Windows Analysis Report
https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf

ID:	1541962
Product:	CloudBasic
Start time:	11:27:20
Start date:	25.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	F2351D13EF34B15CA434441A7DF8D89F	376B02EF209B06E4E56EEAEA77CC4FE9CF7AA371	7F1A16CE1B6CC9C069EF7B11E94312C5F8A881878EF71D0709B9E12C01C342CA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	EACE58FEBAE9EAB0A1F542D04C44454F	81F01FC7D4425E07D3F4185D363083DBE8112EB1	A9D1922EC863790CA05EA536DD071CD3A9032B7CF1F867EACE30CBC0CE5A6A2E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	FAB60F1B7DEE9A4A97860D32AFDEEE5B	FE228ABDEF019A06F08E4A56178F4FF491B79329	6CD337A94EFDD81370B0C8A4160492581D2B5CADD77816ACB85D7E525B78BDAA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	24BEFEB5E684480F622DFAA256C04944	9E3620CCC29E6622CEB0A04AF8586870209D187C	CA1F752EB88BFF38D6BDE29EDE60CF337D9EEF65AA5721F482E6E88C0CCE271E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	ADCEC248C18C64B60673E1412C3BEF4F	74058B63CAE3312045F6CF01C6FE8B5CE613515C	8B7867355C071F42492F089FF476A4FED9A30F52018B0F422C67B6AD4EBE90F4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 25 08:27:53 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	563CB56BC76162328A6720073E4B25D2	C16E5A574BC02C408E2FC71DD79ADE2083B9C661	3594B28ED136C242856D1F6A958FA10FC6DBBA5DE0289C2CBD706E303A47BF8D
Chrome Cache Entry: 104	ASCII text, with very long lines (6411), with no line terminators	FA1A1E28E9BC963CC0004ED2D639806C	EA8F97527919761B56FEA9AC07B87AA7F12E3EB1	4F1262046569D4C259ED81D97B9AA467D00E7AACD75F46B1B180E08BBB8FA5E3
Chrome Cache Entry: 105	ASCII text, with very long lines (3632), with no line terminators	69ECCA6533A22616AA36FBB4AFB5B890	E1A2D8C56DC16F4F39894BE45DBD3DAC81E9255A	E66998144EF10F086C31D57AE2C5A3863191E842F42D2242156CC906FF52E697
Chrome Cache Entry: 106	Unicode text, UTF-8 text, with very long lines (48791), with no line terminators	4651333CBA1A2E824551B1CDE4C2599F	38C4175058887537E8CC4D03A9DC16218B0ABADD	57C6C1BF0F0958BD95CD47FFDE3CF2403D096C7EDC1E50DBEDD2FCB1B6C97471
Chrome Cache Entry: 107	ASCII text, with very long lines (65536), with no line terminators	D9C7C87AFFB5236296623D19F199D236	83D40D47D56DB09CD3ABE00A2D0E1ABEA512F2F2	029F43E935D0FBC632AD8226A4F01FFA57DA08F1EE87AFFBFE016E08C1EF61C6
Chrome Cache Entry: 108	ASCII text, with very long lines (21009), with no line terminators	A1F877E0AE6AE4DF75C3F46B66B648E2	CCEF075754E9BB6FEA9838275E8DC43B19E124A0	98796AE57F58C58E56E73F44A6EED398348811A8C46967D419D5A531F2718772
Chrome Cache Entry: 109	Unicode text, UTF-8 text, with very long lines (65337), with no line terminators	746837165A403C547B2354F89B6F7CEB	F8B7AE13B03DF17FF9E04734CA21D22B3E71F657	9F31F34A67AF7B7A8B56471C6E6E547273B16EEA9DD91E351D9F3C93FDE0E651
Chrome Cache Entry: 110	ASCII text, with very long lines (7897), with no line terminators	96171CA3E8314E6DDD868C5F90E06825	34441D88583D2A57DEA46F34E0C39050AA0D2BD6	4358CFA90FAEF2A791F7AE34A2CDA2C8AD4B4F33E261E1B0CB14EE0CC5D2D78A
Chrome Cache Entry: 111	ASCII text, with very long lines (65536), with no line terminators	4457546897C348974717EDB70D0EEF24	82994AE579393912BFD24518EB15BB929FCA7894	A42AE9D159FADF566D8A2DAF88E73FA61D71B59B5CFC075B4E8CC671394B4B52
Chrome Cache Entry: 112	Unicode text, UTF-8 text, with very long lines (11045), with no line terminators	913E965F9386FC3FF5EBF79D01ACC041	1C2A960279C3B6E4C68F0D848B4258BF95FEEE1F	4AF7517F3E20C780713948EBB62C78CEDC3688DCE9B57D1204AB6C5032292D21
Chrome Cache Entry: 113	ASCII text, with very long lines (12165), with no line terminators	E37D515A24572819DD37079F1B5AEDCC	CC3201B7498E711D0A5AA52610806680ED8DD57B	58E0CA03E6CF86D4CDC4C79E5EDD950CBCD6E4E9421968F4C0292733985FA29A
Chrome Cache Entry: 114	ASCII text, with very long lines (30383)	18CB8ABB0FE0A5FED7BCA1E390888E08	DA52ED0044E7F3208831ACACA5B5E5330CFB8C0F	8BA7C3FB6447929FA51F865E93CC743DDBE15A107115BEB914366ABC45EAAD83
Chrome Cache Entry: 115	ASCII text, with very long lines (7929), with no line terminators	EBD0813C383A79FE3B831948374E3C65	B602206076302BA3CB3D13BA70ED1B294275B2DA	F6CD862019A5A3DA819DDDCDF34C148C44539D46832C7A67B7440463D4391D9A
Chrome Cache Entry: 120	ASCII text, with very long lines (18502), with no line terminators	BD1D590522CB0C584623DF5DF65E1B6B	13A26F8065CE83BF7BC24A917DEB1FA7E0FE7DDC	A847D7C4CF79A41A76D3A808DFD81C9CFB7E02EA354E1EC206F5763A46C64E26
Chrome Cache Entry: 122	ASCII text, with very long lines (65536), with no line terminators	16C47E12DF4F06A117BD1BD28767E122	5878DA007EA6DEBDA178F03050DA46277F6F85EE	920914FB462C127FD3CF8C12DC1E7E410D61DCAC521056A4FA2249D3ADF1BA72
Chrome Cache Entry: 123	ASCII text, with very long lines (6231), with no line terminators	AC53EB4BDDC652A8D277BA47632D7B23	361515FB45D11934CDA4E70FA2F1043D74D33C26	B924D7917829E23CD6BDE2CEB4F5585A88A2AF22CEC4660ECF09E7CD827B4E5F
Chrome Cache Entry: 124	Unicode text, UTF-8 text, with very long lines (50336), with no line terminators	74A1B1EBB20C4AA201812C6CFE51D2C4	A72A5572136D2E05CD2D0C78C2D8AF92C8AB307A	E1BD4F29008E9EDACD0DD257FC9169730AAD5FFCB7B06CF99A47D50E4B87AE08
Chrome Cache Entry: 127	ASCII text, with very long lines (24399), with no line terminators	7589225A2406BE029512A3BC5421D8CE	2DC3D629D7BD7C19A5B563C05BC1862390FC3924	2808EBAE8B931893CB06AFEEAE13D6AFC74BF0139CBC4543755E064EBA336619
Chrome Cache Entry: 128	ASCII text, with very long lines (1394), with no line terminators	9A853B370DC419C67B9BF9518327420B	363D54F4C0EAB94530A91423E25CECB320505512	D2FF1A2BDECB7DA17031F2AED184912694B642E9D7040DA4C988414467CF8EEC
Chrome Cache Entry: 129	ASCII text, with very long lines (65492)	6DF4C5D96F64FC48E69F0FA170810430	EEBF137759774C01C0931680D47CEB2A6B2E04D6	AF32C5518E8A672F368507AD90A9F7CDFB700A78AF4A997435BCA995E3973433
Chrome Cache Entry: 133	ASCII text, with very long lines (65536), with no line terminators	DAA32B7B0CC9B8516F0FD07E2C8853AC	B9CD13EDE2E63C0D34EED3A7C01BBFAD7B532621	919275F402E65CC71EC2F5D075E31BEC1CE8079798FAA6F4ED1D0E3EF0094A18

Phishing

Source: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	HTTP Parser: No favicon
Source: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	HTTP Parser: No favicon
Source: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf	HTTP Parser: No favicon

Compliance

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.150:443 -> 192.168.2.17:49811 version: TLS 1.2

Networking

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: ljptn9jl729v.jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: accounts-jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: login-jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: lf-scm-jp.larksuitecdn.com
Source: global traffic	DNS traffic detected: DNS query: mcs-bd-jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: internal-api-lark-api-jp.larksuite.com
Source: global traffic	DNS traffic detected: DNS query: sf16-scmcdn2-va.larksuitecdn.com
Source: global traffic	DNS traffic detected: DNS query: internal-api-security-jp.larksuite.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.150:443 -> 192.168.2.17:49811 version: TLS 1.2

System Summary

Source: classification engine

Classification label: sus20.win@17/26@30/171

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1972,i,17485728752003867175,6128383347816120878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1972,i,17485728752003867175,6128383347816120878,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

Source: https://ljptn9jl729v.jp.larksuite.com/share/base/form/shrjpAd28kd9HXI7TjO1wFqS7Pf

LLM: Page contains button: 'Submit' Source: '2.1.pages.csv'

Boot Survival

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk