IOC Report
https://guxidrookr.com/afu.php?zoneid=7362731&var=7362731&rid=t1eCDm1Kj0NxRQhdnxrJqw%3D%3D&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=130.0.6723.59

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:27:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
ASCII text, with very long lines (518), with no line terminators
downloaded
Chrome Cache Entry: 101
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 104
Unicode text, UTF-8 text, with very long lines (65159)
downloaded
Chrome Cache Entry: 105
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (2037), with no line terminators
downloaded
Chrome Cache Entry: 107
Web Open Font Format (Version 2), TrueType, length 88796, version 3.13107
downloaded
Chrome Cache Entry: 108
Unicode text, UTF-8 text, with very long lines (29869)
dropped
Chrome Cache Entry: 109
Unicode text, UTF-8 text, with no line terminators
downloaded
Chrome Cache Entry: 110
Unicode text, UTF-8 text, with very long lines (27124)
dropped
Chrome Cache Entry: 111
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
downloaded
Chrome Cache Entry: 112
JSON data
dropped
Chrome Cache Entry: 113
ASCII text, with very long lines (26071)
dropped
Chrome Cache Entry: 117
ASCII text, with very long lines (502), with no line terminators
downloaded
Chrome Cache Entry: 119
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 120
GIF image data, version 89a, 64 x 64
downloaded
Chrome Cache Entry: 121
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 122
exported SGML document, Unicode text, UTF-8 text, with very long lines (32049)
downloaded
Chrome Cache Entry: 123
ASCII text, with very long lines (13306), with no line terminators
dropped
Chrome Cache Entry: 125
C source, Unicode text, UTF-8 text, with very long lines (15477)
dropped
Chrome Cache Entry: 132
JSON data
dropped
Chrome Cache Entry: 134
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 136
Unicode text, UTF-8 text, with very long lines (65497), with no line terminators
downloaded
Chrome Cache Entry: 137
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 138
Unicode text, UTF-8 text, with very long lines (23200)
downloaded
Chrome Cache Entry: 140
ASCII text, with very long lines (10505)
downloaded
Chrome Cache Entry: 141
ASCII text, with very long lines (7324), with no line terminators
downloaded
Chrome Cache Entry: 143
HTML document, Unicode text, UTF-8 text, with very long lines (3110), with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 145
ASCII text, with very long lines (12757), with no line terminators
downloaded
Chrome Cache Entry: 147
Unicode text, UTF-8 text, with very long lines (4933), with no line terminators
downloaded
Chrome Cache Entry: 148
ASCII text, with very long lines (1063), with no line terminators
downloaded
Chrome Cache Entry: 149
C source, ASCII text, with very long lines (65103)
dropped
Chrome Cache Entry: 150
ASCII text, with very long lines (3968), with no line terminators
downloaded
Chrome Cache Entry: 151
ASCII text, with very long lines (1261), with no line terminators
dropped
Chrome Cache Entry: 152
ASCII text, with very long lines (7100), with no line terminators
downloaded
Chrome Cache Entry: 153
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 155
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 156
Web Open Font Format (Version 2), TrueType, length 87840, version 3.13107
downloaded
Chrome Cache Entry: 157
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 160
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 92
ISO Media, AVIF Image
downloaded
Chrome Cache Entry: 93
Unicode text, UTF-8 text, with no line terminators
dropped
Chrome Cache Entry: 94
ASCII text, with very long lines (3424), with no line terminators
dropped
Chrome Cache Entry: 95
Unicode text, UTF-8 text, with no line terminators
dropped
Chrome Cache Entry: 97
RIFF (little-endian) data, Web/P image
dropped
Chrome Cache Entry: 98
Unicode text, UTF-8 text, with no line terminators
downloaded
Chrome Cache Entry: 99
ASCII text, with very long lines (13029), with no line terminators
downloaded
There are 39 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://guxidrookr.com/afu.php?zoneid=7362731&var=7362731&rid=t1eCDm1Kj0NxRQhdnxrJqw%3D%3D&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=130.0.6723.59
https://guxidrookr.com/afu.php?zoneid=5117836&var=5117836&rid=t1eCDm1Kj0NxRQhdnxrJqw%3D%3D&rhd=false&ab2r=0&sf=1&os=windows&os_version=10.0.0&is_mobile=false&browser_version=117.0.5938.132

Domains

Name
IP
Malicious
star-mini.c10r.facebook.com
157.240.195.35
sg-acs.aliexpress.com.gds.alibabadns.com
47.246.174.110
guxidrookr.com
104.18.22.222
ru-acs.aliexpress.com.gds.alibabadns.com
47.246.133.235
yonmewon.com
139.45.197.236
hd-v6.mmstat.com.gds.alibabadns.com
59.82.34.217
fcmatch.youtube.com
172.217.17.46
bottom.campaign.aliexpress.com.w.cdngslb.com
163.181.92.232
zb-tao.tfe.alibaba-clould.alibabacorp.com.gds.alibabadns.com
123.183.232.34
my.rtmark.net
172.67.169.157
stats.g.doubleclick.net
66.102.1.157
gj.gds.mmstat.com
47.246.136.160
cm.g.doubleclick.net
172.217.19.226
www.google.com
142.250.181.68
fcmatch.google.com
172.217.17.46
pcookie-us.taobao.com.gds.alibabadns.com
47.246.136.175
ae.mmstat.com.gds.alibabadns.com
47.246.110.45
www.facebook.com
unknown
hd.mmstat.com
unknown
dmtracking2.alibaba.com
unknown
pcookie.aliexpress.com
unknown
ae.mmstat.com
unknown
s.go-mpulse.net
unknown
ae01.alicdn.com
unknown
fourier.taobao.com
unknown
bottom.campaign.aliexpress.com
unknown
gj.mmstat.com
unknown
acs.aliexpress.ru
unknown
assets.alicdn.com
unknown
www.aliexpress.com
unknown
acs.aliexpress.com
unknown
s.click.aliexpress.com
unknown
c.go-mpulse.net
unknown
There are 23 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
2.20.41.43
unknown
European Union
172.217.19.238
unknown
United States
1.1.1.1
unknown
Australia
172.217.17.67
unknown
United States
172.217.17.78
unknown
United States
47.246.110.45
ae.mmstat.com.gds.alibabadns.com
United States
23.195.61.51
unknown
United States
192.168.2.16
unknown
unknown
104.18.23.222
unknown
United States
163.181.92.232
bottom.campaign.aliexpress.com.w.cdngslb.com
United States
2.16.149.10
unknown
European Union
139.45.197.236
yonmewon.com
Netherlands
172.67.169.157
my.rtmark.net
United States
23.37.187.80
unknown
United States
64.233.165.84
unknown
United States
47.246.174.110
sg-acs.aliexpress.com.gds.alibabadns.com
United States
239.255.255.250
unknown
Reserved
47.246.174.122
unknown
United States
104.21.27.183
unknown
United States
172.217.21.35
unknown
United States
142.250.181.68
www.google.com
United States
23.195.38.175
unknown
United States
104.18.22.222
guxidrookr.com
United States
There are 13 hidden IPs, click here to show them.