Windows Analysis Report
http://cdn.specialtaskevents.com

ID:	1417258
Product:	CloudBasic
Start time:	20:09:00
Start date:	28.03.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:09:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	155F631A34C03DB27B74D4120CEB6388	80562D9751D4B6CDBF5181DECF1A6E860C0C71A7	DC39E39620B3CF6CD9EDF5EA120AE382B0302285AD4C2925C52D7F4DB6E99573
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:09:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	47F1D187639D409FC047B84729A87170	65DB34985AE98E853572DE78D6A2CA6D59F03AB9	1757399E091899856CE4A24ABA4A292D9257EA56208794112987226C5E2CDB0C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	701DE8BC435EDA4E59364FF9C4A03E36	F04195CC3C8A06CE21534B0B089007AC55DC2F4B	DF8244AB41EDF4B6AC5A73897049E09551699D2A06FC2F3BF4AF98CDB0A52F17
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:09:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0700AEF7DC5F91273CA2AEA6749E8D5F	1763498D12D330094D2A603A841FC4230671272B	E772C2943482E354FD169E13EB057250BC8CA53F0FA04D3EEDDF4E2707B9EA08
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:09:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	DBB7D8A1DD4F7E686712F7004D836199	D617EED49B63D2715F9E9FCAD03E25C4B3AF0795	EF85EE5B72624E492EFCE85D115B68BC6334BFF7FCB974DF4E989296EA4E337C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 18:09:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BBE8455BB9195A4C5341F26CE909EF50	5D668F7E50943F2C61022A4E857A30A79877D2D2	9181BAB2489BCFDF42C8ACC0E8E1865FE5FF7E49866C5E82E85683AB7C14DB47

AV Detection

Source: http://cdn.specialtaskevents.com

Avira URL Cloud: detection malicious, Label: malware

Source: http://cdn.specialtaskevents.com/favicon.ico

Avira URL Cloud: Label: malware

Phishing

Source: http://cdn.specialtaskevents.com/

HTTP Parser: No favicon

Compliance

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49714 version: TLS 1.2

Networking

Source: Traffic	Snort IDS: 2050200 ET CURRENT_EVENTS Balada Domain in DNS Lookup (specialtaskevents .com) 192.168.2.16:55241 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2050200 ET CURRENT_EVENTS Balada Domain in DNS Lookup (specialtaskevents .com) 192.168.2.16:54115 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 28 Mar 2024 19:09:27 GMTContent-Type: text/html; charset=utf-8Content-Length: 1125Connection: keep-aliveLast-Modified: Mon, 15 Jan 2024 14:06:29 GMTETag: "a0d-60efc85387705-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 56 6d af da 36 14 fe 4c 7f 85 9b a9 da 26 e1 10 87 00 21 05 b4 f6 b6 53 2b ad 5d b5 db 6d da a7 ca 38 0e f1 ae 13 23 db c0 e5 4e fd ef 3b ce db 4d e0 56 9b 02 ce c9 79 f3 f1 39 cf b1 bd 7a fe e6 d7 9b cf 7f 7d 7a 8b 72 5b c8 cd b3 95 7b 21 49 cb dd da e3 a5 b7 79 36 5a e5 9c a6 f0 1e ad 0a 6e 29 62 39 d5 86 db b5 77 b0 19 8e 3d 34 79 14 95 b4 e0 6b ef 28 f8 69 af b4 f5 10 53 a5 e5 25 a8 9e 44 6a f3 75 ca 8f 82 71 5c 7d 8c 91 28 85 15 54 62 c3 a8 e4 6b d2 3a b2 c2 4a be b9 51 85 28 77 e8 56 a9 72 35 a9 59 4e 68 ec b9 a6 46 5b 95 9e d1 3f 8e 1a 6d 29 bb db 69 75 28 53 cc 94 54 3a 41 df 65 33 f7 bc ac c4 05 d5 3b 51 62 ab f6 09 8a 5f d4 bc 56 6f 96 ba a7 e6 65 10 2c ce 68 21 e4 39 41 98 ee f7 92 63 73 36 96 17 63 f4 5a 8a f2 ee 03 65 b7 d5 f7 cf a0 39 46 de 2d df 29 8e 7e 7f ef 8d d1 6f 6a ab ac 02 de 3b 2e 8f dc 0a 46 d1 47 7e e0 20 79 a5 61 8d e3 6a 82 91 f7 11 94 d0 2d 2d 0d 08 0c bc b0 e1 5a 64 60 f6 ca cd 86 6e 5c 54 e8 6d a1 fe 16 5e cf ff 13 9c db 73 b1 55 d2 1b f8 ed 5b d7 2b b2 fc de 62 93 d3 54 9d 12 14 ec ef 11 69 fe 7a b7 a5 3f 84 b3 d9 18 3d 0e 81 bf 98 fd d8 b3 a3 52 ec ca 04 31 a8 1f d7 15 ff eb 33 37 e6 a4 49 7b 95 2f 23 1e 78 82 42 3f 9a f1 a2 97 c6 13 17 bb dc 26 68 11 04 df 4e b8 e4 16 5c 63 b3 a7 0c 6a 0d 39 0f fc 20 6c dd 34 55 83 b4 5a 55 24 68 0a e1 5f 97 b3 e3 d6 a1 f9 0e 6f 54 94 5c 37 21 56 48 4b 10 09 82 17 03 63 5d 47 47 0f 56 0d f8 92 67 7d 76 e3 95 96 a2 a0 96 7f f9 d2 10 69 e3 bd fe 14 aa c4 e9 41 57 04 4c 65 5e 5e c8 32 21 25 2e 54 0a 69 82 c5 e4 4f 3a ce 68 ca df 97 57 6e 5d 3b 25 a8 16 f6 ed 44 99 a9 46 b9 cb eb 6c 19 b1 ac a9 00 cc 38 64 35 76 5c 6b a5 2f 0c d9 32 24 e1 62 60 d8 63 35 86 27 aa 4b d7 8e 43 d3 2c 63 6c 3a 1d 98 f6 58 8d a9 39 30 c6 8d b9 0c 97 6e 69 34 9c b5 c7 6a 97 09 e5 c4 12 2a c3 1b eb bc 41 15 99 86 2d 1a da 0a 77 9c c6 36 e5 86 69 b1 af d2 e8 e0 7c 31 ff 22 70 cf b7 61 48 06 68 ae 41 4e fc b0 03 39 6c 07 1c b7 e1 84 17 28 cc 94 b2 1d 04 fb 70 8d 3a 10 f7 dc 42 df 35 5e 2f 51 91 72 49 cf 98 98 6b b8 39 41 87 b5 da ec a7 3b 7e ce 34 00 c6 a0 01 9a 32 ad 8a 86 1c 29 b7 44 0b 96 cd ca bf d6 dd ae ae e4 a4 27 77 c3 6a d2 6e bc ab 49 73 18 ac dc 06 5c ed c9 a9 38 22 26 a9 31 6b af eb 3f af da a3 fb 22 ad 4e 35 f3 c2 40 36 dc 01 fb ba e3 2e 5a a5 35 82 13 e1 b8 6b c8 51 63 dc 82 b5 07 9f 8c 62 38 b4 52 18 ac d7 6a df 17 b2 04 ed dc da 7d 32 99 9c 4e 27 ff 34 f5 95 de 4d c2 20 08 26 e0 b6 d3 74 e7 d9 6b 75 bf f6 02 14 a0 19 09 dd bf 15 b6 71 8c 56 7b 6a f3 f6 63 94 ae bd 0f 51 1c a0 30 8e 59 80 e3 00 a0 83 a3 a5 1f c6 98 44 b1 bf 0c 31 21 4b 9f 2c 31 59 2c fc 79 f8 cb 34 0c 10 59 86 7f c4 01 25 73 04 3f 37 53 80 c9 1c 7e 39 5e ce 2f b8 40 1f 09 09 25 8e 02 3f 26

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: cdn.specialtaskevents.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.specialtaskevents.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://cdn.specialtaskevents.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: cdn.specialtaskevents.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 28 Mar 2024 19:09:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingLast-Modified: Mon, 15 Jan 2024 14:06:29 GMTETag: W/"b96-60efc853828e6"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49714 version: TLS 1.2

System Summary

Source: classification engine

Classification label: mal64.win@16/6@4/88

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://cdn.specialtaskevents.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1956,i,16078691702741248329,3268572124664616130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1956,i,16078691702741248329,3268572124664616130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk