascript%22%20src=%22https:/pixel.adsafeprotected.com/rjss/st/2412881/86283336/skeleton.js?bidurl=%%PATTERN:url%%%22%3E%3C/SCRIPT%3E%20%3CNOSCRIPT%3E%3CIMG%20SRC=%22https://pixel.adsafeprotected.com/rfw/st/2412881/86283334/skeleton.gif?gdpr=$%7BGDPR%7D&gdpr_consent=$%7BGDPR_CONSENT_278%7D&gdpr_pd=$%7BGDPR_PD%7D&bidurl=%%PATTERN:url%%%22%20BORDER=0%20WIDTH=1%20HEIGHT=1%20ALT=%22%22%3E%3C/NOSCRIPT%3E

https://www.reuters.com/tools/mobile/us

https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAMP6OWjEoonkAoU0NAg%3D%3D&hash=2013457ADA70C67D6A4123E0A76873&cid=Kb19fXtY9VqSW23aP2mbgsMCdENX~Zo_1NyjAuR4WMKvjwP8mnchBmuDg52RaW_R4nK~irQ3WqIh9D7GYIa5PF6BM30RBLoLrhdPJ03AMBQ4aPTa9WUGlqtGz63~QrT8&t=fe&referer=https%3A%2F%2Fwww.reuters.com%2Ftools%2Fmobile%2Fus&s=43909&e=74507901172fc7e720e30ad3c5cbe7c7dd4af9f4d59244f144036e2c08e7a2fa&dm=cd

44.216.146.82

https://www.twitter.com/Reuters

unknown

https://www.thomsonreuters.com/en/careers.html

unknown

https://www.reuters.com/fact-check/

unknown

https://static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css

108.139.29.28

http://c.pki.goog/r/r4.crl

142.250.80.35

https://ct.captcha-delivery.com/c.js

18.173.132.69

https://dd.prod.captcha-delivery.com/image/2025-04-10/9cde6138c368867e9ef49e9d99991d4c.frag.png

18.238.49.103

https://www.reutersagency.com/en/about/about-us/

unknown

https://caniuse.com/woff2

unknown

https://www.reuters.com/info-pages/disclaimer/

unknown

https://dd.prod.captcha-delivery.com/audio/2025-04-10/en/65b19a1501d2b2bb9faa5ede6edc6c36.wav

unknown

https://www.reuters.com/news/pictures

unknown

https://dd.prod.captcha-delivery.com/image/2025-04-10/9cde6138c368867e9ef49e9d99991d4c.jpg

18.238.49.103

https://static.captcha-delivery.com/common/fonts/roboto/font-face.css

108.139.29.28

https://www.reuters.com

unknown

https://datadome.co

unknown

https://static.captcha-delivery.com/common/fonts/roboto/roboto.woff2

108.139.29.28

https://newslink.reuters.com/join/subscribe

unknown

https://www.thomsonreuters.com/en/policies/copyright.html

unknown

https://www.reuters.com/DiversityReportApril2022

unknown

https://www.reuters.com/site-api/header/?_website=reuters&outputType=json

13.249.91.10

https://www.reutersagency.com/en/about/about-us/brand-attribution-guidelines/

unknown

https://www.reuters.com/favicon.ico

13.249.91.10

https://caniuse.com/woff

unknown

https://www.reutersagency.com/en/about/leadership-team/

unknown

https://www.reuters.com/site-api/footer/?_website=reuters&outputType=json

13.249.91.10

http://c.pki.goog/r/gsr1.crl

142.250.80.35

https://caniuse.com/ttf

unknown

https://www.reutersagency.com/en/?utm_source=website&utm_medium=reuters&utm_campaign=site-referral&u

unknown

https://www.reuters.com/video/

unknown

https://graphics.reuters.com/

unknown

https://www.reuters.com/

unknown

There are 24 hidden URLs, click here to show them.

Domains

Name

Malicious

ct.captcha-delivery.com

18.173.132.69

Details

Name:	ct.captcha-delivery.com
IP:	18.173.132.69
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

www.reutersmedia.net

13.249.91.21

d2lhhyweudwf3e.cloudfront.net

108.139.29.28

www.google.com

142.250.65.228

Details

Name:	www.google.com
IP:	142.250.65.228
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

api-us-east-1.captcha-delivery.com

44.216.146.82

dd.prod.captcha-delivery.com

18.238.49.103

Details

Name:	dd.prod.captcha-delivery.com
IP:	18.238.49.103
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

www.reuters.com

unknown

Details

Name:	www.reuters.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Found strings which match to known social media urls	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking

static.captcha-delivery.com

unknown

Details

Name:	static.captcha-delivery.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

geo.captcha-delivery.com

unknown

Details

Name:	geo.captcha-delivery.com
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

18.173.132.69

ct.captcha-delivery.com

United States

Details

IP:	18.173.132.69
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	3
ASN name:	MIT-GATEWAYSUS
Private:	false
Domain:	ct.captcha-delivery.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

13.249.91.10

unknown

United States

Details

IP:	13.249.91.10
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

13.249.91.21

www.reutersmedia.net

United States

Details

IP:	13.249.91.21
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	www.reutersmedia.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

108.139.29.28

d2lhhyweudwf3e.cloudfront.net

United States

Details

IP:	108.139.29.28
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	d2lhhyweudwf3e.cloudfront.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

192.168.2.5

unknown

18.238.49.103

dd.prod.captcha-delivery.com

United States

Details

IP:	18.238.49.103
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	dd.prod.captcha-delivery.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

142.250.65.228

www.google.com

United States

Details

IP:	142.250.65.228
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	www.google.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

18.238.49.105

unknown

United States

Details

IP:	18.238.49.105
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

44.216.146.82

api-us-east-1.captcha-delivery.com

United States

Details

IP:	44.216.146.82
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Country:	United States
Countrycode:	USA
ASN number:	14618
ASN name:	AMAZON-AESUS
Private:	false
Domain:	api-us-east-1.captcha-delivery.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

DOM / HTML

URL

Malicious

https://www.reuters.com/markets/deals/dealmakers-wait-see-mode-expect-ma-pace-pick-up-later-2025-2025-03-06/%3Cscript%20type=%22application/javascript%22%20src=%22https:/pixel.adsafeprotected.com/rjss/st/2412881/86283336/skeleton.js?bidurl=%%PATTERN:url%%%22%3E%3C/SCRIPT%3E%20%3CNOSCRIPT%3E%3CIMG%20SRC=%22https://pixel.adsafeprotected.com/rfw/st/2412881/86283334/skeleton.gif?gdpr=$%7BGDPR%7D&gdpr_consent=$%7BGDPR_CONSENT_278%7D&gdpr_pd=$%7BGDPR_PD%7D&bidurl=%%PATTERN:url%%%22%20BORDER=0%20WIDTH=1%20HEIGHT=1%20ALT=%22%22%3E%3C/NOSCRIPT%3E

Details

Filename:	0.0.pages.html.dom
Url:	https://www.reuters.com/markets/deals/dealmakers-wait-see-mode-expect-ma-pace-pick-up-later-2025-2025-03-06/%3Cscript%20type=%22application/javascript%22%20src=%22https:/pixel.adsafeprotected.com/rjss/st/2412881/86283336/skeleton.js?bidurl=%%PATTERN:url%%%22%3E%3C/SCRIPT%3E%20%3CNOSCRIPT%3E%3CIMG%20SRC=%22https://pixel.adsafeprotected.com/rfw/st/2412881/86283334/skeleton.gif?gdpr=$%7BGDPR%7D&gdpr_consent=$%7BGDPR_CONSENT_278%7D&gdpr_pd=$%7BGDPR_PD%7D&bidurl=%%PATTERN:url%%%22%20BORDER=0%20WIDTH=1%20HEIGHT=1%20ALT=%22%22%3E%3C/NOSCRIPT%3E
Target ID:	1
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2060,i,7466857020853385346,12186381282290386696,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2160 /prefetch:3

https://www.reuters.com/tools/mobile/us

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://www.reuters.com/markets/deals/dealmakers-wait-see-mode-expect-ma-pace-pick-up-later-2025-2025-03-06/<scriΡt type="application/javascriΡt" src="https:/pixel.adsafeprotected.com/rjss/st/2412881/86283336/skeleton.js?bidurl=%%PATTERN:url%%"></scriΡt> <NOscriΡt><IMG S

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://www.reuters.com/markets/deals/dealmakers-wait-see-mode-expect-ma-pace-pick-up-later-2025-2025-03-06/<scriΡt type="application/javascriΡt" src="https:/pixel.adsafeprotected.com/rjss/st/2412881/86283336/skeleton.js?bidurl=%%PATTERN:url%%"></scriΡt> <NOscriΡt><IMG S

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://www.reuters.com/markets/deals/dealmakers-wait-see-mode-expect-ma-pace-pick-up-later-2025-2025-03-06/<scriΡt type="application/javascriΡt" src="https:/pixel.adsafeprotected.com/rjss/st/2412881/86283336/skeleton.js?bidurl=%%PATTERN:url%%"></scriΡt> <NOscriΡt><IMG S