Analysis Overview
Threat Level: Shows suspicious behavior
The file https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=taLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtaLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw%22%7D%7D&flowContextData=1rISB52CDeQpw-10RoR1U2Yf5JytQhNmxmV00n037FT31116cbQziyVRzG_K2JPLQTuj933Pu2LVyTGAyhOFKRna7TgSJ5BNEHtDGd9lVJbwRcnPG_TwQTI8Pv0a-n082liTIs9KYtavb26ub8E6vmypYCiom-BrihXvs75oS8UEZKK-THj1nGi0gDa5UagEQscwfooQqK5oDMP2RkwhJfg24sXPcphl0e0pQZ4ZVbjvMAeVLQaBba-eRk-6hgO6L29ZDas6vPoOj7aJG4bEP1_ENRzeAkJbHi-Itj3jg3Fjx8fH0pxmaFQDcY8phmJl9mF9TZYyFAvV2nGcNu9bN5VQcsBz-8yE8xa_RyRtvW-yl1ygY--jhG2SyUTN4zgEV7BOlf_XK-aEmDsJZ9AR6fNiQTJD3c8wHPjE6aIG4kFNQgz2GRgTcqqK19QGcK5bhX0wqHcQ-dk2HbR8ZfRT0Ku-b-7y0UMZj_ynBQzSAzfbWNxGYdlZmO5npFr-VqygfKJu4oGlkarJhqVhxvRxFwODpRTRzK1WzpWVcSdEVNmhnUq7OI2P7JIX6xq&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c351c7b3-a819-11ef-9358-e312637f7d78&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c351c7b3-a819-11ef-9358-e312637f7d78&calc=f326424f366fb&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand PAYPAL.
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-21 22:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-21 22:24
Reported
2024-11-21 22:27
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
147s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand PAYPAL.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{EF426323-30F2-459F-9FFE-DAD47178F482} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=taLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtaLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw%22%7D%7D&flowContextData=1rISB52CDeQpw-10RoR1U2Yf5JytQhNmxmV00n037FT31116cbQziyVRzG_K2JPLQTuj933Pu2LVyTGAyhOFKRna7TgSJ5BNEHtDGd9lVJbwRcnPG_TwQTI8Pv0a-n082liTIs9KYtavb26ub8E6vmypYCiom-BrihXvs75oS8UEZKK-THj1nGi0gDa5UagEQscwfooQqK5oDMP2RkwhJfg24sXPcphl0e0pQZ4ZVbjvMAeVLQaBba-eRk-6hgO6L29ZDas6vPoOj7aJG4bEP1_ENRzeAkJbHi-Itj3jg3Fjx8fH0pxmaFQDcY8phmJl9mF9TZYyFAvV2nGcNu9bN5VQcsBz-8yE8xa_RyRtvW-yl1ygY--jhG2SyUTN4zgEV7BOlf_XK-aEmDsJZ9AR6fNiQTJD3c8wHPjE6aIG4kFNQgz2GRgTcqqK19QGcK5bhX0wqHcQ-dk2HbR8ZfRT0Ku-b-7y0UMZj_ynBQzSAzfbWNxGYdlZmO5npFr-VqygfKJu4oGlkarJhqVhxvRxFwODpRTRzK1WzpWVcSdEVNmhnUq7OI2P7JIX6xq&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c351c7b3-a819-11ef-9358-e312637f7d78&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c351c7b3-a819-11ef-9358-e312637f7d78&calc=f326424f366fb&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda8d446f8,0x7ffda8d44708,0x7ffda8d44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5176 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | ddbm2.paypal.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| DE | 108.157.4.104:443 | ddbm2.paypal.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.131.1:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.35:443 | www.recaptcha.net | tcp |
| DE | 108.157.4.104:443 | ddbm2.paypal.com | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 151.101.65.21:443 | c.paypal.com | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| GB | 34.147.177.40:443 | b.stats.paypal.com | tcp |
| GB | 142.250.200.35:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | lhr.stats.paypal.com | udp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 21.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.177.147.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.68.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | hcaptcha.paypal.com | udp |
| US | 151.101.3.1:443 | hcaptcha.paypal.com | tcp |
| US | 8.8.8.8:53 | 1.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.paypal.com | udp |
| US | 8.8.8.8:53 | paypalobjects.com | udp |
| US | 192.229.210.155:443 | paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 155.210.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | use1-turn.fpjs.io | udp |
| DE | 35.157.212.223:3478 | use1-turn.fpjs.io | tcp |
| US | 8.8.8.8:53 | browser-intake-us5-datadoghq.com | udp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | tcp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | tcp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | tcp |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| GB | 142.250.200.35:443 | www.recaptcha.net | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | 223.212.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.66.149.34.in-addr.arpa | udp |
| N/A | 10.127.1.66:55149 | udp | |
| US | 34.149.66.134:443 | browser-intake-us5-datadoghq.com | udp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
| GB | 34.147.177.40:443 | lhr.stats.paypal.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_2736_BPRGMDTWDJDXDOWM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e714e7ebe39f59060de78a9354ddcda |
| SHA1 | 65ed8d4718e9f9233bc46de883811a6f443a7c8b |
| SHA256 | 0c7708cca975a92230b8d815be5e43832a28efc4538f0c53b0259a6ce2f97779 |
| SHA512 | d0ae0f093fe3127ab1220862dbb44d5d14437afede917e46e36306267ba668a477d77796a021f7913ef8c090c76e26e9e1aa1c64fdd5fc80f3cd29a9bb4268fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 2be38925751dc3580e84c3af3a87f98d |
| SHA1 | 8a390d24e6588bef5da1d3db713784c11ca58921 |
| SHA256 | 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b |
| SHA512 | 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee924393b530c437b8d6ca0153591d17 |
| SHA1 | e18d18916e19e0f01257c326bf877b24c8f7f3a4 |
| SHA256 | dde41a4dc09c5fb6616376e7daad24d1d11b7f0ebb2733700a898e31c028905d |
| SHA512 | ddb1e2df5380b35e006561c6e57841ffd5ecc3fa44e5b7b1d3020dd3c73306d8d27a69f4db8df7039b6695f894bf513eb830d8578cd2fd5c5c5ec3b7e0e74238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4686165911569c21cb251c460ce208b7 |
| SHA1 | 905a0ec31bc75b07052863fee83df074b7914032 |
| SHA256 | 707e15b21be48118d52ee8cc5bf363bcdf98ead0ab5da9ea949c778668ec4d97 |
| SHA512 | b5f8575a4f8b6d29446e00562bcf19e727d1150f007899a257fd6d6b110e8b15c6eb9b6c01ee845683084a8727ded2462ace457a58915619fdc8e20d4fc20007 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 026965274f206a9cfd793333790cbd91 |
| SHA1 | 5b22e1943426b6948bafbf5fba464a1dbf2fef71 |
| SHA256 | 07f921fea3d57f9715099278d5a1a0e4387394b02d4d76c7ac8977d5259dd03c |
| SHA512 | 3e0181f90170a3482aea6f25c8c84f5518d1b2e8713b9f24888a1ea4bcc26372c3bc53a3c2f2aa5a51a729848d8156b96deb5bec506997f20436ff5ec2eeadf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c23c254da050ed8344a5905cfcc4338 |
| SHA1 | 4204c1f9365aa3f079383afe526f55f44fad2fb6 |
| SHA256 | cf3f19b8f1169da6ca7f4a859b7cbd59172eb083403d2a6ad96fc6ace0e1135e |
| SHA512 | 04c056dd3e046840a8f0467835b8b9ef7cae6b0f60669cb7c4ccade46c6ee2cae564e73bccb82db3ea957ca3b405dc48506fa9c91c934b3101b39d5b5b85102c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583851.TMP
| MD5 | e811a59fc5e8ef6e79000d0865b646cc |
| SHA1 | 3db5c7bd49264338c96321b32e32dfcd7dbed67b |
| SHA256 | dd7c3a6e08e349bed7d3c0b4290ef091eaa6516d15a7610fc33a4bd7e5a5a700 |
| SHA512 | b81e55f2b26d333ba58b398dd1be13383b7c93b3793e3b4609f687e7e02dd49429407e16f78647c46d26593821f4fa4cbdc082684c4538a1dfaa6d5318f25beb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0ced0f955c6087ee709b9cc976868933 |
| SHA1 | 5640ef394cd519e87f056389a2931bb7ceda7a23 |
| SHA256 | 5dbb60a617b29909bc8e2b9909cc8990663facce8be200e187e00b17f29f3d97 |
| SHA512 | d1bf6729b6039d4865cbd1bda50d6ff57f38a3ac5aab76e8c460445e26a54dd7ef5ed4d9428838ee7640094616ce95981a5f77c95d079d7c0083c16c2c7ae4cc |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad1d11d0578af8bf1fd55135b826f8be |
| SHA1 | 535aa051850efb276e7b8c0a032799cb18ec4844 |
| SHA256 | f87c33d2b509e42fc76555ce6784fa3ff4b4cde0d7fe46548d72a30b56307f5b |
| SHA512 | 057d910505afd3aef49f206f80c28b60a426a09fa6365c5c195894a5c0c3b93596870da41c30ff0a44a83e093b0623d3f47420ea4c095b59d8f8083b661ae061 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5d90e8e184f5e5f367cbe16a6104bb90 |
| SHA1 | 111c599e27fcc29fecd820519f42b4b24a3026a9 |
| SHA256 | 2aff458324590c58168ed799b1718e4841b965cded2a0c3ce879a1534d2e02c4 |
| SHA512 | db377e0637fa764122503b48f737537c84d7504dbe0e9cb546ffdee8419b27219ac92df24bc43242f89273ad915458112516173b26f01b4519fab426294d64fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c634e67ce86907457a3e755e2e23025a |
| SHA1 | 4b0c68eeee5d91d5bbb65b7a4c1c205e83fe36cc |
| SHA256 | 2934e4556c9fb1e4c65f42a249431eb7c36f7afab28e639c054ee7adbf1cf529 |
| SHA512 | 7d94aacc0a49bf105026b29bcbeda370952b2a5010aa2712373d47f39c8e077fd6b1bcbf874eb68c40a5d3561a62c337b57633e7d3be7c54e0de4ca5dc2e3bd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 01696a70a6a422b00827906025653061 |
| SHA1 | cdbe2e350382f7e5daefbae13acecda221cd2eda |
| SHA256 | e82beb3e12a894f952e81ba9d43657df22a8bb222b52081775cc15c592ec8dca |
| SHA512 | 40f5e66bf058172bd7a9536cbaba8f94c1eb653f81c34b9950721849295c3f602075e480cd9a3b061d6fd78a91c477ab8bec109cb464f773a970f3c715b75171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 3c644abade6411b60ef1f6b84a54ecdd |
| SHA1 | d54ec3ff8ab43dc3e98da409b181f270f4605d20 |
| SHA256 | 5cd644da3cd0af5b61ddaea72ab6df13a6fe26b9a8fcd0e9a06b59a76d38adaf |
| SHA512 | 293a6edbefc996388b4a4e96f69ce0546cba6addd28ca4943e01d8653d09d817ff33669a0b848151d90f66abc3710aaa0504596198901ea39482b31155981f7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 71a948874fb937a672574a29ef18ee90 |
| SHA1 | adfad9db35d9707917286b38086a97f538f6bd76 |
| SHA256 | b50de42a5947b63f7bb048adcbc894d50928bedc7072bb6e35d9e41d22f5032c |
| SHA512 | fee0165035dbeb56367a2f6dc0c1850879206f48ac3fd86038da73c87ebd3b0140f0f281bdb5b6ec55bae7de8162ca8e27a367fe47512fc85a5242d2f53fea66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 4209a6187bc58debe1c391bacb754c18 |
| SHA1 | 58953c4296930f1239e951a3dd5d32c1d2e28a8a |
| SHA256 | 836dfea35428547d9a521c25236f3ed853650ccf483e2932960da000e5287ef6 |
| SHA512 | 4826d76a95df92b26c348e9efb4b3bc070c91c5c70db598b9a50168dbcc6a429dfd273d5a41338571de18ffacc54346913ae659279dce4b5a5909c4c4d79b05b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 8355f283c8b5b0b6cf5af16685c6ed8e |
| SHA1 | e1a88fd7e2776779a374ba4a81c0367082894675 |
| SHA256 | 165d0214613ebc1f2a0ce484ebe2c9d45d5743dc6fd2726a3cbf11749e317e0e |
| SHA512 | d2779461e7db166e218142f11d1dc16e3861558b26346f9fef383750a0633ac6fc96d4c8e047944dc125968c4b8140ab727df598a75693b716c3bade33ce8dfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | e319c7af7370ac080fbc66374603ed3a |
| SHA1 | 4f0cd3c48c2e82a167384d967c210bdacc6904f9 |
| SHA256 | 5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132 |
| SHA512 | 4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ddc452f1074c893a487edc4964fe447 |
| SHA1 | e298829f4b93cf13c7118c448838f07f41234d53 |
| SHA256 | d065323ae38da78b054848fb8d8c8feb61b3c6792eeb57212c2eaa495bb077df |
| SHA512 | f108cfb1ed05aaa7699e7971d202329be1d5b320754225cbcea9f4d84d5d933612277a2ec78229e1b6cd6a030f95a59b0532b5d2680bb3c15f480eb0cb552ce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 810579177bbf6e2455a06d6da2884330 |
| SHA1 | 26457d54d95515ecc93dc78e0904613c83d84990 |
| SHA256 | 3e29af6f5e66f12daa70b58518f4c831ff85bd03049f3aa0cba6043df9133699 |
| SHA512 | a48a1223a2a4e9b5910eda753cc54cf402c34f434f17587c6f29fca2c970f603ba51168c3abb2f9d971f957393b4a7eae43b8029938dad21f45920808a469711 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dc516c2247fdb30d569141965ec482b1 |
| SHA1 | 1ddc5d7dd4958a11fc2a75a34f5482173af72f5f |
| SHA256 | 532ec50d0bf522539132f6d23ba28f97789c39f9c36ed02b97ae14d29df54c06 |
| SHA512 | 1899bd7703e1764dfb86cd279384fa653185516018187a2e31a771cba9e28742eb5c40919c6b431a4b1e287c8c30d4ab3f384932be2ce9ce9d62ea1e3a24172b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b64a61d3521a9b1a716ec40bed876a79 |
| SHA1 | 3e21c6259d61ed53ccb31fca341d78e97f6010cb |
| SHA256 | 48c1db2ed51d04a72147c12964e5a1e2dac1563c53741ef1b0ebc52e2e61f38d |
| SHA512 | 5f706d669bf6b9dc3cd1fb4f17c04ff851dbfb377bafdfa68096b596397e86b4f128cb2d3de02206925871736b6e15fd00b62709106001dabc5d8efd1e9a25e9 |