IOC Report
https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:23:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 1 09:22:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 103
Web Open Font Format (Version 2), TrueType, length 14964, version 1.0
downloaded
Chrome Cache Entry: 104
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (1990)
dropped
Chrome Cache Entry: 106
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
dropped
Chrome Cache Entry: 107
Unicode text, UTF-8 text, with very long lines (45374)
dropped
Chrome Cache Entry: 108
exported SGML document, ASCII text, with very long lines (65515)
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (2816)
downloaded
Chrome Cache Entry: 110
ASCII text, with very long lines (49854)
downloaded
Chrome Cache Entry: 111
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
dropped
Chrome Cache Entry: 112
ASCII text, with very long lines (49213)
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 114
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
downloaded
Chrome Cache Entry: 115
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 116
ASCII text, with very long lines (49854)
dropped
Chrome Cache Entry: 117
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
dropped
Chrome Cache Entry: 118
ASCII text, with very long lines (39312)
downloaded
Chrome Cache Entry: 119
ASCII text, with very long lines (1389)
dropped
Chrome Cache Entry: 120
ASCII text, with very long lines (62817)
dropped
Chrome Cache Entry: 121
ASCII text, with very long lines (1389)
downloaded
Chrome Cache Entry: 122
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 123
ASCII text, with very long lines (1381)
downloaded
Chrome Cache Entry: 124
Unicode text, UTF-8 text, with very long lines (65101), with no line terminators
downloaded
Chrome Cache Entry: 125
ASCII text, with very long lines (54925)
downloaded
Chrome Cache Entry: 126
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 127
ASCII text, with very long lines (7331)
dropped
Chrome Cache Entry: 128
ASCII text, with very long lines (513)
dropped
Chrome Cache Entry: 129
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 130
ASCII text, with very long lines (7331)
downloaded
Chrome Cache Entry: 131
ASCII text, with very long lines (1893)
downloaded
Chrome Cache Entry: 132
ASCII text, with very long lines (18297)
dropped
Chrome Cache Entry: 133
ASCII text, with very long lines (62817)
downloaded
Chrome Cache Entry: 134
ASCII text, with very long lines (65317)
downloaded
Chrome Cache Entry: 135
ASCII text, with very long lines (4578)
downloaded
Chrome Cache Entry: 136
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (2816)
dropped
Chrome Cache Entry: 138
ASCII text, with very long lines (833)
downloaded
Chrome Cache Entry: 139
ASCII text
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 141
ASCII text, with very long lines (833)
dropped
Chrome Cache Entry: 142
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 143
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 144
ASCII text, with very long lines (1893)
dropped
Chrome Cache Entry: 145
ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 146
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 147
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 148
Web Open Font Format (Version 2), TrueType, length 16324, version 1.0
downloaded
Chrome Cache Entry: 149
exported SGML document, ASCII text, with very long lines (65515)
dropped
Chrome Cache Entry: 150
ASCII text, with very long lines (10235)
downloaded
Chrome Cache Entry: 151
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 152
TrueType Font data, 10 tables, 1st "OS/2", 22 names, Macintosh, Copyright (c) Font AwesomeVersion 769.01171875 (Font Awesome version: 6.1.1)FontAwesome6Free-Sol
downloaded
Chrome Cache Entry: 153
HTML document, ASCII text
downloaded
Chrome Cache Entry: 154
Unicode text, UTF-8 (with BOM) text
downloaded
Chrome Cache Entry: 155
Web Open Font Format (Version 2), TrueType, length 154228, version 769.768
downloaded
Chrome Cache Entry: 156
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 157
ASCII text, with very long lines (49213)
dropped
Chrome Cache Entry: 158
Unicode text, UTF-8 (with BOM) text, with very long lines (62157)
dropped
Chrome Cache Entry: 159
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 160
ASCII text, with very long lines (1990)
downloaded
Chrome Cache Entry: 161
ASCII text, with very long lines (513)
downloaded
Chrome Cache Entry: 162
ASCII text, with very long lines (1381)
dropped
Chrome Cache Entry: 163
Unicode text, UTF-8 (with BOM) text, with very long lines (62157)
downloaded
Chrome Cache Entry: 164
Unicode text, UTF-8 text, with very long lines (45374)
downloaded
Chrome Cache Entry: 165
ASCII text, with very long lines (18297)
downloaded
Chrome Cache Entry: 166
HTML document, ASCII text, with very long lines (9567), with CRLF line terminators
downloaded
Chrome Cache Entry: 167
Web Open Font Format (Version 2), TrueType, length 5340, version 1.0
downloaded
Chrome Cache Entry: 168
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 169
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
downloaded
Chrome Cache Entry: 170
Unicode text, UTF-8 text, with very long lines (65101), with no line terminators
dropped
Chrome Cache Entry: 171
ASCII text, with very long lines (54925)
dropped
Chrome Cache Entry: 172
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 173
ASCII text, with very long lines (10235)
dropped
Chrome Cache Entry: 174
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
downloaded
Chrome Cache Entry: 175
ASCII text, with very long lines (4578)
dropped
Chrome Cache Entry: 176
ASCII text, with very long lines (39312)
dropped
There are 71 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,1329914997892961464,14408574789720149037,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1"

URLs

Name
IP
Malicious
https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1
malicious
https://amlechouse.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWVGTlpNVTA9JnVpZD1VU0VSMTcxMDIwMjRVMTgxMDE3MjE=N0123Nhttps://amlechouse.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWVGTlpNVTA9JnVpZD1VU0VSMTcxMDIwMjRVMTgxMDE3MjE=N0123N
malicious
https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1
malicious
https://static.cognitoforms.com/website/npm.vue-style-loader4.1.3.ea4585fb719659a69c27.js
unknown
https://github.com/zloirock/core-js
unknown
https://static.cognitoforms.com/form/modern/43.db2e57a3f1d2efa7565e.js
13.107.246.45
https://static.cognitoforms.com/website/npm.vue-meta2.4.0_patch_hash%3Dd2dgypdrktgozksvyf6pxfggl4.25
unknown
https://amlechouse.com/wp-content/uploads/2022/05/cropped-AmlecHouse_ICON_512x512-32x32.png
27.54.88.98
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.ttf
104.17.24.14
https://www.cognitoforms.com/svc/auth/oidc/
unknown
https://static.cognitoforms.com/app/
unknown
https://static.cognitoforms.com/lib/vue
unknown
https://amlechouse.com/o/jsdrive.js
27.54.88.98
https://fontawesome.com/license/free
unknown
https://fontawesome.com
unknown
https://amlechouse.com/favicon.ico
27.54.88.98
https://static.cognitoforms.com/website/npm.webpack4.46.0_webpack-cli%403.3.12.f5c656c89e48c0f4805f.
unknown
https://github.com/linusborg/portal-vue
unknown
https://static.cognitoforms.com/website/manifest.f49bcafb58163a1c46c2.js
unknown
https://static.cognitoforms.com/website/npm.vue-loader15.10.0_css-loader%403.6.0_react-dom%4016.14.0
unknown
https://static.cognitoforms.com/form/modern/174.38b9020628a90a38f39f.js
13.107.246.45
https://eastus-4.in.applicationinsights.azure.com/;LiveEndpoint=https://eastus.livediagnostics.monit
unknown
https://static.cognitoforms.com/website/npm.uuid10.0.0.7a5d287f5904ab377843.js
unknown
https://static.cognitoforms.com/form/modern/99.479db4e0d49062abb065.js
13.107.246.45
https://static.cognitoforms.com/website/npm.what-input5.2.6.6d0360ccd49e365d7f6e.js
unknown
https://static.cognitoforms.com/form/modern/102.e80e60d1413ea7c14274.js
13.107.246.45
https://static.cognitoforms.com/website/npm.vue-cookies1.8.2.099449b1278521f6832f.js
unknown
https://static.cognitoforms.com/website/npm.core-js3.31.0.be0c44d2d141a3a37ed4.js
unknown
https://static.cognitoforms.com/form/modern/140.e2d99c17620750a7add1.js
13.107.246.45
https://static.cognitoforms.com/website/npm.vue-router3.6.5_vue%402.7.15.e49a86621dcf2a21928e.js
unknown
https://static.cognitoforms.com/form/modern/172.25c9472b4ce3333ab4e2.js
13.107.246.45
https://static.cognitoforms.com/lib/
unknown
https://fontawesome.comFont
unknown
https://static.cognitoforms.com/content/
unknown
https://static.cognitoforms.com/form/modern/183.022942a495586cae8bc6.js
13.107.246.45
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css
104.17.24.14
https://static.cognitoforms.com/website/npm.css-loader3.6.0_webpack%404.46.0.ccde4d2ecd7778949811.js
unknown
https://static.cognitoforms.com/form/modern/12.fecdafd283baa82562c5.js
13.107.246.45
https://www.w3schools.com/w3css/4/w3.css
192.229.133.221
https://static.cognitoforms.com/form/modern/175.12fc93df660160b493b6.js
13.107.246.45
https://static.cognitoforms.com/form/modern/156.c98da103be4998203a5c.js
13.107.246.45
https://static.cognitoforms.com/form/modern/26.e7854b04cb40707eda24.js
13.107.246.45
https://www.cognitoforms.com/
unknown
https://static.cognitoforms.com/form/modern/182.17d29c9292682a224972.js
13.107.246.45
https://static.cognitoforms.com/website/npm.vue-gtag1.16.1_vue%402.7.15.cca5d61cb0bf7784004c.js
unknown
https://static.cognitoforms.com/form/modern/106.21a144a16b2488a8d128.js
13.107.246.45
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/fa-solid-900.woff2
104.17.24.14
https://static.cognitoforms.com/api-reference/
unknown
https://cdn.socket.io/4.7.5/socket.io.min.js
18.245.31.89
https://static.cognitoforms.com/form/modern/159.e2b4aeefcc98f9011a76.js
13.107.246.45
https://github.com/zloirock/core-js/blob/v3.31.0/LICENSE
unknown
https://feross.org
unknown
https://static.cognitoforms.com/form/modern/92.847df545fd4326f7a7f0.js
13.107.246.45
https://amlechouse.com/o/
unknown
https://static.cognitoforms.com/website/app.37a4351f05a9b90a9e9a.js
unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg
152.199.21.175
https://static.cognitoforms.com/form/modern/46.98cd391d7d720f08a271.js
13.107.246.45
https://static.cognitoforms.com/website/npm.process0.11.10.5d50d3cc9788f91952b5.js
unknown
https://static.cognitoforms.com/form/modern/97.a58e418a30a485ad73c9.js
13.107.246.45
https://static.cognitoforms.com/website/
unknown
https://static.cognitoforms.com/form/modern/179.b3ad8883616224d153c3.js
13.107.246.45
https://static.cognitoforms.com/form/modern/22.ee32fdd7e04ec616e752.js
13.107.246.45
https://static.cognitoforms.com/website/npm.deepmerge4.3.1.b3bb17d6527183e2ee26.js
unknown
There are 52 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
amlechouse.com
27.54.88.98
 malicious
aadcdn.msftauth.net
unknown
 malicious
www.w3schools.com
unknown
 malicious
cdn.socket.io
unknown
 malicious
static.cognitoforms.com
unknown
 malicious
www.cognitoforms.com
unknown
 malicious
bg.microsoft.map.fastly.net
199.232.210.172
d2vgu95hoyrpkh.cloudfront.net
18.245.31.89
cdnjs.cloudflare.com
104.17.24.14
cs837.wac.edgecastcdn.net
192.229.133.221
s-part-0017.t-0009.t-msedge.net
13.107.246.45
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
142.250.186.100
fp2e7a.wpc.phicdn.net
192.229.221.95
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
27.54.88.98
amlechouse.com
Australia
malicious
104.17.24.14
cdnjs.cloudflare.com
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
13.107.253.45
s-part-0017.t-0009.fb-t-msedge.net
United States
18.245.31.89
d2vgu95hoyrpkh.cloudfront.net
United States
192.229.133.221
cs837.wac.edgecastcdn.net
United States
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
152.199.21.175
sni1gl.wpc.omegacdn.net
United States
142.250.186.100
www.google.com
United States

DOM / HTML

URL
Malicious
https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1
 malicious
https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1
 malicious
https://amlechouse.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWVGTlpNVTA9JnVpZD1VU0VSMTcxMDIwMjRVMTgxMDE3MjE=N0123Nhttps://amlechouse.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWVGTlpNVTA9JnVpZD1VU0VSMTcxMDIwMjRVMTgxMDE3MjE=N0123N
 malicious
https://amlechouse.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWVGTlpNVTA9JnVpZD1VU0VSMTcxMDIwMjRVMTgxMDE3MjE=N0123Nhttps://amlechouse.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWVGTlpNVTA9JnVpZD1VU0VSMTcxMDIwMjRVMTgxMDE3MjE=N0123N
 malicious
https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1
https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1
https://www.cognitoforms.com/f/wAh1CzXrnEmEifrmJ4OEgg/1