IOC Report
http://anged.pages.dev/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:31:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:31:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:31:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:31:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun May 26 21:31:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 68
HTML document, ASCII text
downloaded
Chrome Cache Entry: 69
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x70, components 1
downloaded
Chrome Cache Entry: 70
ASCII text, with very long lines (522), with overstriking
downloaded
Chrome Cache Entry: 71
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 72
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 73
PNG image data, 400 x 600, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 74
PNG image data, 400 x 600, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 75
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x70, components 1
dropped
Chrome Cache Entry: 76
MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
Chrome Cache Entry: 77
ASCII text, with very long lines (544)
downloaded
Chrome Cache Entry: 78
ASCII text, with very long lines (7210), with no line terminators
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (1829), with no line terminators
downloaded
Chrome Cache Entry: 80
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 81
MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 82
GIF image data, version 89a, 1 x 1
dropped
There are 12 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2184,i,9567639934707349239,5249068664901002946,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://anged.pages.dev/"

URLs

Name
IP
Malicious
http://anged.pages.dev/
malicious
https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/ue-base-1c399ad9886cab69575e1
unknown
https://images-na.ssl-images-amazon.com/images/G/01/amazonui/sprites/aui_sprite_0007-1x._V383827579_.png
151.101.1.16
https://anged.pages.dev/
https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUI-3c913031596ca78a3768f4e934b1cc02ce238101.secure.min._V1_.css
151.101.1.16
https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/ue-base-1c399ad9886cab69575e1e5ee15c61a1._V313498596_.js
151.101.1.16
https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/csm-captcha-instrumentation.min.js
151.101.1.16
https://anged.pages.dev/favicon.ico
172.66.47.93
https://fls-na.amazon.com/1/oc-csi/1/OP/requestId=7EG795AX91W3JWTDQ9M5&js=1
3.228.116.235
https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496
unknown
https://fls-na.amazon.com/1/oc-csi/1/OP/requestId=7EG795AX91W3JWTDQ9M5&js=0
unknown
https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/rd-script-6d68177fa6061598e9509dc4b5bdd08d.js
151.101.1.16
https://images-na.ssl-images-amazon.com/images/G/01/csminstrumentation/
unknown
https://fls-na.amazon.com/1/batch/1/OE/
3.228.116.235
https://affiliate-program.amazon.com/gp/advertising/api/detail/main.html/ref=rm_c_ac
unknown
https://developer.amazonservices.com/ref=rm_c_sv
unknown
https://www.amazon.com/gp/help/customer/display.html/ref=footer_cou?ie=UTF8&nodeId=508088
unknown
https://images-na.ssl-images-amazon.com/captcha/qamfifum/Captcha_pcbtbhdjad.jpg
151.101.1.16
https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUI-3c913031596ca78a3768f4e934b1
unknown
https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/ClientSideMetricsAUIJavascript-51171fbdd28e1a7a61e922e8f0272af8bc74d37b.secure.variant-desktop-session-snapshot-keypress.min._V2_.js
151.101.1.16
https://fls-na.amaz
unknown
https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/
unknown
There are 11 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
anged.pages.dev
172.66.47.93
www.google.com
216.58.206.36
media.amazon.map.fastly.net
151.101.1.16
fp2e7a.wpc.phicdn.net
192.229.221.95
endpoint.prod.us-east-1.forester.a2z.com
3.228.116.235
images-na.ssl-images-amazon.com
unknown
fls-na.amazon.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.8
unknown
unknown
151.101.1.16
media.amazon.map.fastly.net
United States
192.168.2.4
unknown
unknown
216.58.206.36
www.google.com
United States
18.205.164.121
unknown
United States
239.255.255.250
unknown
Reserved
172.66.47.93
anged.pages.dev
United States
151.101.129.16
unknown
United States
3.228.116.235
endpoint.prod.us-east-1.forester.a2z.com
United States
44.199.175.147
unknown
United States

DOM / HTML

URL
Malicious
https://anged.pages.dev/