Analysis Overview
Threat Level: Likely benign
The file https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-849803765A568852C%2FU-6PL99754A59833350%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=fw9t0CTVboWisxmCamp0JvI5rs-fE-guHyA8.g&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-849803765A568852C%2FU-6PL99754A59833350%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Dfw9t0CTVboWisxmCamp0JvI5rs-fE-guHyA8.g%22%7D%7D&flowContextData=i82ckSim03e4YP4tJzxZlgdQH_Q4gSfBWmoboxQm6cCG97m_nd-aDBKrRmuJGv-1RksiWk7Ykd9dp5gRi2nyH0lkxge2ZpJIiEiKutBmZs0NIjNrdd3fGpnlYAwiYff2KpxioGnKKIUHublokp4ZZ_1_7Ii87Hu9fzAyZrsygfiy1vH0OlbHkHRcGKRrj0WLzIAmCtY3OggjwMu6a6_gdDI4Eb_ec7jH9ta9uG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=b74a4258-9dc1-11ee-8a28-506b4b4b668a&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&cust=&unptid=b74a4258-9dc1-11ee-8a28-506b4b4b668a&calc=856abf808c510&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.220.0&xt=104038%2C124817 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand paypal.
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-18 17:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-18 17:24
Reported
2023-12-18 17:27
Platform
win7-20231129-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409082152" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{55C3CCD1-9DCA-11EE-8D15-FA7CD17678B7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "26" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2024792bd731da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\Total = "26" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com\ = "26" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000dad5a448f957c1a2163479896e9503b36d0a5899ee43f6e80ca71db059624377000000000e80000000020000200000000bafad57a32c263ddc205ab2d503e56c39a11b43c94e2beca9d987247baf8cd9200000007346154f50b36f6cd15e15bf60dd61f36737b1c5abcd67b98dd368e918536a1d40000000cd7722e0c89161fbffd2ef36e3a0407f6c13ab83395eeef1a3f427e51f7b1b9c51fb531abf79083f67b58c1eb58511501c8e8f4c92cb700ed7bf57f12a6635e8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000c3df8ac4342124a92f5405a6b1b1210c44270b50139a46b08809a379899b1a73000000000e8000000002000020000000311289653f9799bb94616c3f8f8ef38f3b9ad4f8257ea079e191d83c83ec5503900000002aeaa2ccc291da88c46645a9c708c73bd1cefee54cb670585343e0140c54edf501a79d3055339ca070b6b6913a9d10bc90115c87352df239f1990d14ea31113df86c1ef7f5d7dd42d44bf5740f815e7c162baece8f214d1854e30ac354349e317c2e7dbc484603ab5f3e977d52f96e60e989b08ba81a9f84245010cb8e384d46fae6e2a02c3e26699e6f82d7d61b7bfe40000000dd74be4c3612ed8c40c8d6424aac0579d2fce110f655cb44e1c0b05e0f31783c75f7d0218fce5cc9debd748e63e6beb50eb32e9e9174d1148f3b3545dccaf76d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1736 wrote to memory of 2164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1736 wrote to memory of 2164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1736 wrote to memory of 2164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1736 wrote to memory of 2164 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-849803765A568852C%2FU-6PL99754A59833350%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=fw9t0CTVboWisxmCamp0JvI5rs-fE-guHyA8.g&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-849803765A568852C%2FU-6PL99754A59833350%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Dfw9t0CTVboWisxmCamp0JvI5rs-fE-guHyA8.g%22%7D%7D&flowContextData=i82ckSim03e4YP4tJzxZlgdQH_Q4gSfBWmoboxQm6cCG97m_nd-aDBKrRmuJGv-1RksiWk7Ykd9dp5gRi2nyH0lkxge2ZpJIiEiKutBmZs0NIjNrdd3fGpnlYAwiYff2KpxioGnKKIUHublokp4ZZ_1_7Ii87Hu9fzAyZrsygfiy1vH0OlbHkHRcGKRrj0WLzIAmCtY3OggjwMu6a6_gdDI4Eb_ec7jH9ta9uG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=b74a4258-9dc1-11ee-8a28-506b4b4b668a&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&cust=&unptid=b74a4258-9dc1-11ee-8a28-506b4b4b668a&calc=856abf808c510&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.220.0&xt=104038%2C124817
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 151.101.1.21:443 | c.paypal.com | tcp |
| US | 151.101.1.21:443 | c.paypal.com | tcp |
| US | 92.123.128.164:80 | www.bing.com | tcp |
| US | 92.123.128.164:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1E8D.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0870f98aa6eb60858e7a5964dc7c21bf |
| SHA1 | 4d0490af90cf096aa8cda9a678bdc9f9fb2c27c3 |
| SHA256 | 2655bfddb1293cc13a2322e7d3dee8670a5d10f56ab195d7d6bee50eb7f35499 |
| SHA512 | 94fdf988398bc67eb0f458658757e6cf12cca6ae11c0cb5ee90a7bd451ff3c4bd23ddcfe3e51eab1971397dc75ef8ef04dc4ae5d85d5d011cf963bf3206f7d10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6bd0bd75bf91e5ad60b2e998b413b8b6 |
| SHA1 | 56c32f3f6e4d245a7f8484f4f51f4ed87ba355fe |
| SHA256 | 6064a36b07003db4cfca2cfb85638c2d4663eb2ff92509c76124ee4eb0318a5f |
| SHA512 | 1cead97a005020c32ad5198a1f42d021bf51cb623b9a1132885e5e7fb478c237d1a13c062dbadd6ec08f4e8ad2c8e5cd1dd819b3a16c783a69796a2c39578b7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f6fd01932b029f5d1f02d5d657786d1 |
| SHA1 | 45e1ef0802087fea763bc5f680eb7f7ed62cd90f |
| SHA256 | 948a21da5091fea7ab96aeb854a2e6701b8778b1c3a62de3f5b574684fdcccee |
| SHA512 | 8d92c76cc810c8eed5c6947c05b47db8cf2828dec1cb208920ce6393d2f144d3a2f2210ad519c714d98d24554fb9eb99fd6dc6dc39daab4613d6beb1cc11a7c8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC9YH0TF\pp_favicon_x[1].ico
| MD5 | e1528b5176081f0ed963ec8397bc8fd3 |
| SHA1 | ff60afd001e924511e9b6f12c57b6bf26821fc1e |
| SHA256 | 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667 |
| SHA512 | acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat
| MD5 | 9e92c3f469bd2446a2944d44735b882b |
| SHA1 | 8e2f414f4ffcef239d962e04b064ba3bae0880cb |
| SHA256 | 3e96480df0b7caf6e4b0deeba0974f604f222d26029803a35c7e8266350fbedd |
| SHA512 | 597601e76a19fa97281e05cbbd741d1c32448e29457eaf066b6b90884b422d8a196fa94a8a6a3da1595016926accc9c5d3a6ccbd8ab1841a142339f1320cd3ef |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ARNNOKDZ\www.paypal[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6edae4b073a3f2d8587a8a4915bcf180 |
| SHA1 | 0795175ca7da54fbec56d7ae5fd5d06e158946a0 |
| SHA256 | 119aa255d58f6c2eb37f5bdcdcb893310972bc3f36228bf799c26eda1f4e51be |
| SHA512 | f3cab4309765d63619ed48e8605571e8e6cb67c2d3a992cae5a879db2cb55ad0c9fbd1f5e3ab71e17d31a6842855ebb66fe6a7d5a5e1825869e3ea5b842fec08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e128a0c711f2cfca65b013dd90206e4b |
| SHA1 | b4e9f74d54d465733e29d5245d2cb5c5d6d222cb |
| SHA256 | a4008f41342f8aa8db3de37b4286adaaad3f6c8877b92bef0cefbdafb76781f9 |
| SHA512 | 4955b77d5fe61cf71491346809a84e54db66d3a17bd469994e383d047261c2489a8a0a2bcd150939e06c68aeca49eac131f5bf2574e9dc9ac7e4c3b8d4e0d432 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69677b64b71a85c65dda74d0866e6bb2 |
| SHA1 | ba82a7a5be0dd85bb429a98d56807542ca1cbcf6 |
| SHA256 | 79da2c7ecf695dfefdea535d1827c5e6ae4da377e815375fff85f010cfc5ebab |
| SHA512 | ebe973122597413c5f05c71fc615d08d97f3773b4a65f0477131aa7392271ad51cf885855d3a54e3428f9f8e7934f66fff13d3d2c6f263570ea976265e30056d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 793ed0ae36e77ab7bf9eba2d1247e86c |
| SHA1 | e22fe9f51936c1e8234409d7baf2047a7c49edef |
| SHA256 | aef0f44d733fc00fd33f5166bc9d6c4f167bcda77d732a70aa0df39061ecc442 |
| SHA512 | c77eb8d0ca3efe2824a6304691281e5ab15a316b12c42347b64ed0e888d68679fce8243b018f416e77bef07e1035fc0f3a38965ac5c427a383c35750c7314cd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94ffc8940bb15466e8ccf3127c094215 |
| SHA1 | 54a5b69452cb4328be7bb117656ac457776a7069 |
| SHA256 | 0d4d9a370e2f5c030f5d50b262b1c2cff874ed3a25e86ff407ee510dc4f12c60 |
| SHA512 | 6f55988d4c96682f57b9b9faaa19ce58134382b31a4ca6ab0a8bbf4a6da9000dcb05397df54e11e7da1e037ca8b9570e9be89f4f48635b733d324bf882a5d61e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15f3376ea1b6e2846522d8433991140b |
| SHA1 | 0ff9d1d70cb1452b6b8e89fe6433767bd49771dd |
| SHA256 | d2f66ecac0d578653345a5107a664ac929a0b1a3c534f99a2f2b2ac0d853b1c0 |
| SHA512 | 9673b478002e1682684b89b42875ba2e125271499cae4f2ceb19ccfe07b1a20fd827c23c999a123cbbac8a962f29377f218f05d9e5ba6d83eb09f845dd888b89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96d3a8b96cd12b28a1c0cb80b217ed61 |
| SHA1 | e847ddaeca8f48c5d39e9371b2b5c33e4d6140fb |
| SHA256 | 0e4ffbf19b70d95479f3921ca919a6f7ffe00aabeb4b1d1b3d803de99f03ccba |
| SHA512 | 111a7029e5e9be26ab0f75b2861c43083537048090c0c38f9d6088c3747e9867f83d841460c2080684fb4ea9507074feeb6528f108c912cebf9bcc8c98095980 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 16f3a6393fb21e54fc0c8a89a0fbff79 |
| SHA1 | f2cd7c484606f33ad07f7c504543a837203a65b0 |
| SHA256 | 8a19d5d867337194c90d765b6af08e47bc860e0fc23bbc435b31a680e62cbfc4 |
| SHA512 | 130b1d617c608f294859d6468b15a57cbc7ee0836d608ce9fbaec8fe88ac4a9debb58ceda383d4fff2344c0a4f10220ef0c67717520b3e95d5378f846b9c4dfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b7a6c4b5bc60604fe265329f7b3645d |
| SHA1 | 98a72679fb3dbd6644f67864a97c8336ef65a672 |
| SHA256 | 86bcdbecd3c0005fbaeafd39453c79bc2eb1312402335069f5d8552576f531ed |
| SHA512 | f7912f8f395ebee2e8784cc344972df1662cdbd33266e2360158988912d912954ede30afed789c8a2e71af2520e0149b46765c9e39c8cf23490c78eb3fad64f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 067fa37fd699f6183106b6bd633ef202 |
| SHA1 | 7986e3ccf2f429491b89c5baf43a8be3bf561ae5 |
| SHA256 | 5622de71a77e9b0dd8d7b5419ebf3b9da3b9347aab2a15617180866c0a2c3944 |
| SHA512 | 2920bd52f3708c7fcaef99672156cea8dccc04212a1a69f03dbd99d1e5e0949ba9697bd662e5ca7cfccac9cfd12b8c614e8e62906942469c9224f29d0f686001 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67d8eff966a61b67eebafa629578bc7f |
| SHA1 | 0c637f3fd140a905cfd386110029ffa24468d706 |
| SHA256 | b66664d97793aa4e099d532e776e5aec461e11f78f0608e02e776844df6e6695 |
| SHA512 | ed49527998f6e6c36d2e217788066eaa8d365b8eac859b946f3e542579266986c3642f25f6f762c9d94b37864b0f1c6202ab2436fa7dc089582c32c1947a04bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a58829d624a59e8bbc944d473aa8b67d |
| SHA1 | 738a955f65fd88f8623c78584e29654375606abe |
| SHA256 | 633e953993dd77832996a6bea852068d6ebb951db1ae046632c925a46ddcfc8d |
| SHA512 | 659e25bc68ca0068d8aacf46efebdd81c9270c119c8dc2ceaaabd75411728cd1c25a1f893cc6e0a207344c54fab081f8c1336814c09d7fba88d8fec802d48ec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72804188223c270798877d466035e008 |
| SHA1 | 783ac4a746e10bee5d4aeca839a12674aad3a835 |
| SHA256 | bf8fb36d782ea9aafeb3c65d7f81b9e82dbcd9388a22e11e58e2808be542277d |
| SHA512 | 8c6ca2806e395ab60e96e302c8b4930e281e8b636d88767517b6f47fefbe124d25bb15336cada8ab296fe47f811bb9b82b673d488a6ec52309411363cb58ae18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8c91008bbd04415b9b251fc524411cd |
| SHA1 | 63144c0b57e8752a651a457224c38ca6aba45519 |
| SHA256 | 2e62904f05a583d6513e037e11b6d511f90f4b554e64abd3269beb8e528abfc9 |
| SHA512 | 7937a801d69b83ce2ccb7d1c8d001103bd54cb6c49bd131a372db0deaf076c5e85f094bf7aebc772985c38cc98ee3c8b6cd7a9e470c045a88d8c73f0a9a768a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e45eca64d2cceedbb70a62791ce7c881 |
| SHA1 | 346b7f4a4fac1ad87ccf3c0dc0af427ce6acaf3a |
| SHA256 | 5de5d6dc2db61430f2a0c06edfe4731b85133e29cf655c2169264799616a81b7 |
| SHA512 | 68d3bc74cb3b6faf12829ce5d816040818a433cc9a144ff19e4bd4fbd36f10f371b6051dcf8ad363db9c401a3fdad1f5d9f42576802d09cd739e60691c998323 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34cc8caa551c627942d79c4a8f1c481f |
| SHA1 | 9a19a66fc1685acd15774b6c79523b1628b3a8b0 |
| SHA256 | 595aa271e3dabc8be62113117b33eaaf6b1d9a54940b72c4f4243218a009a780 |
| SHA512 | 684009eda1c61d8b8ff07fc203c4065bb09607768c26cd9fb6b57b6d239e414ffae9600addf2f438db44271b1f7cedaf32c0b62cf993608aa5bf4fe5fd2222ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e92dcc6cb915ff6db7ed18b81a25f20e |
| SHA1 | 40a761cafe49184a826d4fe44de01b97b63b865b |
| SHA256 | a099fd23586d6120c472aa42d9198930b035048860a1ca234bcf250d5c77966d |
| SHA512 | 3efa8606fb94217accb732c77a6d34b6f99bd626b3b7fb66cda8ceb7d9169e2f8f4e56971a2c49eaaa24b266c9f2355f74866df5a3820f2999da8a52404a7397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d78aa313e01a95772a7f226bcfa9b382 |
| SHA1 | f796d3cfcd9e8d4ae6168f83ccc1b3d48e5226ee |
| SHA256 | c5432fe8871bca0c9c0fac48f283bee0e51a7565dec2a92f6b1fb91f4d21552e |
| SHA512 | 26bc57c3ebcc8b63056140bf8a42c383fabee2a6762e09872e9b3226eb5184f7b27ac63f5d929914edfe078f4c3637b9be06bee7ee4da79a1270fb81c2b07ec1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83da95ba1cb03ea93039b586a1b59e84 |
| SHA1 | 3121e8460213119e9d6b91dec5de1f843815cb62 |
| SHA256 | c1840c768eab6c89a3efc6723e9da8c903d071882c774876addfb3e7699e8dc3 |
| SHA512 | 9538dea944923532cb09e53c669a998bc4b4d6f90a8b7d3990d597a8ae7aced08a57251b8279343e0679a0ebc59439c8fa35a15d962585c6e9c4d79d71e01775 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0aa3b0b39619c461a28782f7910532f |
| SHA1 | 1a617054e83c0ab24cbd5ce48284f54f9e457b6f |
| SHA256 | fcb9476a7b5d7b54135efeeb8c3f37bb5980a40b7d2c3c7b86fec02fb097fddb |
| SHA512 | c3d9f889f1a19c47f03332b6ac5b945e0027bfe400220834767bd778f9f667bba849d153128537604a017f5c04c1ef946a3c90e6769e77660e8d37344007f0d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae7f169c81b6258c2bc9148ac99cdda7 |
| SHA1 | 5a4f199115731b7278e719fa14345c1e5b7b0f90 |
| SHA256 | 8ce295af5e07c2713258b6f695fb478773499d6962c4f1b2ac8d97ac311401cf |
| SHA512 | 4b7f47b2b04f6fcd72200e83af9552f0db22f7c03c81d84f9cb2684b4b3604163aeb9e261c633353a0414995cd4560aba67d5731dc507678c117748fd73c2199 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-18 17:24
Reported
2023-12-18 17:27
Platform
win10v2004-20231215-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-849803765A568852C%2FU-6PL99754A59833350%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=fw9t0CTVboWisxmCamp0JvI5rs-fE-guHyA8.g&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-849803765A568852C%2FU-6PL99754A59833350%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Dfw9t0CTVboWisxmCamp0JvI5rs-fE-guHyA8.g%22%7D%7D&flowContextData=i82ckSim03e4YP4tJzxZlgdQH_Q4gSfBWmoboxQm6cCG97m_nd-aDBKrRmuJGv-1RksiWk7Ykd9dp5gRi2nyH0lkxge2ZpJIiEiKutBmZs0NIjNrdd3fGpnlYAwiYff2KpxioGnKKIUHublokp4ZZ_1_7Ii87Hu9fzAyZrsygfiy1vH0OlbHkHRcGKRrj0WLzIAmCtY3OggjwMu6a6_gdDI4Eb_ec7jH9ta9uG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=b74a4258-9dc1-11ee-8a28-506b4b4b668a&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&cust=&unptid=b74a4258-9dc1-11ee-8a28-506b4b4b668a&calc=856abf808c510&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.220.0&xt=104038%2C124817
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9131346f8,0x7ff913134708,0x7ff913134718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5293754000999661173,9481229486227416245,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 186.178.17.96.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| GB | 172.217.16.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 104.123.41.162:80 | www.microsoft.com | tcp |
| NL | 104.123.41.162:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 162.41.123.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | efc9c7501d0a6db520763baad1e05ce8 |
| SHA1 | 60b5e190124b54ff7234bb2e36071d9c8db8545f |
| SHA256 | 7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a |
| SHA512 | bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d |
\??\pipe\LOCAL\crashpad_1556_UIZSSIIOJDFNWPRY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4044b5bd32ec8bb8fa564bbbb9c95fc1 |
| SHA1 | 4854c2c1254891055dc4a1bf2b7ecb1a81f24904 |
| SHA256 | 9f6eb5d6083713d676e3de27f4829479d761e625ebb9b387cfa4f29acc997ac7 |
| SHA512 | fa40114aefc10ee66a5d87573fb9b7d4d901ef40c3dd816cb42da3a9cfd53b2f251b768a94e5faafeca5290758a35aee933ddbca2553251972607b866476ae28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | e3038f6bc551682771347013cf7e4e4f |
| SHA1 | f4593aba87d0a96d6f91f0e59464d7d4c74ed77e |
| SHA256 | 6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a |
| SHA512 | 4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9baaae70-ab6c-4199-ad17-c00669480607.tmp
| MD5 | 4616ee8e53f539f5bb5e54d40f93f540 |
| SHA1 | 129ab0cce212cd2a54c8f5a7d10eb41625ecdcbc |
| SHA256 | 5806d7b7bcb38e17218f4aee1fd67ecaecd15e3049dec9aa01c9794145a6fa17 |
| SHA512 | 183e9a64262a07438c1518da6b288747334645c528d5714808cd4d4ba83e432ed5fcc788fad3d22242f550d76d8b3a578db2ec8a6645b54458961b5698995ad0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5b8d1d3f328def24aaefdea06e6f518d |
| SHA1 | b4fc4f13edfa422491ff8bce3f1cd3d9ccb403d2 |
| SHA256 | 814b02a23c2ed11fc62d8d82a6f3b97bdd5c385c67e7334bb55053bfd6b70684 |
| SHA512 | 6469b648a8e8f703aa2f0d79bd515f44c750f3bb7ee9334a462f41e149bae30f00a205b3228080c194c1fbbf12c7823f5d4bdbf8bb49c15fdb36a9f90b48d9ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 121510c1483c9de9fdb590c20526ec0a |
| SHA1 | 96443a812fe4d3c522cfdbc9c95155e11939f4e2 |
| SHA256 | cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c |
| SHA512 | b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 78ff0be3b927fe27ac4ee6cfb156e20c |
| SHA1 | d45ae1a9de3b6c59b4ceebebcacd3a6c99808199 |
| SHA256 | f46a4ea12ab5092f5eb73949e8d238a72e1ff11d20e7cf1ca91a1ca9bb4c76c0 |
| SHA512 | ddcdb74369785266ba9fce76cb8230dd71873862c38fd716327aea9e44ff04b33ffce98a3bd7c0ed852aebccdbff9cfcd7b6c7117e167b2ecf8195089c349a5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b55.TMP
| MD5 | ef5698bb7f524e620183a917c5043c71 |
| SHA1 | 3a094d5a5c8fc974ba537f40a00f260629993c23 |
| SHA256 | bde1dd33c5bfd8ef0e524d47f90a05a8d53fc2ea0830752602a72f3aa5f8d10b |
| SHA512 | ab833a0d5bccf947eb3417512825d6681861ced69489eb09b2e6859cf06fce9780909deb0b7468546514dcd3509e2dffcada6b9b8ac09ee8123d1eef155b3d98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a9eda1bf5a5b16cfa53aaf7850e1a69 |
| SHA1 | a26a93d2b82a80130b62fa841ff31082110f3214 |
| SHA256 | 4b64d84e915d7810368010fb5bbc7419c9ee282c939a70ecf7a8f2a39387bf6c |
| SHA512 | 408b559ae803943b9c4fa52762edf29f99b679258632fbd6a6bf7c39f881d6573245ea3e742a4f4e07a990db23717df43b5196b73056ef5a9acff89be668b564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a61b33c42044a46565f14a64d303543e |
| SHA1 | 54ec5e20fdf4607196ea8a74ce26d6264e57da29 |
| SHA256 | 14438610f0b204673ffd9c3331023964eadf75f18eed01df772de648d095eb4b |
| SHA512 | 2b75fa640ba976d7e9b78a5869400ad9195633d0ea1e3ec3138a39dc203e9a931e36085636041e8837c9c33b585c6f155931c77ae1985349d3c5b808b1738dc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f69a1c5f32cc9c819434bcd027b153d0 |
| SHA1 | 703102decc34bba1d38c2e45c9a1e9aa95e8d7c1 |
| SHA256 | b805d069d28716413bd6ceff4ee914cbb4567ec5ab6717a9d1172ce8a4fd3b0b |
| SHA512 | e23fc22d2570996f123a14d7b56c3796abb1a42eb1f54fa8c80a1625ae1a9a835e513d37d82523439d41f3aa81ca4b53469c0e92a154505c717a225f9a3d93ea |