IOC Report
https://google.com/amp/s/login.sharesyncportal.tech/dmYzPMej

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 16:50:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 16:50:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 16:50:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 16:50:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 16:50:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1047533516\Google.Widevine.CDM.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1047533516\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1047533516\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1047533516\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1700762260\LICENSE
ASCII text
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1700762260\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1700762260\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1700762260\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_1700762260\sets.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_260536069\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_260536069\cr_en-us_500000_index.bin
data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_260536069\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_260536069\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_719969287\Filtering Rules
data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_719969287\LICENSE.txt
ASCII text, with CRLF line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_719969287\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_719969287\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping6756_719969287\manifest.json
JSON data
dropped
Chrome Cache Entry: 209
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
downloaded
Chrome Cache Entry: 211
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449703
dropped
Chrome Cache Entry: 212
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57443
downloaded
Chrome Cache Entry: 213
ASCII text, with very long lines (32058)
downloaded
Chrome Cache Entry: 214
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 216
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
downloaded
Chrome Cache Entry: 217
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 219
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
downloaded
Chrome Cache Entry: 225
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
downloaded
Chrome Cache Entry: 226
ASCII text, with very long lines (65450), with CRLF line terminators
dropped
Chrome Cache Entry: 228
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113401
downloaded
Chrome Cache Entry: 229
ASCII text, with very long lines (8087), with no line terminators
downloaded
Chrome Cache Entry: 231
ASCII text, with very long lines (2054)
downloaded
Chrome Cache Entry: 232
PNG image data, 98 x 81, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 233
ASCII text, with very long lines (46090)
downloaded
Chrome Cache Entry: 235
ASCII text, with very long lines (8147), with no line terminators
dropped
Chrome Cache Entry: 236
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 237
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 238
HTML document, ASCII text, with very long lines (3452), with CRLF line terminators
downloaded
Chrome Cache Entry: 239
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 240
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 242
ASCII text, with very long lines (512)
downloaded
Chrome Cache Entry: 243
HTML document, ASCII text, with very long lines (4585)
downloaded
Chrome Cache Entry: 244
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
downloaded
Chrome Cache Entry: 247
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 251
ASCII text, with very long lines (47459)
downloaded
There are 41 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://google.com/amp/s/login.sharesyncportal.tech/dmYzPMej
malicious
https://login.sharesyncportal.tech/dmYzPMej

Domains

Name
IP
Malicious
login.sharesyncportal.tech
172.67.73.159
 malicious
ywnjb.sharesyncportal.tech
172.67.73.159
google.com
172.217.18.14
a.nel.cloudflare.com
35.190.80.1
s-part-0036.t-0009.fb-t-msedge.net
13.107.253.64
www.sharesyncportal.tech
104.26.10.211
challenges.cloudflare.com
104.18.95.41
sni1gl.wpc.omegacdn.net
152.199.21.175
www.google.com
216.58.206.68
s-part-0039.t-0009.t-msedge.net
13.107.246.67
identity.nel.measure.office.net
unknown
aadcdn.msftauth.net
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
172.67.73.159
ywnjb.sharesyncportal.tech
United States
malicious
142.250.185.99
unknown
United States
172.217.16.202
unknown
United States
34.104.35.123
unknown
United States
1.1.1.1
unknown
Australia
13.107.246.67
s-part-0039.t-0009.t-msedge.net
United States
172.217.18.14
google.com
United States
192.168.2.17
unknown
unknown
104.18.94.41
unknown
United States
104.26.10.211
www.sharesyncportal.tech
United States
104.18.95.41
challenges.cloudflare.com
United States
142.250.185.106
unknown
United States
216.58.206.68
www.google.com
United States
192.168.2.5
unknown
unknown
142.250.181.238
unknown
United States
64.233.167.84
unknown
United States
2.19.126.143
unknown
European Union
239.255.255.250
unknown
Reserved
142.250.185.163
unknown
United States
142.250.185.142
unknown
United States
13.107.253.64
s-part-0036.t-0009.fb-t-msedge.net
United States
152.199.21.175
sni1gl.wpc.omegacdn.net
United States
35.190.80.1
a.nel.cloudflare.com
United States
142.250.184.202
unknown
United States
There are 14 hidden IPs, click here to show them.