Analysis Overview
Threat Level: Likely benign
The file https://www.paypal.com/invoice/payerView/details/INV2-LXV4-EVG7-HNXG-Y4MU?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000274&utm_unptid=7940a2d2-9875-11ee-9ebb-3cfdfeefd0b5&ppid=RT000274&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=7940a2d2-9875-11ee-9ebb-3cfdfeefd0b5&calc=131011af3523c&unp_tpcid=invoice-buyer-reminder&page=main%3Aemail%3ART000274&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.218.0&xt=104038%2C127632 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand paypal.
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-12 04:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-12 04:05
Reported
2023-12-12 04:10
Platform
win7-20231023-en
Max time kernel
124s
Max time network
288s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/invoice/payerView/details/INV2-LXV4-EVG7-HNXG-Y4MU?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000274&utm_unptid=7940a2d2-9875-11ee-9ebb-3cfdfeefd0b5&ppid=RT000274&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=7940a2d2-9875-11ee-9ebb-3cfdfeefd0b5&calc=131011af3523c&unp_tpcid=invoice-buyer-reminder&page=main%3Aemail%3ART000274&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.218.0&xt=104038%2C127632
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cd9758,0x7fef6cd9768,0x7fef6cd9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1284,i,5298375684120258212,4805755112645112990,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1284,i,5298375684120258212,4805755112645112990,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1284,i,5298375684120258212,4805755112645112990,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1284,i,5298375684120258212,4805755112645112990,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1284,i,5298375684120258212,4805755112645112990,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1284,i,5298375684120258212,4805755112645112990,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3400 --field-trial-handle=1284,i,5298375684120258212,4805755112645112990,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1284,i,5298375684120258212,4805755112645112990,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | udp |
| US | 104.17.209.240:443 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | api.sprig.com | udp |
| US | 34.198.52.31:443 | api.sprig.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 34.198.52.31:443 | api.sprig.com | tcp |
| US | 34.198.52.31:443 | api.sprig.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_2088_PXQCSQUVDVCXXMEZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar50A7.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\CURRENT~RFf76584d.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb23f467f4af7b9378c7b3a05bbffb9f |
| SHA1 | fad5ecf4b038b3d1da9617cb73550e7e3a18b082 |
| SHA256 | e25109d15ef193f4a7d1539e6f79d09432249d7b319baa87fe2bc5c83cc2898f |
| SHA512 | d43882b386890882e36e2c32dd0f1c2aca0f87c8b20ee7568a0aaa9a23764142dbb62b1566bb1d9aa539a8e8ac5d57cb87ad048f8f64f83776d8f8094473a9a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91306ea5d97652bb12e6114b70ac0aff |
| SHA1 | 42ae76c534ddf525eac296c52c6213c86267f7c4 |
| SHA256 | 6d447eb0e8bf86470e9ff1fe25c78a8ed9f83613a5d606f93755f3a74e4dc340 |
| SHA512 | 29e84c96ad599215f064a939ae0d381274287288a8e2c53648e944cfcfd5d486820152ef13744919e4371ff37eef9c924c96de3916a201ef3d2da75eda410037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1786b2754b882b88a2858d1f294344 |
| SHA1 | 789087f997c821a482b19c53f55ad45a68f750c6 |
| SHA256 | 2b7398ce273dbb908bd05c5def8e3d9ce94c61f2256dfe6006ecf108f1ed98bf |
| SHA512 | e6c1db286220b6b6e99992d9bf8b3c12a5e77997623e3cb445df543fe40997d8f307b8deb35d4608554232f5b3be70db33fe896d142f84bb3697b5367252401f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c75e5cee01f80fca3e59b8c89c0f13f2 |
| SHA1 | deb2699864d7b9193a68d65251170619fd9585e4 |
| SHA256 | 1b38aefdecd7ade586e2c6e45f5de06914b8301690c12dcb3a3c370b802c49d3 |
| SHA512 | 5b5c73c751510b92d06768874957b3fc186f06250425dbd8f3fea00b401f3bfed2260b0a1ade73513879d8ebeea509f2abd9e9c4fb681b7206884aefe2e644ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\67d4db64-d608-4973-aa53-75d0366330e6.tmp
| MD5 | 13e2457c0ca331432eaa8d65d294a929 |
| SHA1 | 9abdb161601fd5185b9a386882a19f5a1be6b82d |
| SHA256 | 384f69f1872ce0b43385dc14709f8461e5d50722ca5de347ed21d56d693adb4e |
| SHA512 | e97b38c26a06a2e37e6652d52051e28813760bdc7312738b049e24f9492f67d7faf569cf4b9166b015142c01a2260b5df68ed9c7226c38b299993ef0073976d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 674e7ffec5c10ae7965064200fa1d94d |
| SHA1 | 033f9afe91193bc19cb51aac2352d56279aa263e |
| SHA256 | 37d08439bfbf286503d8ba8e4733c0e4438d2c879e1a15eba95fb97336a6b427 |
| SHA512 | ec2aeefbbf3795253b4db486e061e65928b2aff34893687f97d848880175767546a08eb27d853a43a91604acb643512f78ec29035c89725ef7b6d0f200333e71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e7d9f5147702583b5cfabbc542479d47 |
| SHA1 | f296d40bb16c2053fb3beab2550fb48d378381cd |
| SHA256 | 4699df92e59c4f09761f0a2224d06e3ce6703532293bb52fc58a78e61e3f804f |
| SHA512 | 2dddd49a5b816620a5ff4f3faf9df101efbdd6bbc58f94169229c2f4eb77dcb898b9088232c6d27008bfcd9edeb1626a4748801d8485e8d69628f020f2215201 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a3ea68de7034f088d1573e0303a79904 |
| SHA1 | ba21e34f87f216c8b703141da6de6a00afa87bde |
| SHA256 | 20a586fb2591910d7ff42949fe26ddd5d32ec78cbc1256c957161b982905dd24 |
| SHA512 | 1c5951e5b0dc42dd825cccd3cb720a259979a23809647b38cad4849b65ce64ac760165e1ab615a6014fc23f6a8d1a90c87bdc7e0eeb203810c8ef6da5746b28c |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-12 04:05
Reported
2023-12-12 04:10
Platform
win10v2004-20231127-en
Max time kernel
300s
Max time network
288s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133468275641228389" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/invoice/payerView/details/INV2-LXV4-EVG7-HNXG-Y4MU?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000274&utm_unptid=7940a2d2-9875-11ee-9ebb-3cfdfeefd0b5&ppid=RT000274&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=7940a2d2-9875-11ee-9ebb-3cfdfeefd0b5&calc=131011af3523c&unp_tpcid=invoice-buyer-reminder&page=main%3Aemail%3ART000274&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.218.0&xt=104038%2C127632
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecfaf9758,0x7ffecfaf9768,0x7ffecfaf9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1868,i,12504710072157071150,2695903785608397732,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | api.sprig.com | udp |
| US | 104.17.209.240:443 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | tcp |
| US | 50.19.89.137:443 | api.sprig.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.209.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.89.19.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 50.19.89.137:443 | api.sprig.com | tcp |
| US | 50.19.89.137:443 | api.sprig.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_832_PDYXECZTSJSHDBKT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6369e3b6aa7760d54090dbff0443a840 |
| SHA1 | 343d903d45c98831b8c140f2fc80c162f1159883 |
| SHA256 | 50807ddc6fba02aa9dc7c26e539bb73feaddb414f030331e5380756e1be2ab36 |
| SHA512 | 9154091ca1f6303cd619026c86a575eeb6167b6c2a5dc9f1ab407b8bb391a2ac7d54cc1e98e32ea146372782193297e2ed14cd396381041f24ffa22d9995c23c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd9f0a6bd344fc50595d3422e3d7d0bf |
| SHA1 | bf6b5c7317ffcd49f0958be9b7e9d07ac7adb7a5 |
| SHA256 | 123a7ec79ec4adc9866c318d0fecc0e45bcd61d0fe127526f127595de6ff5c1c |
| SHA512 | c85293f3c20aee5ea4911744558d4644498a525720aec50b87cedca82b120d59f5002b52d13bce41468d78aeefb49ac8ae9cf7e39671cc699a4f0f2029631440 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 33facf538360ac7585e00416977ea499 |
| SHA1 | 6b43ca0e07fb5bb3e4242a91e88d301d75563f9a |
| SHA256 | 309baaec33ea52d7023301b576ba0cb047dfb392f10ae5e8e895a45f3718efd4 |
| SHA512 | 133e9065d076d1fdf2b2a722f9f9067456ef7aaba75cd37563e7171d2e9f8dfcc7afdadcceb899751cc405107b68ee2e5beb254c40c05b5374d5f1fbd1b78cc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfc8d4ac17e4af0f78d117fd66407a6f |
| SHA1 | 9d218814191277981978fe323ef3a5779437f6c8 |
| SHA256 | 0862f82b1e9b5509d2e7d3daa8238657fc9056d45913f72bdb70d48c0a2a4c56 |
| SHA512 | e604558ed21a2d1971152b45fe37b4680dcdf27b33d026fc716e61ea33546a54a459ecfdfb50533651c1a9b3ce8081b965ce6356331a067532a7e770cf144ffd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f4363506f873bc2a4df0be51ce57b4ad |
| SHA1 | 83490ae4f9cd64c960541ed913af2c2791227e3f |
| SHA256 | 5bf89d06c950e85a43c9b3f497cba0d55a401f34431660190b30919dd34e265d |
| SHA512 | 4c3359339f26e4856ff453ba3efa2375e3c68fe64808e283bd4fe415e942a8e58d900816026047ec813c5f933c966f35eb43239f957cf7901f45b5ba99745eab |