Windows Analysis Report
https://guxidrookr.com/afu.php?zoneid=7362731&var=7362731&rid=t1eCDm1Kj0NxRQhdnxrJqw%3D%3D&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=130.0.6723.59

ID:	1562230
Product:	CloudBasic
Start time:	11:26:31
Start date:	25.11.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	53298A4F5898D98E95F8630195E55793	E208EE5FA2F8CAF0716FDD414AB5CC7F7D43075B	A069A86AE1A6FA17931918DB8D11762CA67FB9C8C43506C253591921AAC363D2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:27:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	007A06F7ACD646CFD13FCD79E0FE8675	E833A9F2C24C6D5AE495AD03A4DA2115E711DD98	E5D02768FF12EEADA5920CA91FC8C1E57A9FB1E770683E216A3DE1D1CFE58540
Chrome Cache Entry: 100	ASCII text, with very long lines (518), with no line terminators	44F765C3A1DD07CD22976A83DE1F3B7F	5D6BE0C8DFF18A12091389A141C986C467141F75	9528347301E7B95C857E757982F0DF2C444F3634BEC61131EEF9FA34C6DA3E53
Chrome Cache Entry: 101	ASCII text, with no line terminators	9BF8FE9496946479C71CE3918E70A562	8A18ACD5DC8AF86EFA053F9467C6DF03DFAA9528	0DA034E524E2F27CBC05460EB50205DAB5CBE3E8AF8A67202918ED5FD3BD4E2A
Chrome Cache Entry: 104	Unicode text, UTF-8 text, with very long lines (65159)	A22B301C2249731CFA148F277041D749	9A6C010C312925E599A61048FEE6FE3817736BFA	6A5AA0BE55497F803FF6A03DF2F88717D2321FA7B0F778A6E79B2DF8903916D0
Chrome Cache Entry: 105	ASCII text, with no line terminators	FE8B1CB02CF5381B52FF1C80A75335AE	4B2784BA74C05076FC90EEEAF7ACAB6971068844	9FFB790B5BCA3B0F49299459314C09741B14F47798EA415513A400C5D20D5CD1
Chrome Cache Entry: 106	ASCII text, with very long lines (2037), with no line terminators	493448C8CFA0E9FB93AF148286D0E6A4	60E575170F2D62FF01311F1B9E2A2EF32589A4C3	CB62B25933A788FB69D6A0521F8B673BFC625C21DE9646F93D2945FE0CEDCE1C
Chrome Cache Entry: 107	Web Open Font Format (Version 2), TrueType, length 88796, version 3.13107	B266EEB59BFF42BA6D0AC2218D0EB0CF	BC283FA17256D2DC964E62DFFE41CD0FA88AF33E	D6BE9D7D0962E6A8193A94843BE1E9001D4388F63E58B455120B44809F42662D
Chrome Cache Entry: 108	Unicode text, UTF-8 text, with very long lines (29869)	A6B921991B7460225052872598A208F1	CDD0CAE91BF174FC32E10F8050D86F110CDC4E69	1E589330BFEB3738300C3C79D0BD373CD6F17CD8904927C7B99A06DE2D1E647E
Chrome Cache Entry: 109	Unicode text, UTF-8 text, with no line terminators	283C976D824DFF7448A164F251CDECEA	C1D3B1C5DAEA7B5748047794E8D108C536BB4DE6	0C2BBF7BC6296BA8193BF659B36BE68C1CB6B49C660D1D20E918AE50239603BC
Chrome Cache Entry: 110	Unicode text, UTF-8 text, with very long lines (27124)	D942A77D168BA63AED03D3B7B0F5A319	1E9CDDC1BC603CBBD517F8042CBBFBCEE08B69C0	7512C768859D360994577E27EBE5322CD0D09A5658C3A4D865D1036EA23F722D
Chrome Cache Entry: 111	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	815BC7ED661E0465A634D68BC244FDD7	F96287876E82185D9E09D08CFECAE434C6375E4C	EF181E9B6A58D8F36EBFC6ACD589D2F94D371AF0CB2C68E17032EDEBDAED99A0
Chrome Cache Entry: 112	JSON data	D3D22A2C483EA5BF5E1B887D19B710E9	31E5F0A94EAC2CCFF4801AA97255701460C3C078	4C7BF259CF71E49AA671EA413172DA39DCD72C8B7E34948C01E21F5585370602
Chrome Cache Entry: 113	ASCII text, with very long lines (26071)	F0C45D3C91E0F6C77AE09BAF8D46FDD0	21BCBCE95418B8A38AD6871BAA9E5091EFA8EC4C	6017D9219CF56C3516ABC7D3790B268D8BC41C968BDCDCE0D866290EF11D60C6
Chrome Cache Entry: 117	ASCII text, with very long lines (502), with no line terminators	78D1C9B95233184BC4029B7520BE9E31	0EA5936F531839EC68769FD1DE4DA4B64B789DC7	0B9C1CE7A0C734069CB1851B786BAAE966BE5D2ADBE767AF8BEB058C7ABFC663
Chrome Cache Entry: 119	GIF image data, version 89a, 1 x 1	AD4B0F606E0F8465BC4C4C170B37E1A3	50B30FD5F87C85FE5CBA2635CB83316CA71250D7	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
Chrome Cache Entry: 120	GIF image data, version 89a, 64 x 64	0196EA1379ABD05D71E1C6756F6440C9	F8DF49B03B2B27BC3448BF20AF6FC1E55979D2D7	CB3D2B84C1E5E7E900E3787C4AAE011D4B48FB21197AB322C848592C127A24C3
Chrome Cache Entry: 121	ISO Media, AVIF Image	DD470CB3C5D60AA55F0BF305AAA8806C	499A5DB13B304D46DA8E19537C18FFC6B8E659B4	7C43993C5FF01BE68636FB143AD84ACF703D0DDC78CC74E5B55A393EC0730A23
Chrome Cache Entry: 122	exported SGML document, Unicode text, UTF-8 text, with very long lines (32049)	C44F4262CE1C50455983B7A024EEDF31	7DBD853FAECA174833FE8657FE22F3FC75FEC4FE	BBAB07692F6F478F984ED82997EE53E638B42104B0EB20BADFD29D95408D4C4F
Chrome Cache Entry: 123	ASCII text, with very long lines (13306), with no line terminators	6E5346AE79EC60A7B7F295C1BF30AFB3	D53529070E499A7E2EA29E4F139103D7D35F900D	1FA9E00DDF33CEB2CF585D78234E72FDD0EC707E16E46213352E4BAC5B74D4F0
Chrome Cache Entry: 125	C source, Unicode text, UTF-8 text, with very long lines (15477)	100AA195258803C3BEA14BF28E196BD3	E502B3A1A6C4D6EC37340EEB24C02076C682AF06	CE4E89490AB3CD17729D4B49159A98089E9574BB080F817BBB233EFF8A2FC1DF
Chrome Cache Entry: 132	JSON data	5D958B6C973507A3DEC7EA0273A700AB	3D13A891900423A3A8D72B41FBD3CC643DE2B8D9	E591B7E5AFE55BDA912BBA23C8B1B9BF657E17E90723A37A3011D7535EED38B8
Chrome Cache Entry: 134	ASCII text, with very long lines (65536), with no line terminators	0DAEAB3C022D1C8A732EBECD4289F1CE	4F3BD0D4DE6DF9B5432381F34DC4F5132C1EB269	F400B0EE88C6617B312B97C39F5445BCBD9FA3E6260CEBB21FFEC9F45277D35D
Chrome Cache Entry: 136	Unicode text, UTF-8 text, with very long lines (65497), with no line terminators	73A8B15E35490AE162FEBBF27D9EB648	29F940F219276D5D7BC1AEC1810567FBD8E3B3F5	F7AA4902A94889AC6315E33DFBC765FEF0125902125DF93B2A9AAB2854A09DFC
Chrome Cache Entry: 137	ASCII text, with very long lines (65536), with no line terminators	0B2344B15CA9090CF913576F7B571711	68BC1711C900FF239B57942A74D4E097F831BE3B	202B83D9D74A9FD76342730C09969DA467E4A476453C578C6F89E05D2A7652D3
Chrome Cache Entry: 138	Unicode text, UTF-8 text, with very long lines (23200)	8ADBF224625512241D1FF5825E1FA7D5	CAE1052AC4AF5756DAC79B92D1B42E1EABB7B687	504F0D2561C02EF18A5B99932B40C1FA5C44E5D6C5E8D6FDD07079C3BD699211
Chrome Cache Entry: 140	ASCII text, with very long lines (10505)	759EDE470D798590D1C59EAAB9203D84	8184A9098743CFC7127E345FB24464497CE68E1E	C7B8CCCCDD3525F279B4F3ADBE435245F9F6660C85661B13FCCF4AA48F58729A
Chrome Cache Entry: 141	ASCII text, with very long lines (7324), with no line terminators	A84F030EF757122DE89C6A7F436DFBEE	7A2C053051657D5E238CFA1BAE4B6C439C40F115	BB6D9E9AF1F991111DBB5849F2F10DAEC8D981F91E577FC3E29FC92805F9D21D
Chrome Cache Entry: 143	HTML document, Unicode text, UTF-8 text, with very long lines (3110), with CRLF, LF line terminators	0632F5D75C4264BAF668A2F3AB568120	7B9E412D673A4E2B7D2AC3B2057B288215FF580C	0BE4A1573A62F90BE5BF6B543F702C6253A8B9B4A0731042587525AEAFE21F16
Chrome Cache Entry: 145	ASCII text, with very long lines (12757), with no line terminators	5FB90EFA4276FDF9F5C0D69A07F954DB	2AAF0CB0BAEA2724A9C98A4345E8B6079569B1E2	59DCF93F576317E657C29B91D36BCFCD85B052DF3931C7FFBD4145BE407C935C
Chrome Cache Entry: 147	Unicode text, UTF-8 text, with very long lines (4933), with no line terminators	59389E108F13D11641ECFB9E9F6E33A5	11D37C6849CC70A893A608496628EF962D0706D9	6723396135556284FA4B498C0FA501EF62630D6CB6CF0C1AEAE2D297050D392B
Chrome Cache Entry: 148	ASCII text, with very long lines (1063), with no line terminators	059E9259EBFF6E9652A053F064B7AC58	0C062ACC77BC0941F6D6BB2D1ED0E4B00655C7A7	6073F57FDC1BC01584E97C2E66E4BC75C46C6A9013D951DC1A489450F00EF845
Chrome Cache Entry: 149	C source, ASCII text, with very long lines (65103)	FA4C76A7FDE62B18054CF7EB8E946012	B20150066A879D2B78DD3D4908F4ACD148EE66F8	09EBD7F407439990AAC227E70DA23E1A819E8E30282928E324370805F480BEC4
Chrome Cache Entry: 150	ASCII text, with very long lines (3968), with no line terminators	A885F58776B5D0E9F7B024BBAB7B1F28	739FF9E1C2C9C270FF9E175F3666C62336D22D41	8A0FA0A00ABEE50213A671B2BF93147451D226B39083E496E80BF0AC27E8BB39
Chrome Cache Entry: 151	ASCII text, with very long lines (1261), with no line terminators	82839A193E94D4660616877BC2AAF61E	1EDED26DDCEB0BB7AF0C39F3B967792114B03EEB	C981F86BBCB436CEF962B9555081B7AC5F4C122BBB45B867041F9344159DD5F8
Chrome Cache Entry: 152	ASCII text, with very long lines (7100), with no line terminators	8124C7F4F0F2C300B934B59DBD12D2DB	8611EC259F80852044FC74A91E05FAFB20D28EA3	639A1E6743CF4347B8C3364C2FB08AC3A89DDF986B1E624233C2462FE218601F
Chrome Cache Entry: 153	GIF image data, version 89a, 1 x 1	B4491705564909DA7F9EAF749DBBFBB1	279315D507855C6A4351E1E2C2F39DD9CD2FCCD8	4E0705327480AD2323CB03D9C450FFCAE4A98BF3A5382FA0C7882145ED620E49
Chrome Cache Entry: 155	RIFF (little-endian) data, Web/P image	209E6A2C24E170907B23A14BA56ABD3C	955D624AB60455513B93A42715AE9AEE845CE7EB	09F5779EDAE11599769E513E71AF6039DBE57BA92923C593AF446879673AC073
Chrome Cache Entry: 156	Web Open Font Format (Version 2), TrueType, length 87840, version 3.13107	C2B24A8D715C1CA28F4EBB90EC275076	925A74C4062B8EFA200EF9C80BA8DA7D7CB7CFB4	64962E6FB7A135545A250167EB0E2D4A7940468EE6146665E9EB11AFF4DB9C38
Chrome Cache Entry: 157	ISO Media, AVIF Image	24FDBBE5166A53BACC707C93C28F2080	6CF5ABE9908CB8993D39C73BFFD4186F5B038C5D	ED1F3CA8BDAA2FB78FC141B6177F62471694268C5DABC136C8C1BF0B440F7CF2
Chrome Cache Entry: 160	RIFF (little-endian) data, Web/P image	8A8ACF56ABF1D325837652B59E3E5A67	512DD50FE7B0A05FF151DE002A46E95E444BA9CA	71B67CA5B717EAAA0FFD2BC61233DA9E4F84AAE6A57FA51D613DE80E627432E7
Chrome Cache Entry: 92	ISO Media, AVIF Image	89C96450DCD0BBC46A233CB1C450EEFD	4BE9BD4F6CCC517580322B0A4DA26D908C08F1FE	AC449DA59710528F8A82139F082F0FC329C6CAA5A88CE5DF389B56D5F58BAA23
Chrome Cache Entry: 93	Unicode text, UTF-8 text, with no line terminators	8930A2EFEAC01DFC6D91568383A283A7	CB661F313CCD8E845CA176824915D082513F8BC6	63012C0BDEA75A271AF0A9E0525D2773D89C91340B916BBA66E1ADD647AB33AD
Chrome Cache Entry: 94	ASCII text, with very long lines (3424), with no line terminators	FBABF6D9379849359D4BBB1568436804	574185A1C50D9FBCEE23FB89482B40A89F3256A6	1FEF2B59C80D940770E93074F9D039667BB3B7A95F8BF1BF18327263CE45E09D
Chrome Cache Entry: 95	Unicode text, UTF-8 text, with no line terminators	C20B6A7F4BA48F948092E3F9DAEA5422	A5B3B866AC2AE3461DF7E5542EE7F4109615C75C	0E15ED34B700F88EB567355B4B76805D48113E1F0EE1F91407CB7D81BC0EF8C6
Chrome Cache Entry: 97	RIFF (little-endian) data, Web/P image	CC8AFCE220FE851BD9F9765B5C8954CA	A62C6130DC977F723106EB6874B2EDDCB6A68D9E	BFADDA2941C02BFCFC7E86EF2C0AE97225345947240B17C60D12AF3E108CA89F
Chrome Cache Entry: 98	Unicode text, UTF-8 text, with no line terminators	8E7912B94F7A4AD23370C4EA10D707FE	A18C86B01187A27B11794E8A23D867A47B00E2A1	03FC2E7DF18DFC6DD0BC803A158439AAA73885CE2347F71F409E851DEB287645
Chrome Cache Entry: 99	ASCII text, with very long lines (13029), with no line terminators	B97DB9AE0E182D7C7CFD2CDC4A38C111	C74A6A7E6A26864C564BFAF191AC80A100943505	FE96C8931CD855DF2DBF69ABCA804E1286381BCD1071488715CE271EC5DAE410

Phishing

Source: https://guxidrookr.com/afu.php?zoneid=5117836&var=5117836&rid=t1eCDm1Kj0NxRQhdnxrJqw%3D%3D&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=117.0.5938.132

HTTP Parser: {"sync":"L\u001bRR\u001f\u001c&\u001c\u0014\u0005g\u001f\u001cK\u0012\u0003\u0001\u0005P\u000eL_\u0003\u0001l\u0004%+?JY@J\u0000[\u0003C+ ,>qNEpV\\Q\u0016\u0001UH#\u0017T\u0002\u0018WA[@X\\\u0004NEdNZP\u000e7\u0011\t\u0011\u0007JI=\\\u0017\u0003\r\u000eR\u001c=\u0018UCVD\u0015MY@E\u001a\bYI\t\"Z*.[\u001dBMdNZP\u000e7\u0011\t\u0011\u0007JI\u001dK\b\u001c\u000b\u0019[\u0016BOEO\u0011\fX#\u0016\u0007\u0012\u000e]I0W\u0002DNC5[\u0001\n[\\\u001a\u0014VF\u000b\u0018\u0005@\u0002^U\u001b\u0015\u0010\u0001IH\u0007^]\u001b\u001bDAX^HZMR\u0014K\u000eQCPWSF\u0018L\u001a^N\u0011\fKVAXY@O\u0000\u0011\u001b[S^\\^\u0016\u0019\u0015\u0015\u0003\u0003\u001aX\u0013\u0000JOR\u0014K\u0010ACP^GPC\b\u000e\u0015\u0003\u0003\u001aX\u0017\u0018\u0000WX\u0001QM\u0015C\u0019\u0006IH\u0005^_\u0003\u0015\u0011E\rFCYGZ\bE[J\u0000\u001dLQC\u0006V]\u001b\u001bGE%\u0000\u001c\u001c\u0010\u0001L\f\u001d\u001b[ZBI\u0018G\u001b\f\u0015\u0003\u0011{\u0015\u001e\u0010\u0004\u0019\u0003\u0017\\W\tAB9\u0002\u001cP\u0001\u001aD\u0019}bZUIFEY\u0018>\u0010WW^UK\n\u0002ZD\u0017xCF\u0016\u0001.\r\u0017)Q\u001dV\fR]@XD\u0014F&m~zVD\u0015\u0001\u001e\u0007\u0018.\u001cZ\n\u0005GK1\\\u001c\u0002Z\\\u001c\u0007KSWX[R\u0016YYj\u0000\f\u000f\u0019\u001b\u001b[^\u0000\u0017\u0000\u0000XH[\u0006\u0005@\u0002XU\u001b\u0011\u000eLQP]\u0000\u0019RK]W\u0016I\t\f\u0013ON\u0000\u001cN\u0004\u0018T\u0002\u0001d'V^WGS\b\n\u0018\u0004X\u0012\\\u000fTO\b\u000f\u0019\u000e\u0000\u000e\u0007\u001egp\b_\u0014\u0010\u001c\u001a\u001b\u0003TD\t]\u0007G\u0018\u0002\u0017C\u000b\u001f\rP@f3_\u0010\u0006\u0001\u0007J\u0007\u0018UL\u001a\n\r_B\u0007\b@\\A\f\u0013\u0017)!N\u000bV\u001d\u001cK\u000f\u000b\u0002F\u0002P\b@APVA\u001f\u0016C\u0001\u00062qR[\u0015C\u001f\u0007\u000fP\u000e\u0000\u0018[U\u001f\u0014\u001e\u0016\u001fJO@\u001aE[I\rHTI\u001a@\u001a\u001dD\u0003\u001c\u0019\u001d\u0011\u0001\u0001\u0011\u0010W\u0006\u0012KO\t\u0001\u0006]U\b\u0018\u0019I[FE\u001e\u0016\u0006\u0010\u000b\\TN\nWXYXC\u0012\u0018\fE\u0004\u0004\u0005LVN[DDJ\u0000\u001d\u0004\u0015[\u000b(6Y_&]\t}N(5\u0011\f\u001b\u001aJ#\bNDY*NApH\u001f_]\u000eP\u001b\b\n\rS\u0003Z[\u000b\u0004QL\u001d\rO\u0005H\u0002D\u0004D_\u0014\u0000\u0016\u001f\u0006DW\u001a&O\u0004\u0018\u001d\u0002\u001dZS\\\u0007\u0017\u0003\u0018JB\u0010\u001b*\u000fW\u000b\u0010U\u0004W\b\n\u001eG\u000bKUK\\A\t\u0001\u000b7\u0003\u0007J\u001a\u0010V\u000fW_XB\u001a^C\u0001\u000e\u0001\u0005TQ@JY@V\u000e[\u0003PFL\u001f\b\u0016TOvTVD\u0013\u0007\u0018G;\u0007O6 V\u0013\u0001LGPZ\fO\r\b\u001f\u0014\u0014\u0005\tJO@o\u0000\u0017\nSHBI\u0002@LW\u0007\u0015\u0011S\f\u0005\u0015JOQ\u000bE[Q\u0002HT_^\u0016\n\u0000\u0015\u0003\u000b\u001aX\u0016\r\u001cWX\u000fYI\u0015C\t\u00064\u001dV\u0004O\r\b\u001f\u0014\u0014\u0013[RDN\u001a\u001e\u001d\u001b[\f\u000f\u0007\u0001QBOXJPF\u000fFC\u0006\u0000\u000eTE[Q\b\u000e\n\u000e\u001c\u0016T\u000bVU@SVF\u001a\u0000*\rZ\u0003&P\u000f\u000e\u000b\u0013P\u000e\\]\u0006\u0015\u0011A\u0013\n&\u0003\u0010\u001bK6\u0015\\\u000f\r\u001a\u0003

Source: https://guxidrookr.com/afu.php?zoneid=5117836&var=5117836&rid=t1eCDm1Kj0NxRQhdnxrJqw%3D%3D&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=117.0.5938.132	HTTP Parser: No favicon
Source: https://www.aliexpress.com/gcp/300001528/Aliexpress?af=5117836&dp=884859354854208336&aff_fcid=2a2d056ded7449deb4b1e03aeae0681f-1732530433059-09086-_DFAXD1L&tt=CPS_NORMAL&aff_fsk=_DFAXD1L&aff_platform=portals-promotion&sk=_DFAXD1L&aff_trace_key=2a2d056ded7449deb4b1e03aeae0681f-1732530433059-09086-_DFAXD1L&terminal_id=f78e7eccfee04260adeda225dc2b889b&wh_html=csr&forcebottom=true&aff_downgrade=true&wh_ttid=pc&OLP=1094500508_f&o_s_id=1094500508	HTTP Parser: No favicon
Source: https://www.aliexpress.com/gcp/300001528/Aliexpress?af=5117836&dp=884859354854208336&aff_fcid=2a2d056ded7449deb4b1e03aeae0681f-1732530433059-09086-_DFAXD1L&tt=CPS_NORMAL&aff_fsk=_DFAXD1L&aff_platform=portals-promotion&sk=_DFAXD1L&aff_trace_key=2a2d056ded7449deb4b1e03aeae0681f-1732530433059-09086-_DFAXD1L&terminal_id=f78e7eccfee04260adeda225dc2b889b&wh_html=csr&forcebottom=true&aff_downgrade=true&wh_ttid=pc&OLP=1094500508_f&o_s_id=1094500508	HTTP Parser: No favicon
Source: https://www.aliexpress.com/gcp/300001528/Aliexpress?af=5117836&dp=884859354854208336&aff_fcid=2a2d056ded7449deb4b1e03aeae0681f-1732530433059-09086-_DFAXD1L&tt=CPS_NORMAL&aff_fsk=_DFAXD1L&aff_platform=portals-promotion&sk=_DFAXD1L&aff_trace_key=2a2d056ded7449deb4b1e03aeae0681f-1732530433059-09086-_DFAXD1L&terminal_id=f78e7eccfee04260adeda225dc2b889b&wh_html=csr&forcebottom=true&aff_downgrade=true&wh_ttid=pc&OLP=1094500508_f&o_s_id=1094500508	HTTP Parser: No favicon

Compliance

Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49806 version: TLS 1.2

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.24.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: guxidrookr.com
Source: global traffic	DNS traffic detected: DNS query: yonmewon.com
Source: global traffic	DNS traffic detected: DNS query: my.rtmark.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: s.click.aliexpress.com
Source: global traffic	DNS traffic detected: DNS query: www.aliexpress.com
Source: global traffic	DNS traffic detected: DNS query: ae01.alicdn.com
Source: global traffic	DNS traffic detected: DNS query: assets.alicdn.com
Source: global traffic	DNS traffic detected: DNS query: fcmatch.youtube.com
Source: global traffic	DNS traffic detected: DNS query: cm.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: fcmatch.google.com
Source: global traffic	DNS traffic detected: DNS query: hd.mmstat.com
Source: global traffic	DNS traffic detected: DNS query: gj.mmstat.com
Source: global traffic	DNS traffic detected: DNS query: dmtracking2.alibaba.com
Source: global traffic	DNS traffic detected: DNS query: fourier.taobao.com
Source: global traffic	DNS traffic detected: DNS query: acs.aliexpress.ru
Source: global traffic	DNS traffic detected: DNS query: pcookie.aliexpress.com
Source: global traffic	DNS traffic detected: DNS query: ae.mmstat.com
Source: global traffic	DNS traffic detected: DNS query: bottom.campaign.aliexpress.com
Source: global traffic	DNS traffic detected: DNS query: acs.aliexpress.com
Source: global traffic	DNS traffic detected: DNS query: s.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: c.go-mpulse.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49806 version: TLS 1.2

System Summary

Source: classification engine

Classification label: clean1.win@18/48@71/247

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1956,i,13104084888480983534,452747712723262941,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://guxidrookr.com/afu.php?zoneid=7362731&var=7362731&rid=t1eCDm1Kj0NxRQhdnxrJqw%3D%3D&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=130.0.6723.59"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1956,i,13104084888480983534,452747712723262941,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk