IOC Report
https://amsuite.amig.com/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:17:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:17:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:17:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:17:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 14:17:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 102
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 103
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 104
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 105
exported SGML document, ASCII text, with very long lines (1431), with CRLF line terminators
downloaded
Chrome Cache Entry: 106
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 107
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 108
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x23, components 3
downloaded
Chrome Cache Entry: 109
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 110
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 111
Unicode text, UTF-8 text, with very long lines (65305)
downloaded
Chrome Cache Entry: 112
exported SGML document, ASCII text, with very long lines (1429), with CRLF line terminators
downloaded
Chrome Cache Entry: 113
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 114
exported SGML document, ASCII text, with very long lines (1430), with CRLF line terminators
downloaded
Chrome Cache Entry: 115
Web Open Font Format (Version 2), TrueType, length 22420, version 1.0
downloaded
Chrome Cache Entry: 116
GIF image data, version 89a, 16 x 16
dropped
Chrome Cache Entry: 117
ASCII text
downloaded
Chrome Cache Entry: 118
ASCII text
downloaded
Chrome Cache Entry: 119
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 120
PNG image data, 200 x 90, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 121
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 253x71, components 3
dropped
Chrome Cache Entry: 122
ASCII text, with very long lines (321), with CRLF line terminators
downloaded
Chrome Cache Entry: 123
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 124
PNG image data, 377 x 157, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 125
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1x15, components 3
dropped
Chrome Cache Entry: 126
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 127
ASCII text
downloaded
Chrome Cache Entry: 128
PNG image data, 200 x 90, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 129
ASCII text, with very long lines (321), with CRLF line terminators
downloaded
Chrome Cache Entry: 130
HTML document, ASCII text, with very long lines (558), with CRLF line terminators
downloaded
Chrome Cache Entry: 131
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 253x71, components 3
downloaded
Chrome Cache Entry: 132
HTML document, ASCII text
downloaded
Chrome Cache Entry: 133
PNG image data, 377 x 157, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 134
ASCII text, with very long lines (39660)
downloaded
Chrome Cache Entry: 137
exported SGML document, ASCII text, with very long lines (1429), with CRLF line terminators
downloaded
Chrome Cache Entry: 138
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 139
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 140
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1x15, components 3
downloaded
Chrome Cache Entry: 141
PNG image data, 4 x 3, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 142
Web Open Font Format (Version 2), TrueType, length 20028, version 1.0
downloaded
Chrome Cache Entry: 143
ASCII text, with very long lines (5945)
downloaded
Chrome Cache Entry: 144
ASCII text, with very long lines (1572)
downloaded
Chrome Cache Entry: 145
HTML document, Unicode text, UTF-8 text, with very long lines (799), with CRLF line terminators
downloaded
Chrome Cache Entry: 146
exported SGML document, ASCII text, with very long lines (1430), with CRLF line terminators
downloaded
Chrome Cache Entry: 147
PNG image data, 203 x 50, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 148
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 149
GIF image data, version 89a, 16 x 16
downloaded
Chrome Cache Entry: 150
exported SGML document, ASCII text, with very long lines (1430), with CRLF line terminators
downloaded
Chrome Cache Entry: 151
ASCII text, with very long lines (4179)
downloaded
Chrome Cache Entry: 152
PNG image data, 4 x 3, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 153
PNG image data, 203 x 50, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 154
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 155
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 156
ASCII text, with very long lines (65299)
downloaded
Chrome Cache Entry: 157
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 158
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x23, components 3
dropped
Chrome Cache Entry: 159
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 160
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 161
exported SGML document, ASCII text, with very long lines (1429), with CRLF line terminators
downloaded
Chrome Cache Entry: 162
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 163
ASCII text
downloaded
Chrome Cache Entry: 164
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
downloaded
There are 58 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2356,i,9115679017048733320,5696935854005688796,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://amsuite.amig.com/"

URLs

Name
IP
Malicious
https://amsuite.amig.com/
https://amig.com/br/css/styles.css
209.173.132.53
https://content.amig.com/modernlink/index.php/archives/category/modernlink/holidaymsg/feed?feed=json&jsonp=jQuery1102023278112140827112_1714058260395&_=1714058260396
192.234.200.61
https://stats.g.doubleclick.net/g/collect
unknown
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-105877827-1&cid=1645480101.1714058282&jid=1614648432&gjid=1693215532&_gid=1214620920.1714058282&_u=YEBAAUAAAAAAACAAI~&z=131504902
172.217.215.156
https://cdn.jsdelivr.net/npm/bootstrap
unknown
http://docs.jquery.com/UI/Dialog
unknown
https://firms.modaps.eosdis.nasa.gov/usfs/map/#d:24hrs;
unknown
http://docs.jquery.com/UI/Effects/Clip
unknown
https://amsuite.amig.com/eidp/Authn/UserPassword
http://docs.jquery.com/UI/Effects/Transfer
unknown
http://www.amig.com/company/legal/internet-privacy-policy/
unknown
http://brandonaaron.net)
unknown
http://docs.jquery.com/UI/Accordion
unknown
https://ampcid.google.com/v1/publisher:getClientId
unknown
https://amig.com/br/img/Earthquake_Circle_Blue.png
209.173.132.53
https://amsuite.amig.com/cont/blank.html?HistoryLoad
http://docs.jquery.com/UI/Tabs
unknown
https://amig.com/br/js/main.js
209.173.132.53
https://www.google.com
unknown
https://amsuite.amig.com/cont/css/imgs/ftr-brdr.png
192.234.200.60
http://www.opensource.org/licenses/mit-license.php
unknown
https://github.com/twbs/bootstrap/graphs/contributors)
unknown
http://docs.jquery.com/UI/Effects/Blind
unknown
https://amsuite.amig.com/eidp/Authn/UserPassword#forgot-password
https://stats.g.doubleclick.net/j/collect
unknown
https://amsuite.amig.com/eidp/Authn/UserPassword#legal
https://amig.com/br/img/Flood_Blue_Circle%20copy.png
209.173.132.53
https://amsuite.amig.com/dispatcher/home.do
192.234.200.60
https://amig.com/br/img/ClaimsIcons-Hurricane.png
209.173.132.53
https://amsuite.amig.com/cont/css/imgs/ico_msg_error.gif
192.234.200.60
https://cdn.jsdelivr.net/npm/bootstrap@5.2.1/dist/css/bootstrap.min.css
151.101.1.229
https://amig.com/br/
https://amsuite.amig.com/Shibboleth.sso/Login?SAMLDS=1&target=cookie%3A1714058240_5587&entityID=https%3A%2F%2Famsuite.amig.com%2Feidp%2Fshibboleth
192.234.200.60
http://docs.jquery.com/UI
unknown
https://content.amig.com/modernlink/index.php/archives/category/modernlink/holidaymsg/feed?feed=json&jsonp=jQuery110206410002062362732_1714058246570&_=1714058246571
192.234.200.61
http://docs.jquery.com/UI/Effects/Highlight
unknown
https://amsuite.amig.com/eidp/AuthnEngine
192.234.200.60
https://adservice.google.com/pagead/regclk
unknown
http://www.amig.com/company/legal/privacy-notice/
unknown
https://amsuite.amig.com/ds/DS.html?entityID=https%3A%2F%2Famsuite.amig.com%2Fshibboleth-sp&return=https%3A%2F%2Famsuite.amig.com%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1%26target%3Dcookie%253A1714058240_5587
192.234.200.60
https://cct.google/taggy/agent.js
unknown
http://docs.jquery.com/UI/Effects/Fold
unknown
http://www.bajb.net/2010/02/browser-back-button-detection/
unknown
http://csscheckbox.com/checkboxes/u/csscheckbox_f60067e68146be412873f96f1d2458cd.png);
unknown
https://amsuite.amig.com/favicon.ico
192.234.200.60
https://content.amig.com/modernlink/index.php/archives/category/modernlink/holidaymsg/feed?feed=json&jsonp=jQuery1102011261230760315244_1714058264223&_=1714058264224
192.234.200.61
http://www.opensource.org/licenses/mit-license.php)
unknown
https://amsuite.amig.com/
https://www.google.%/ads/ga-audiences
unknown
https://amig.com/br/img/ClaimsIcons-FireDamage.png
209.173.132.53
https://amsuite.amig.com/cont/js/backfix.min.js
192.234.200.60
http://docs.jquery.com/UI/Effects/Drop
unknown
https://www.weather.gov/
unknown
https://amsuite.amig.com/cont/css/login-page.css
192.234.200.60
http://docs.jquery.com/License
unknown
http://docs.jquery.com/UI/Sortables
unknown
https://amig.com/br/img/Icons-FAQ.png
209.173.132.53
http://jqueryui.com/about)
unknown
https://stats.g.doubleclick.net/g/collect?v=2&
unknown
http://www.gnu.org/licenses/gpl.html
unknown
http://docs.jquery.com/UI/Selectables
unknown
http://docs.jquery.com/UI/Effects/Slide
unknown
https://content.amig.com/modernlink/index.php/archives/category/modernlink/holidaymsg/feed?feed=json&jsonp=jQuery110204429335698562853_1714058291261&_=1714058291262
192.234.200.61
https://amsuite.amig.com/cont/js/common.js
192.234.200.60
https://amsuite.amig.com/cont/imgs/logo.png
192.234.200.60
https://amsuite.amig.com/cont/blank.html
http://sizzlejs.com/
unknown
https://content.amig.com/modernlink/index.php/archives/category/modernlink/holidaymsg/feed?feed=json&jsonp=jQuery1102020260493755038111_1714058286296&_=1714058286297
192.234.200.61
https://amsuite.amig.com/cont/js/jquery-1.3.2.custom.min.js
192.234.200.60
http://www.amig.com/company/legal/legal-terms/
unknown
http://amig.com/rAMp/
unknown
https://amsuite.amig.com/eidp/profile/SAML2/Redirect/SSO?SAMLRequest=fZLNboMwEIRfBfkOJhY0lRWQaHJopLRBgfbQS2XMJlgCm3pNf96%2BJKRVemhuljw7s%2FNpFyi6tufZ4Bq9g7cB0HmfXauRnz4SMljNjUCFXIsOkDvJi%2Bxhw1kQ8t4aZ6RpiZchgnXK6KXROHRgC7DvSsLTbpOQxrkeOaWiw0E5CESnDoE0HS0aVVWmBdcEiIYefRnNt0VJvNW4iNLiaHnFAFTd03GLvWrhPL6DWlmQjhbFlnjrVUJeb6HaxzcVCBbN6yqKwpABi2MxC8eX3MtRhjjAWqMT2iWEhSzyw8hncTmL%2BWzOGXshXn4ue6d0rfThOplqEiG%2FL8vcnyo9g8VTnVFA0sWRLz8F2wvi123FD2aS%2FssEf6H62C%2FoRcyU2fPH0Xe9yk2r5JeXta35WFoQDhIyIzSdRv6eRPoN&RelayState=cookie%3A1714058240_5587
192.234.200.60
https://amsuite.amig.com/cont/css/imgs/lgn-bg.jpg
192.234.200.60
http://www.opensource.org/licenses/gpl-license.php)
unknown
http://docs.jquery.com/UI/Resizables
unknown
https://amsuite.amig.com/cont/css/global.css
192.234.200.60
http://docs.jquery.com/UI/Effects/Shake
unknown
http://docs.jquery.com/UI/Datepicker
unknown
https://amig.com/br/img/AMIG-Logo_MRE_Sept2019.png
209.173.132.53
http://docs.jquery.com/UI/Droppables
unknown
https://amig.com/br/img/ClaimsIcons-Other.png
209.173.132.53
https://cdn.jsdelivr.net/npm/bootstrap@5.2.1/dist/js/bootstrap.bundle.min.js
151.101.1.229
https://amsuite.amig.com/cont/imgs/chat_open.jpg
192.234.200.60
https://amsuite.amig.com/cont/js/cookie.js
192.234.200.60
https://amsuite.amig.com/launch/launch.html
192.234.200.60
https://modernlink.amig.com/training/index.html
unknown
https://amsuite.amig.com/cont/css/default.css
192.234.200.60
https://water.weather.gov/ahps/
unknown
https://amsuite.amig.com/eidp/Authn/UserPassword#forgot-username
https://github.com/twbs/bootstrap/blob/main/LICENSE)
unknown
https://content.amig.com/modernlink/index.php/archives/category/modernlink/holidaymsg/feed?feed=json&jsonp=jQuery110205279943056371879_1714058296236&_=1714058296237
192.234.200.61
https://amsuite.amig.com/cont/css/imgs/blue-yellow.jpg
192.234.200.60
https://tagassistant.google.com/
unknown
http://docs.jquery.com/UI/Effects/Bounce
unknown
https://amsuite.amig.com/cont/imgs/Trouble_logging_in_button.png
192.234.200.60
https://getbootstrap.com/)
unknown
http://docs.jquery.com/UI/Slider
unknown
http://docs.jquery.com/UI/Effects/Pulsate
unknown
https://content.amig.com/modernlink/index.php/archives/category/modernlink/holidaymsg/feed?feed=json&jsonp=jQuery11020024077612729670683_1714058268283&_=1714058268284
192.234.200.61
http://docs.jquery.com/UI/Effects/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
jsdelivr.map.fastly.net
151.101.1.229
bg.microsoft.map.fastly.net
199.232.214.172
www.google.com
108.177.122.105
amig.com
209.173.132.53
fp2e7a.wpc.phicdn.net
192.229.211.108
amsuite.amig.com
192.234.200.60
content.amig.com
192.234.200.61
stats.g.doubleclick.net
172.217.215.156
cdn.jsdelivr.net
unknown

IPs

IP
Domain
Country
Malicious
151.101.1.229
jsdelivr.map.fastly.net
United States
172.217.215.156
stats.g.doubleclick.net
United States
172.253.124.157
unknown
United States
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
192.234.200.60
amsuite.amig.com
United States
209.173.132.53
amig.com
United States
192.234.200.61
content.amig.com
United States
108.177.122.105
www.google.com
United States

DOM / HTML

URL
Malicious
https://amsuite.amig.com/
https://amsuite.amig.com/cont/blank.html
https://amsuite.amig.com/eidp/Authn/UserPassword
https://amsuite.amig.com/eidp/Authn/UserPassword
https://amsuite.amig.com/cont/blank.html?HistoryLoad
https://amsuite.amig.com/eidp/Authn/UserPassword#forgot-password
https://amsuite.amig.com/eidp/Authn/UserPassword#forgot-username
https://amsuite.amig.com/eidp/Authn/UserPassword#legal
https://amig.com/br/