Analysis Overview
Threat Level: Likely benign
The file https://www.paypal.com/au/smarthelp/contact-us?locale.x=en_AU&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT002546&utm_unptid=1ad9cbda-9fe9-11ee-82ef-3cfdfeef7f55&ppid=RT002546&cnac=AU&rsta=en_AU%28en-AU%29&cust=&unptid=1ad9cbda-9fe9-11ee-82ef-3cfdfeef7f55&calc=8edf7a21152dc&unp_tpcid=online-user-agreement-change-email&page=main%3Aemail%3ART002546&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.222.0&xt=104038%2C127632 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand paypal.
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-22 02:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-22 02:00
Reported
2023-12-22 02:03
Platform
win7-20231215-en
Max time kernel
52s
Max time network
148s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/au/smarthelp/contact-us?locale.x=en_AU&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT002546&utm_unptid=1ad9cbda-9fe9-11ee-82ef-3cfdfeef7f55&ppid=RT002546&cnac=AU&rsta=en_AU%28en-AU%29&cust=&unptid=1ad9cbda-9fe9-11ee-82ef-3cfdfeef7f55&calc=8edf7a21152dc&unp_tpcid=online-user-agreement-change-email&page=main%3Aemail%3ART002546&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.222.0&xt=104038%2C127632
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6859758,0x7fef6859768,0x7fef6859778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1244,i,8041269543235983734,9554330975009159385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1244,i,8041269543235983734,9554330975009159385,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1244,i,8041269543235983734,9554330975009159385,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1244,i,8041269543235983734,9554330975009159385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1244,i,8041269543235983734,9554330975009159385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1244,i,8041269543235983734,9554330975009159385,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3312 --field-trial-handle=1244,i,8041269543235983734,9554330975009159385,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1244,i,8041269543235983734,9554330975009159385,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | 41197f7425669ed0.cbridgert.vhtcloud.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 18.173.233.100:443 | 41197f7425669ed0.cbridgert.vhtcloud.com | tcp |
| US | 18.173.233.100:443 | 41197f7425669ed0.cbridgert.vhtcloud.com | tcp |
| US | 18.173.233.100:443 | 41197f7425669ed0.cbridgert.vhtcloud.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 104.17.208.240:443 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.16.227:443 | www.recaptcha.net | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 142.250.185.67:443 | beacons.gcp.gvt2.com | tcp |
Files
\??\pipe\crashpad_2332_MINPPKMKJXZXFGUM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Temp\Cab1547.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1569.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cc162bdd49c08740d55debc8cf75829 |
| SHA1 | 3fb806a81d3e5ba3cd2b8eb2fc2ab0ee3665aaa9 |
| SHA256 | 06ea8fbd7d26e5692c9db0f9b69e17e9091e748a15823ab7339bdc88b1dc9928 |
| SHA512 | 72c5f254f1fdf0de81b3007844d8249b7831e6bfecb69fde3b5edd9ffb2f15d02d74c26ab4facf4bf5988913288c0d912e335c95db044692ea05febfd25b501f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7068cea1371b8efcc040d2c3f2458f19 |
| SHA1 | e1a7fa8a8bca60b0b66fe88c990be6ae160ad81f |
| SHA256 | 87c6682085168d7a36696c3026423b4b4f1c667192377d6a49490984bda91192 |
| SHA512 | 834c7c6d37b2c10b5f6787ac4ae6483a22b23278076b70ad98cbd1e862ace15dcc12dfdd29f56689e1f671fd5be0661bb1521800c4c06c052c2ffebdfebeb3a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb75b362574d96cfc0cde6e2c5b66f6b |
| SHA1 | f60296a7133130ba901271d32dd318080e330481 |
| SHA256 | 088de8c4390b901d8a3eda6c9f9ce9dae451391fdfc94b40ad8b49445b1262dc |
| SHA512 | 84937b87957de3d9917ad03bf2a8b156649aeee93dd4d7b2e50b14b15b57762d272abc52b1dc23b038cc189e994cfc5626421f625b21235fe90216b8fdacef30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 376b8c537526cd932725e8526f63dbe8 |
| SHA1 | 4f1a02496e159a59541721e4f0f0c14e60ff209c |
| SHA256 | 3a3cafdd347aeff32aeff342596806d6cc15a11150792322b7905c880272e189 |
| SHA512 | ba2ac6cf3837916218f32f1e0bb02f6029c74b5a6991aeb017580bf55802067ed82ea6205dd369f2f8dea23e840129e89bd078316c288783ec16ee77131cfd3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d23772f1b52db3bdbcd40b289db5682 |
| SHA1 | b5ca74eee1099dc2d327e0f907008919743f866c |
| SHA256 | e77da164f34ac9478b72de5c29d9584c60830a9efce7219a99bdf1d3fe28db53 |
| SHA512 | 8efbb46b54dd0414bc4ea48336240981aea6071712eb6454b777a5d98af2d7a1e246b84b0b6f66429c053eabe434bde7adc0d0821c47532c87d7acdedbf99a89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | e3038f6bc551682771347013cf7e4e4f |
| SHA1 | f4593aba87d0a96d6f91f0e59464d7d4c74ed77e |
| SHA256 | 6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a |
| SHA512 | 4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2d64887a0144e2840d6254d33ef51c57 |
| SHA1 | ec6bb009f82b5ade8a9204650322c9da0697f74d |
| SHA256 | 076931585d031be9b5b68ae66fa6c0b96fa4ed34de33538261a824ac7b9d20fe |
| SHA512 | a851fae426584981cb0742dce43f454a3ae14ea3d7fc5db8185bd7b82e18b1a7aa40ab3252fa3141fc474f14da18210c4ec3fe8e63b7440ab97a4d94d77f65f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 151a352215f3e9f0a20ed0d2529c5af2 |
| SHA1 | 1143816aafc5c57e40d52d824adf9ab43a564ad4 |
| SHA256 | 21fecbdc7d54281ba1aa9fa5456088673163ada05030c19f8ac76d96ba64e5b7 |
| SHA512 | d24d5a13820c605580195f8ea8fd2cb4b80c3713ae2bc073894a5c7843931132065f0eba282af74bcaee1ee43397c0514dcbae7b96ee4668d999ad394ab71e76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ea91d3ad10e7bc4ce5e20fcaf57fb94b |
| SHA1 | 8f6948cbfc5e12309b00995a2e8569e3a91c34c0 |
| SHA256 | dce2829f05c914eb693c7ff193c8fc4a1715aa7acb8f5e036bcf31fdec3b091d |
| SHA512 | 9373d7c7a1e2e4c5663f7d8ca862a3319c2c488523df2f60c0733da388c0b6248076f9645b9bc028afd2d598597ede2daae0d6f11e65d19c795ef448d98f5d9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20ed25b5a0c6bf555d4b9b62b3671acb |
| SHA1 | 8c80f45bb490ad9fcef9cbeaeebc9f942081d740 |
| SHA256 | afd64c28f21416773270eb5c38b626e4783ee5c73a4579036c9a4014dc4be3ef |
| SHA512 | b34a2115ba0f030c36c9ad4c08e0792510010a3f2f2efb31587ee561e16725521d65b1e1c7b3f1d3e587a9e1c38cb7633da7af94bd7cf94d89e65b9cc579bc21 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-22 02:00
Reported
2023-12-22 02:03
Platform
win10v2004-20231215-en
Max time kernel
151s
Max time network
157s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133476840792364664" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/au/smarthelp/contact-us?locale.x=en_AU&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT002546&utm_unptid=1ad9cbda-9fe9-11ee-82ef-3cfdfeef7f55&ppid=RT002546&cnac=AU&rsta=en_AU%28en-AU%29&cust=&unptid=1ad9cbda-9fe9-11ee-82ef-3cfdfeef7f55&calc=8edf7a21152dc&unp_tpcid=online-user-agreement-change-email&page=main%3Aemail%3ART002546&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.222.0&xt=104038%2C127632
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff93ad59758,0x7ff93ad59768,0x7ff93ad59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5248 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 --field-trial-handle=1916,i,12803363300151123721,5828897988919263195,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | 41197f7425669ed0.cbridgert.vhtcloud.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 18.173.233.100:443 | 41197f7425669ed0.cbridgert.vhtcloud.com | tcp |
| US | 18.173.233.100:443 | 41197f7425669ed0.cbridgert.vhtcloud.com | tcp |
| US | 18.173.233.100:443 | 41197f7425669ed0.cbridgert.vhtcloud.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.233.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.16.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | udp |
| US | 104.17.208.240:443 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | tcp |
| GB | 172.217.16.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.208.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3556_TBJTJPTECITQIKKH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3607c6ea248fa91bab7d250705481ab8 |
| SHA1 | 88d3ad9695ae4dc3560e16ce7ace04d68450b6dc |
| SHA256 | c9352ff9c5d0b62ae4c6a7ff15e14e3cbeb5a39ae9c327bbd6467063a84be484 |
| SHA512 | bad9c917fdfb2de9d89bde87cfd3e8b3178e6103c98faf16341f00d941fc0981668b401506f79d9dee6372a66a3e964db730da20b57fd604915942f317ad4cf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 520a08eade952f5ff9b12aba3bc8b1a2 |
| SHA1 | 3c532831a204b550e72fd20491c52e61d4a6d0a9 |
| SHA256 | 8fbd9dc421b9271cb77f263a30b38673d1bec4e5e3a68adffb5f1ea204778144 |
| SHA512 | 41b785d695c8d469666f8f8eabd7572973b9435e12a7d1d0adbc787c4e569cb935066598f44d1b1efebe9aaf52dd8d30e6624018f92b1db9f95a19a5767b50b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | e3038f6bc551682771347013cf7e4e4f |
| SHA1 | f4593aba87d0a96d6f91f0e59464d7d4c74ed77e |
| SHA256 | 6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a |
| SHA512 | 4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e5eeb4a517436f0d8dd793145f32781f |
| SHA1 | 801cd2a5937a08ea2dc9e84b711eb2238db35860 |
| SHA256 | 8e60b138b114e182b2ed17b99274132e85a0710e034bd08a293962f73bcd3cf6 |
| SHA512 | f7434ae9f268457101885576af98ae82b17d4110df375b94089924cf560cce5597569158a1bdbf9964254c58f9d63cbce74a0e8aed8102968f99cd76aab5d18a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fdaca089149a060c14826493322897ef |
| SHA1 | 172964673da249ab2997c078e6d1a102d9f0e965 |
| SHA256 | 5a1791fb9cc99a12fba4f7eb6cdf95d514097279ca2fb22f7e8b071814b99ebe |
| SHA512 | ef9c5f7c3b455b9cb0e75af452dcbf8b050798c55e6d7a5ebf3e90fd818906c72ea8622a47aaf62ad8b2a5a3ff0228e280041b5bd1bec081b9e12bbb0562f52c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cca79ab9ae6e6381ad318ed656e68f29 |
| SHA1 | a8d36e34c9ca310979911e6a8806b6ce48745b2b |
| SHA256 | 0cf81646918f129e03f0093c77446b1fcce593ba4b23bf15259368a2a4975e91 |
| SHA512 | 19d0202b56fb46cee2bbf484ef5ee281abf4f444c2b570813331219f1454308641e202cccdbd70dd549877ed7fa5e83939b41ccc46cd2a8a5e3e71771c8acbf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df90b577c6bdd119aa98207ccb4ff2e4 |
| SHA1 | 92e63bce47aa8ce1d065de2cb74a8958151a1cf9 |
| SHA256 | 3f48b29cdd8206b5b119e9f4be43172c3f0bbcbbad23f5a6b708023be1243972 |
| SHA512 | a448186eea5cf898c27456ce9db0326039c75947dca93e1b9b7e1726acaa10603a1c92d30818673a29501e829d25d23c549ff7379642db42d194a1ba9c7bd637 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee10d1f0762d0e8354ebe50b53cf8899 |
| SHA1 | 9b58bf904cbeb6ccb0d707540169b1e7f9d296d1 |
| SHA256 | 1605064c7e7f8c61dba882b19c59e52912503468c717977c023e8bc5958557b1 |
| SHA512 | 59fd608aa194173adf8ae52939ccfdc83c5325023fa1c4dbca682136e6c42964a51603293a18feba01611a6b56217b05929610dab3afa00982abde1b1d7ab019 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa315d030d4242c95f0470a3db8aade1 |
| SHA1 | da1953680a2f77d1f3d34a248f4ae5700633d021 |
| SHA256 | 56c2fd9e5ce72f1189c60e4df4b7c1a606441ddb3287eca9601c568f45a986c9 |
| SHA512 | 9b8bf2ab756f1130184229ce8745ce2d1ed94aebbab7420a7b54f53aa24567535fb1a2bfe0f34a97cbebe6eac3f9ce0b9bfb029847b73b3d788908aa3d93f858 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | acde7dda5fc3786760556072bcafeca8 |
| SHA1 | d7e63f3068119659cdc4a078ae71033122b6e123 |
| SHA256 | 944f94415d3cef8774cfd9d606bd467de798d4ff3ac3d823aeeb0fc7fd7254ed |
| SHA512 | 56c8210aa553d0888f3a1cd84b6c7835d6e620c2520f2106f94b95a15e215aff44385475cdf6ca895451004c73a8d1de8d88d348f2016f6ca4e0f1f2683054ff |