IOC Report
https://secure.login.gov/sign_up/email/confirm?_request_id=3c0afc61-ca10-4f0c-9685-deebefbd5009&confirmation_token=CpW2XvapjXvtiszQfDxe&c=E,1,czKC5vkp_9sR2jC4fsD8lsKfESoIyAIMQRGqkY2Bbcx7yPVzXeHCLLRKd9edzUpkrkCL5N3DxQ5GKyw6w6jtCBdegjvNRkaLnm9khZ_CZsjb1RkOyAgTkuF3&typo=1

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:57:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:57:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 09:52:18 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:57:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:57:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:57:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
PNG image data, 173 x 40, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 101
ASCII text, with very long lines (2205)
downloaded
Chrome Cache Entry: 102
ASCII text, with very long lines (720)
dropped
Chrome Cache Entry: 103
ASCII text, with very long lines (563)
dropped
Chrome Cache Entry: 104
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 105
Web Open Font Format (Version 2), TrueType, length 15544, version 2.66
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (1742)
downloaded
Chrome Cache Entry: 107
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (563)
downloaded
Chrome Cache Entry: 109
ASCII text, with very long lines (1742)
dropped
Chrome Cache Entry: 110
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 111
ASCII text
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 113
Web Open Font Format (Version 2), TrueType, length 14904, version 2.66
downloaded
Chrome Cache Entry: 114
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 115
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 116
ASCII text
downloaded
Chrome Cache Entry: 117
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 118
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 119
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 120
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 121
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 122
ASCII text, with very long lines (720)
downloaded
Chrome Cache Entry: 123
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 124
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 125
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 126
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 127
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 128
Unicode text, UTF-8 text, with very long lines (3694), with no line terminators
downloaded
Chrome Cache Entry: 129
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 70
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 71
ASCII text, with very long lines (4397)
dropped
Chrome Cache Entry: 72
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 73
Unicode text, UTF-8 text, with no line terminators
downloaded
Chrome Cache Entry: 74
PNG image data, 173 x 40, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 75
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 76
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 77
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 78
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 79
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 80
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 81
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 82
Unicode text, UTF-8 text, with very long lines (3694), with no line terminators
dropped
Chrome Cache Entry: 83
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 84
ASCII text, with very long lines (760), with no line terminators
downloaded
Chrome Cache Entry: 85
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 86
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 87
Web Open Font Format (Version 2), TrueType, length 14864, version 2.66
downloaded
Chrome Cache Entry: 88
ASCII text
dropped
Chrome Cache Entry: 89
ASCII text
dropped
Chrome Cache Entry: 90
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 91
SVG Scalable Vector Graphics image
dropped
Chrome Cache Entry: 92
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 93
ASCII text, with very long lines (4397)
downloaded
Chrome Cache Entry: 94
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 95
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 96
ASCII text, with very long lines (465), with no line terminators
downloaded
Chrome Cache Entry: 97
ASCII text, with very long lines (2205)
dropped
Chrome Cache Entry: 98
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 99
Unicode text, UTF-8 text, with no line terminators
dropped
There are 57 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1568,i,9142163365608271667,12353336580807457794,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://secure.login.gov/sign_up/email/confirm?_request_id=3c0afc61-ca10-4f0c-9685-deebefbd5009&confirmation_token=CpW2XvapjXvtiszQfDxe&c=E,1,czKC5vkp_9sR2jC4fsD8lsKfESoIyAIMQRGqkY2Bbcx7yPVzXeHCLLRKd9edzUpkrkCL5N3DxQ5GKyw6w6jtCBdegjvNRkaLnm9khZ_CZsjb1RkOyAgTkuF3&typo=1"

URLs

Name
IP
Malicious
https://secure.login.gov/sign_up/email/confirm?_request_id=3c0afc61-ca10-4f0c-9685-deebefbd5009&confirmation_token=CpW2XvapjXvtiszQfDxe&c=E,1,czKC5vkp_9sR2jC4fsD8lsKfESoIyAIMQRGqkY2Bbcx7yPVzXeHCLLRKd9edzUpkrkCL5N3DxQ5GKyw6w6jtCBdegjvNRkaLnm9khZ_CZsjb1RkOyAgTkuF3&typo=1
https://secure.login.gov/packs/submit_button_component-f328105c.digested.js
13.33.187.6
https://secure.login.gov/assets/lock-c7ffa794.svg
13.33.187.6
https://secure.login.gov/assets/password_strength_component-bbafaadb.css
13.33.187.6
https://secure.login.gov/assets/application-1d4fbf32.css
13.33.187.6
https://secure.login.gov/packs/password_strength_component-5dc65abd.digested-d55a7dd4.en.js
13.33.187.6
https://secure.login.gov/sign_up/cancel
https://secure.login.gov/assets/sp-logos/treasury_caia_logo-8faaee80.png
13.33.187.6
https://secure.login.gov/packs/application-3688b8ee.digested.js
13.33.187.6
http://www.bohemiancoding.com/sketch
unknown
https://secure.login.gov/packs/password_strength_component-5dc65abd.digested.js
13.33.187.6
https://secure.login.gov/sign_up/enter_password?confirmation_token=CpW2XvapjXvtiszQfDxe
https://secure.login.gov/assets/print-dbe18894.css
13.33.187.6
https://secure.login.gov/packs/password_confirmation_component-1a3edc7d.digested.js
13.33.187.6
https://secure.login.gov/sign_up/email/confirm?_request_id=3c0afc61-ca10-4f0c-9685-deebefbd5009&confirmation_token=CpW2XvapjXvtiszQfDxe&c=E,1,czKC5vkp_9sR2jC4fsD8lsKfESoIyAIMQRGqkY2Bbcx7yPVzXeHCLLRKd9edzUpkrkCL5N3DxQ5GKyw6w6jtCBdegjvNRkaLnm9khZ_CZsjb1RkOyAgTkuF3&typo=1
13.33.187.6
https://secure.login.gov/assets/public-sans/PublicSans-Italic-467fd4ae.woff2
13.33.187.6
https://secure.login.gov/assets/icon-https-4fe6ff7d.svg
13.33.187.6
https://secure.login.gov/assets/utilities-b943a2ae.css
13.33.187.6
https://secure.login.gov/assets/icon_component-2d022cd4.css
13.33.187.6
https://secure.login.gov/assets/usa-icons/language-933750f3.svg
13.33.187.6
https://secure.login.gov/assets/usa-icons/launch-d24c854a.svg
13.33.187.6
https://secure.login.gov/assets/public-sans/PublicSans-Bold-c73ef2d4.woff2
13.33.187.6
https://secure.login.gov/assets/status/warning-88ffeb95.svg
13.33.187.6
https://secure.login.gov/packs/track-errors-e9df8e72.digested.js
13.33.187.6
https://secure.login.gov/assets/usa-icons/check_circle-9998d611.svg
13.33.187.6
https://secure.login.gov/packs/validated_field_component-2b54ffd6.digested.js
13.33.187.6
https://secure.login.gov/assets/sp-logos/square-gsa-2e9100eb.svg
13.33.187.6
https://secure.login.gov/assets/favicons/favicon-16-b68bb09d.png
13.33.187.6
https://secure.login.gov/assets/logo-a6f6c558.svg
13.33.187.6
https://secure.login.gov/assets/password_confirmation_component-7db5a738.css
13.33.187.6
https://secure.login.gov/assets/init-6ad4cfee.js
13.33.187.6
https://secure.login.gov/packs/password_confirmation_component-1a3edc7d.digested-4a05fc12.en.js
13.33.187.6
https://secure.login.gov/assets/icon-dot-gov-c85c77ab.svg
13.33.187.6
https://secure.login.gov/assets/usa-icons/error-9489e5f3.svg
13.33.187.6
https://secure.login.gov/assets/plus-64f58c0a.svg
13.33.187.6
https://secure.login.gov/assets/public-sans/PublicSans-Regular-5f371c89.woff2
13.33.187.6
https://secure.login.gov/assets/us_flag-9715e180.svg
13.33.187.6
There are 26 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
d3koqshax83fsx.cloudfront.net
13.33.187.6
www.google.com
142.250.181.68
secure.login.gov
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.11
unknown
unknown
239.255.255.250
unknown
Reserved
142.250.181.68
www.google.com
United States
13.33.187.6
d3koqshax83fsx.cloudfront.net
United States

DOM / HTML

URL
Malicious
https://secure.login.gov/sign_up/enter_password?confirmation_token=CpW2XvapjXvtiszQfDxe
https://secure.login.gov/sign_up/enter_password?confirmation_token=CpW2XvapjXvtiszQfDxe
https://secure.login.gov/sign_up/enter_password?confirmation_token=CpW2XvapjXvtiszQfDxe
https://secure.login.gov/sign_up/cancel