Malware Analysis Report

2024-12-08 00:34

Sample ID 241115-vdnx3axjd1
Target https://www.paypal.com/invoice/payerView/details/INV2-FCET-3STX-R97X-H99Z?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=f83da144-a10d-11ef-bd32-a94c5f14986c&ppid=RT000238&cnac=US&rsta=en_US*28en-US*29&unptid=f83da144-a10d-11ef-bd32-a94c5f14986c&calc=f5085022dc3b5&unp_tpcid=invoice-buyer-notification&page=main*3Aemail*3ART000238&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=&xt=145585*2C134645*2C150948*2C104038&link_ref=details_inv2-fcet-3stx-r97x-h99z__;JSUlJSUlJSU!!P5FZM7ryyeY!XF6eGWLYiz7xn4D9Y9_EJHBQe2ebgRWibqB0TGUBL94byOy7CD9-NPHnm6GNBT1Ce9Vt2mk5MbYS9AnqfTwS$
Tags
paypal discovery phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://www.paypal.com/invoice/payerView/details/INV2-FCET-3STX-R97X-H99Z?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=f83da144-a10d-11ef-bd32-a94c5f14986c&ppid=RT000238&cnac=US&rsta=en_US*28en-US*29&unptid=f83da144-a10d-11ef-bd32-a94c5f14986c&calc=f5085022dc3b5&unp_tpcid=invoice-buyer-notification&page=main*3Aemail*3ART000238&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=&xt=145585*2C134645*2C150948*2C104038&link_ref=details_inv2-fcet-3stx-r97x-h99z__;JSUlJSUlJSU!!P5FZM7ryyeY!XF6eGWLYiz7xn4D9Y9_EJHBQe2ebgRWibqB0TGUBL94byOy7CD9-NPHnm6GNBT1Ce9Vt2mk5MbYS9AnqfTwS$ was found to be: Shows suspicious behavior.

Malicious Activity Summary

paypal discovery phishing

Network Share Discovery

Detected potential entity reuse from brand PAYPAL.

Drops file in Windows directory

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 16:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 16:52

Reported

2024-11-15 16:53

Platform

win10ltsc2021-20241023-en

Max time kernel

56s

Max time network

55s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/invoice/payerView/details/INV2-FCET-3STX-R97X-H99Z?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=f83da144-a10d-11ef-bd32-a94c5f14986c&ppid=RT000238&cnac=US&rsta=en_US*28en-US*29&unptid=f83da144-a10d-11ef-bd32-a94c5f14986c&calc=f5085022dc3b5&unp_tpcid=invoice-buyer-notification&page=main*3Aemail*3ART000238&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=&xt=145585*2C134645*2C150948*2C104038&link_ref=details_inv2-fcet-3stx-r97x-h99z__;JSUlJSUlJSU!!P5FZM7ryyeY!XF6eGWLYiz7xn4D9Y9_EJHBQe2ebgRWibqB0TGUBL94byOy7CD9-NPHnm6GNBT1Ce9Vt2mk5MbYS9AnqfTwS$

Signatures

Network Share Discovery

discovery

Detected potential entity reuse from brand PAYPAL.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133761631687682063" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 1976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 1976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 2904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 4404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2944 wrote to memory of 892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/invoice/payerView/details/INV2-FCET-3STX-R97X-H99Z?locale.x=en_US&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=f83da144-a10d-11ef-bd32-a94c5f14986c&ppid=RT000238&cnac=US&rsta=en_US*28en-US*29&unptid=f83da144-a10d-11ef-bd32-a94c5f14986c&calc=f5085022dc3b5&unp_tpcid=invoice-buyer-notification&page=main*3Aemail*3ART000238&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.292.0&tenant_name=&xt=145585*2C134645*2C150948*2C104038&link_ref=details_inv2-fcet-3stx-r97x-h99z__;JSUlJSUlJSU!!P5FZM7ryyeY!XF6eGWLYiz7xn4D9Y9_EJHBQe2ebgRWibqB0TGUBL94byOy7CD9-NPHnm6GNBT1Ce9Vt2mk5MbYS9AnqfTwS$

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff88fa5cc40,0x7ff88fa5cc4c,0x7ff88fa5cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,9867895328147758431,3004422826129571741,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1928 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,9867895328147758431,3004422826129571741,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1884,i,9867895328147758431,3004422826129571741,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,9867895328147758431,3004422826129571741,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,9867895328147758431,3004422826129571741,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,9867895328147758431,3004422826129571741,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,9867895328147758431,3004422826129571741,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4984 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.paypal.com udp
US 151.101.129.21:443 www.paypal.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 21.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 c.paypal.com udp
SE 192.229.221.25:443 c.paypal.com tcp
SE 192.229.221.25:443 c.paypal.com tcp
SE 192.229.221.25:443 c.paypal.com tcp
SE 192.229.221.25:443 c.paypal.com tcp
SE 192.229.221.25:443 c.paypal.com tcp
SE 192.229.221.25:443 c.paypal.com tcp
SE 192.229.221.25:443 c.paypal.com tcp
SE 192.229.221.25:443 c.paypal.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.3.1:443 t.paypal.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 c6.paypal.com udp
GB 34.147.177.40:443 b.stats.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 lhr.stats.paypal.com udp
GB 34.147.177.40:443 lhr.stats.paypal.com tcp
GB 142.250.200.35:443 www.recaptcha.net tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 1.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 40.177.147.34.in-addr.arpa udp
US 8.8.8.8:53 api.sprig.com udp
US 34.198.52.31:443 api.sprig.com tcp
GB 142.250.200.35:443 www.recaptcha.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 34.198.52.31:443 api.sprig.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.52.198.34.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.35:443 www.recaptcha.net udp
GB 172.217.16.228:443 www.google.com tcp
US 34.198.52.31:443 api.sprig.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
NL 20.103.156.88:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

\??\pipe\crashpad_2944_KQJEVXHYYETIJXZY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d80a239ef4cb66b59ed954560bed4be9
SHA1 9f205510342fc05a20b098c78b8db3d1d883aa1b
SHA256 42677e107f7f694d0d62c857a47664215d197237cd08fd4c95c54962b62905ca
SHA512 e5e9fcc6eba9805e5833c9fdcd7681bd5e9def8839638eb97d1da3e10da9e3b3ae6f49cd181fc9538c1faf3515673e8e40e29cbcac9adc33720e502bb1e11b52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 28c258b1dc46ad6318b01b9ca31d17ff
SHA1 bfdd488708264ac3e21e3c449ca84cdf24701f3a
SHA256 e0761d197d85a50a077c1fa31c84f2d25b0c6e22a77f5a11783f60f84c49faa3
SHA512 f605b0e2e49ce815f027d672d3f8519437bc3787b19e156c07ac363a215e0c3032559c69b252c5d967c25d7c25a4a616d7ca0afb508df992bd912a0422376717

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1248a83169e204f0453bd4e46b137952
SHA1 eb7405866ae913f7a44972286992b498b18f4be8
SHA256 0be6053f91c5056e135e3ec34f11f1c988c9e1110ae3c54c9ec5aa2848474e10
SHA512 457d778cbf1bbbae84cbd20a47c1e43d2b3430d6e1be79d65d4921c59375c96d2877534c5c058e4829fa383007297588b1fd22d4539db4aa1a762b2cd2ec2b01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e9f1fc84a173af1c459aa626489b81a
SHA1 d66beb71c7406674972cc68283dcdb1305aace38
SHA256 97d536b3c48eeddf737c1962ebb2e3aabfe130cc3856a67fb00273a5b07e7daa
SHA512 4e1fdcbd8deeb6ee0b7e75dd3dd892cc7a299a9f503de050544c26696a63e939158170fbaab11202acfeabd7c1be039066eb21de0e15960d1de799e374a2c143

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a120903acb72c7e7c8348170eec8e64d
SHA1 2bb5dc089bcf4a4203a860b57856ce9740baddd9
SHA256 3d801b56074c6ca52fc1c8639536dcf94051c50472bcb1a6a572903667430a71
SHA512 ae81c46a55b4d7514b1a0d086a5491c576da14c42b1cca59b1eb424ee2404db82fdc18a017d77a8bf48e4c1598446911db70a937d3a51cc32f36a4f5416d8f9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c072deac09fcd2ed814fdc93fe2886c8
SHA1 ef1dea2dfe25d6e381f214bacae7ea5e4007d712
SHA256 8e90788225feea9de048646a24b0a3ee177320408b3c0b7e76277eb15bd41897
SHA512 016a75026e1aab04e78c5852e78682b4b7bcd247b604ec8cd3be6cc494822035d9390713004ef70623ed573b1851133c303ab72814f3603366e51c184ddb0617

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e21c72cfdbf6affdc1a56e76b34761e2
SHA1 4231a25e365d6e510a210a689e5cb3db9039145a
SHA256 bea903ae51329766b160cdf7727240b766d9c31c1396639b12e93ece571904ee
SHA512 289cf2c1c1d14c5349c206f973bf1e02f8be74bf28d09fecf4b1ea879ee9c343e65ebbc8bba31753dcedca30168ebbc4090f53d39b0888c8b7fbfd9bbb322a23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\eef87d83-52da-4e03-83c7-7190e084114a.tmp

MD5 2727c4cac519fe8ef9fd7c4240bcd37d
SHA1 ca5014c5caa1d67530ee485a1d39ecf319ae0226
SHA256 9410a9399fb94a3ac3a51f7ba947c063dffd8d3aae393b10b3d9fff7f54e6d07
SHA512 4f3b36b05148a67877ded55b57f17a48120bd4653e30e55822f16c3520f2499f347fef72d8830b1101b9bdd58e68d5c4298fb3c5f0a22f24de89eeb28c977845

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\87a535fb-6118-4b3b-832d-2b82955bb98c.tmp

MD5 942967cdd77683f2528ae807ca1db572
SHA1 f4717e10501552f59b824cf7ec4d0c2ac926cde2
SHA256 f3c423fabf1335b4d806a320d5676bfdce9c959636cdd7be7ec90f800481f821
SHA512 012ddc886e60434d9baab7e7184b0668b69569a5f2e6185a72e6f7cfe6e7da6c23a81f81ce7e7cd473df55303fee9027b22eea4da332425a86946621dc40a7e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db8dca67d44c7cf071a8a38fd8654650
SHA1 b0e5165320808e97e8387ee5357f05a6a9f5bbdf
SHA256 931bedae90c601ba19c099c96765920eb56f8fe1dc176f112c83d24af1651dd3
SHA512 4118c001b9b79d16707a6b9213b43f1c14bc9aa248b54d813186a796d322d0a734105a344171886b8d1c44359fdfe519ad51f4a3e7a13be7b86d53d423338049