Malware Analysis Report

2024-12-08 00:35

Sample ID 241121-2bjnwssral
Target https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=taLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtaLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw%22%7D%7D&flowContextData=1rISB52CDeQpw-10RoR1U2Yf5JytQhNmxmV00n037FT31116cbQziyVRzG_K2JPLQTuj933Pu2LVyTGAyhOFKRna7TgSJ5BNEHtDGd9lVJbwRcnPG_TwQTI8Pv0a-n082liTIs9KYtavb26ub8E6vmypYCiom-BrihXvs75oS8UEZKK-THj1nGi0gDa5UagEQscwfooQqK5oDMP2RkwhJfg24sXPcphl0e0pQZ4ZVbjvMAeVLQaBba-eRk-6hgO6L29ZDas6vPoOj7aJG4bEP1_ENRzeAkJbHi-Itj3jg3Fjx8fH0pxmaFQDcY8phmJl9mF9TZYyFAvV2nGcNu9bN5VQcsBz-8yE8xa_RyRtvW-yl1ygY--jhG2SyUTN4zgEV7BOlf_XK-aEmDsJZ9AR6fNiQTJD3c8wHPjE6aIG4kFNQgz2GRgTcqqK19QGcK5bhX0wqHcQ-dk2HbR8ZfRT0Ku-b-7y0UMZj_ynBQzSAzfbWNxGYdlZmO5npFr-VqygfKJu4oGlkarJhqVhxvRxFwODpRTRzK1WzpWVcSdEVNmhnUq7OI2P7JIX6xq&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c351c7b3-a819-11ef-9358-e312637f7d78&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c351c7b3-a819-11ef-9358-e312637f7d78&calc=f326424f366fb&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Tags
paypal discovery phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=taLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtaLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw%22%7D%7D&flowContextData=1rISB52CDeQpw-10RoR1U2Yf5JytQhNmxmV00n037FT31116cbQziyVRzG_K2JPLQTuj933Pu2LVyTGAyhOFKRna7TgSJ5BNEHtDGd9lVJbwRcnPG_TwQTI8Pv0a-n082liTIs9KYtavb26ub8E6vmypYCiom-BrihXvs75oS8UEZKK-THj1nGi0gDa5UagEQscwfooQqK5oDMP2RkwhJfg24sXPcphl0e0pQZ4ZVbjvMAeVLQaBba-eRk-6hgO6L29ZDas6vPoOj7aJG4bEP1_ENRzeAkJbHi-Itj3jg3Fjx8fH0pxmaFQDcY8phmJl9mF9TZYyFAvV2nGcNu9bN5VQcsBz-8yE8xa_RyRtvW-yl1ygY--jhG2SyUTN4zgEV7BOlf_XK-aEmDsJZ9AR6fNiQTJD3c8wHPjE6aIG4kFNQgz2GRgTcqqK19QGcK5bhX0wqHcQ-dk2HbR8ZfRT0Ku-b-7y0UMZj_ynBQzSAzfbWNxGYdlZmO5npFr-VqygfKJu4oGlkarJhqVhxvRxFwODpRTRzK1WzpWVcSdEVNmhnUq7OI2P7JIX6xq&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c351c7b3-a819-11ef-9358-e312637f7d78&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c351c7b3-a819-11ef-9358-e312637f7d78&calc=f326424f366fb&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin was found to be: Shows suspicious behavior.

Malicious Activity Summary

paypal discovery phishing

A potential corporate email address has been identified in the URL: [email protected]

Detected potential entity reuse from brand PAYPAL.

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 22:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 22:24

Reported

2024-11-21 22:27

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=taLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtaLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw%22%7D%7D&flowContextData=1rISB52CDeQpw-10RoR1U2Yf5JytQhNmxmV00n037FT31116cbQziyVRzG_K2JPLQTuj933Pu2LVyTGAyhOFKRna7TgSJ5BNEHtDGd9lVJbwRcnPG_TwQTI8Pv0a-n082liTIs9KYtavb26ub8E6vmypYCiom-BrihXvs75oS8UEZKK-THj1nGi0gDa5UagEQscwfooQqK5oDMP2RkwhJfg24sXPcphl0e0pQZ4ZVbjvMAeVLQaBba-eRk-6hgO6L29ZDas6vPoOj7aJG4bEP1_ENRzeAkJbHi-Itj3jg3Fjx8fH0pxmaFQDcY8phmJl9mF9TZYyFAvV2nGcNu9bN5VQcsBz-8yE8xa_RyRtvW-yl1ygY--jhG2SyUTN4zgEV7BOlf_XK-aEmDsJZ9AR6fNiQTJD3c8wHPjE6aIG4kFNQgz2GRgTcqqK19QGcK5bhX0wqHcQ-dk2HbR8ZfRT0Ku-b-7y0UMZj_ynBQzSAzfbWNxGYdlZmO5npFr-VqygfKJu4oGlkarJhqVhxvRxFwODpRTRzK1WzpWVcSdEVNmhnUq7OI2P7JIX6xq&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c351c7b3-a819-11ef-9358-e312637f7d78&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c351c7b3-a819-11ef-9358-e312637f7d78&calc=f326424f366fb&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Detected potential entity reuse from brand PAYPAL.

phishing paypal

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{EF426323-30F2-459F-9FFE-DAD47178F482} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2736 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2736 wrote to memory of 2780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=taLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-3UE08848LD4431933%2FU-0MS034988G838440A%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtaLzfjr4YgYU-jC39Z5IexrcVx3uR8E9iE-XPw%22%7D%7D&flowContextData=1rISB52CDeQpw-10RoR1U2Yf5JytQhNmxmV00n037FT31116cbQziyVRzG_K2JPLQTuj933Pu2LVyTGAyhOFKRna7TgSJ5BNEHtDGd9lVJbwRcnPG_TwQTI8Pv0a-n082liTIs9KYtavb26ub8E6vmypYCiom-BrihXvs75oS8UEZKK-THj1nGi0gDa5UagEQscwfooQqK5oDMP2RkwhJfg24sXPcphl0e0pQZ4ZVbjvMAeVLQaBba-eRk-6hgO6L29ZDas6vPoOj7aJG4bEP1_ENRzeAkJbHi-Itj3jg3Fjx8fH0pxmaFQDcY8phmJl9mF9TZYyFAvV2nGcNu9bN5VQcsBz-8yE8xa_RyRtvW-yl1ygY--jhG2SyUTN4zgEV7BOlf_XK-aEmDsJZ9AR6fNiQTJD3c8wHPjE6aIG4kFNQgz2GRgTcqqK19QGcK5bhX0wqHcQ-dk2HbR8ZfRT0Ku-b-7y0UMZj_ynBQzSAzfbWNxGYdlZmO5npFr-VqygfKJu4oGlkarJhqVhxvRxFwODpRTRzK1WzpWVcSdEVNmhnUq7OI2P7JIX6xq&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c351c7b3-a819-11ef-9358-e312637f7d78&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c351c7b3-a819-11ef-9358-e312637f7d78&calc=f326424f366fb&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda8d446f8,0x7ffda8d44708,0x7ffda8d44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5176 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1686404969337570344,14823045532531623335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 ddbm2.paypal.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
DE 108.157.4.104:443 ddbm2.paypal.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.131.1:443 t.paypal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.200.35:443 www.recaptcha.net tcp
DE 108.157.4.104:443 ddbm2.paypal.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 1.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 151.101.65.21:443 c.paypal.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 c6.paypal.com udp
GB 34.147.177.40:443 b.stats.paypal.com tcp
GB 142.250.200.35:443 www.recaptcha.net udp
US 8.8.8.8:53 lhr.stats.paypal.com udp
GB 34.147.177.40:443 lhr.stats.paypal.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 21.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 40.177.147.34.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 226.68.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 hcaptcha.paypal.com udp
US 151.101.3.1:443 hcaptcha.paypal.com tcp
US 8.8.8.8:53 1.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.paypal.com udp
US 8.8.8.8:53 paypalobjects.com udp
US 192.229.210.155:443 paypalobjects.com tcp
US 8.8.8.8:53 155.210.229.192.in-addr.arpa udp
US 8.8.8.8:53 use1-turn.fpjs.io udp
DE 35.157.212.223:3478 use1-turn.fpjs.io tcp
US 8.8.8.8:53 browser-intake-us5-datadoghq.com udp
US 34.149.66.134:443 browser-intake-us5-datadoghq.com tcp
US 34.149.66.134:443 browser-intake-us5-datadoghq.com tcp
US 34.149.66.134:443 browser-intake-us5-datadoghq.com tcp
US 34.149.66.134:443 browser-intake-us5-datadoghq.com tcp
US 192.55.233.1:443 tcp
GB 34.147.177.40:443 lhr.stats.paypal.com tcp
GB 34.147.177.40:443 lhr.stats.paypal.com tcp
GB 142.250.200.35:443 www.recaptcha.net udp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 223.212.157.35.in-addr.arpa udp
US 8.8.8.8:53 134.66.149.34.in-addr.arpa udp
N/A 10.127.1.66:55149 udp
US 34.149.66.134:443 browser-intake-us5-datadoghq.com udp
GB 34.147.177.40:443 lhr.stats.paypal.com tcp
GB 34.147.177.40:443 lhr.stats.paypal.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_2736_BPRGMDTWDJDXDOWM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e714e7ebe39f59060de78a9354ddcda
SHA1 65ed8d4718e9f9233bc46de883811a6f443a7c8b
SHA256 0c7708cca975a92230b8d815be5e43832a28efc4538f0c53b0259a6ce2f97779
SHA512 d0ae0f093fe3127ab1220862dbb44d5d14437afede917e46e36306267ba668a477d77796a021f7913ef8c090c76e26e9e1aa1c64fdd5fc80f3cd29a9bb4268fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 2be38925751dc3580e84c3af3a87f98d
SHA1 8a390d24e6588bef5da1d3db713784c11ca58921
SHA256 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA512 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee924393b530c437b8d6ca0153591d17
SHA1 e18d18916e19e0f01257c326bf877b24c8f7f3a4
SHA256 dde41a4dc09c5fb6616376e7daad24d1d11b7f0ebb2733700a898e31c028905d
SHA512 ddb1e2df5380b35e006561c6e57841ffd5ecc3fa44e5b7b1d3020dd3c73306d8d27a69f4db8df7039b6695f894bf513eb830d8578cd2fd5c5c5ec3b7e0e74238

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4686165911569c21cb251c460ce208b7
SHA1 905a0ec31bc75b07052863fee83df074b7914032
SHA256 707e15b21be48118d52ee8cc5bf363bcdf98ead0ab5da9ea949c778668ec4d97
SHA512 b5f8575a4f8b6d29446e00562bcf19e727d1150f007899a257fd6d6b110e8b15c6eb9b6c01ee845683084a8727ded2462ace457a58915619fdc8e20d4fc20007

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 026965274f206a9cfd793333790cbd91
SHA1 5b22e1943426b6948bafbf5fba464a1dbf2fef71
SHA256 07f921fea3d57f9715099278d5a1a0e4387394b02d4d76c7ac8977d5259dd03c
SHA512 3e0181f90170a3482aea6f25c8c84f5518d1b2e8713b9f24888a1ea4bcc26372c3bc53a3c2f2aa5a51a729848d8156b96deb5bec506997f20436ff5ec2eeadf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c23c254da050ed8344a5905cfcc4338
SHA1 4204c1f9365aa3f079383afe526f55f44fad2fb6
SHA256 cf3f19b8f1169da6ca7f4a859b7cbd59172eb083403d2a6ad96fc6ace0e1135e
SHA512 04c056dd3e046840a8f0467835b8b9ef7cae6b0f60669cb7c4ccade46c6ee2cae564e73bccb82db3ea957ca3b405dc48506fa9c91c934b3101b39d5b5b85102c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583851.TMP

MD5 e811a59fc5e8ef6e79000d0865b646cc
SHA1 3db5c7bd49264338c96321b32e32dfcd7dbed67b
SHA256 dd7c3a6e08e349bed7d3c0b4290ef091eaa6516d15a7610fc33a4bd7e5a5a700
SHA512 b81e55f2b26d333ba58b398dd1be13383b7c93b3793e3b4609f687e7e02dd49429407e16f78647c46d26593821f4fa4cbdc082684c4538a1dfaa6d5318f25beb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0ced0f955c6087ee709b9cc976868933
SHA1 5640ef394cd519e87f056389a2931bb7ceda7a23
SHA256 5dbb60a617b29909bc8e2b9909cc8990663facce8be200e187e00b17f29f3d97
SHA512 d1bf6729b6039d4865cbd1bda50d6ff57f38a3ac5aab76e8c460445e26a54dd7ef5ed4d9428838ee7640094616ce95981a5f77c95d079d7c0083c16c2c7ae4cc

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad1d11d0578af8bf1fd55135b826f8be
SHA1 535aa051850efb276e7b8c0a032799cb18ec4844
SHA256 f87c33d2b509e42fc76555ce6784fa3ff4b4cde0d7fe46548d72a30b56307f5b
SHA512 057d910505afd3aef49f206f80c28b60a426a09fa6365c5c195894a5c0c3b93596870da41c30ff0a44a83e093b0623d3f47420ea4c095b59d8f8083b661ae061

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5d90e8e184f5e5f367cbe16a6104bb90
SHA1 111c599e27fcc29fecd820519f42b4b24a3026a9
SHA256 2aff458324590c58168ed799b1718e4841b965cded2a0c3ce879a1534d2e02c4
SHA512 db377e0637fa764122503b48f737537c84d7504dbe0e9cb546ffdee8419b27219ac92df24bc43242f89273ad915458112516173b26f01b4519fab426294d64fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c634e67ce86907457a3e755e2e23025a
SHA1 4b0c68eeee5d91d5bbb65b7a4c1c205e83fe36cc
SHA256 2934e4556c9fb1e4c65f42a249431eb7c36f7afab28e639c054ee7adbf1cf529
SHA512 7d94aacc0a49bf105026b29bcbeda370952b2a5010aa2712373d47f39c8e077fd6b1bcbf874eb68c40a5d3561a62c337b57633e7d3be7c54e0de4ca5dc2e3bd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 01696a70a6a422b00827906025653061
SHA1 cdbe2e350382f7e5daefbae13acecda221cd2eda
SHA256 e82beb3e12a894f952e81ba9d43657df22a8bb222b52081775cc15c592ec8dca
SHA512 40f5e66bf058172bd7a9536cbaba8f94c1eb653f81c34b9950721849295c3f602075e480cd9a3b061d6fd78a91c477ab8bec109cb464f773a970f3c715b75171

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 3c644abade6411b60ef1f6b84a54ecdd
SHA1 d54ec3ff8ab43dc3e98da409b181f270f4605d20
SHA256 5cd644da3cd0af5b61ddaea72ab6df13a6fe26b9a8fcd0e9a06b59a76d38adaf
SHA512 293a6edbefc996388b4a4e96f69ce0546cba6addd28ca4943e01d8653d09d817ff33669a0b848151d90f66abc3710aaa0504596198901ea39482b31155981f7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 71a948874fb937a672574a29ef18ee90
SHA1 adfad9db35d9707917286b38086a97f538f6bd76
SHA256 b50de42a5947b63f7bb048adcbc894d50928bedc7072bb6e35d9e41d22f5032c
SHA512 fee0165035dbeb56367a2f6dc0c1850879206f48ac3fd86038da73c87ebd3b0140f0f281bdb5b6ec55bae7de8162ca8e27a367fe47512fc85a5242d2f53fea66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4209a6187bc58debe1c391bacb754c18
SHA1 58953c4296930f1239e951a3dd5d32c1d2e28a8a
SHA256 836dfea35428547d9a521c25236f3ed853650ccf483e2932960da000e5287ef6
SHA512 4826d76a95df92b26c348e9efb4b3bc070c91c5c70db598b9a50168dbcc6a429dfd273d5a41338571de18ffacc54346913ae659279dce4b5a5909c4c4d79b05b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 8355f283c8b5b0b6cf5af16685c6ed8e
SHA1 e1a88fd7e2776779a374ba4a81c0367082894675
SHA256 165d0214613ebc1f2a0ce484ebe2c9d45d5743dc6fd2726a3cbf11749e317e0e
SHA512 d2779461e7db166e218142f11d1dc16e3861558b26346f9fef383750a0633ac6fc96d4c8e047944dc125968c4b8140ab727df598a75693b716c3bade33ce8dfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 e319c7af7370ac080fbc66374603ed3a
SHA1 4f0cd3c48c2e82a167384d967c210bdacc6904f9
SHA256 5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132
SHA512 4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ddc452f1074c893a487edc4964fe447
SHA1 e298829f4b93cf13c7118c448838f07f41234d53
SHA256 d065323ae38da78b054848fb8d8c8feb61b3c6792eeb57212c2eaa495bb077df
SHA512 f108cfb1ed05aaa7699e7971d202329be1d5b320754225cbcea9f4d84d5d933612277a2ec78229e1b6cd6a030f95a59b0532b5d2680bb3c15f480eb0cb552ce8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 810579177bbf6e2455a06d6da2884330
SHA1 26457d54d95515ecc93dc78e0904613c83d84990
SHA256 3e29af6f5e66f12daa70b58518f4c831ff85bd03049f3aa0cba6043df9133699
SHA512 a48a1223a2a4e9b5910eda753cc54cf402c34f434f17587c6f29fca2c970f603ba51168c3abb2f9d971f957393b4a7eae43b8029938dad21f45920808a469711

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dc516c2247fdb30d569141965ec482b1
SHA1 1ddc5d7dd4958a11fc2a75a34f5482173af72f5f
SHA256 532ec50d0bf522539132f6d23ba28f97789c39f9c36ed02b97ae14d29df54c06
SHA512 1899bd7703e1764dfb86cd279384fa653185516018187a2e31a771cba9e28742eb5c40919c6b431a4b1e287c8c30d4ab3f384932be2ce9ce9d62ea1e3a24172b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b64a61d3521a9b1a716ec40bed876a79
SHA1 3e21c6259d61ed53ccb31fca341d78e97f6010cb
SHA256 48c1db2ed51d04a72147c12964e5a1e2dac1563c53741ef1b0ebc52e2e61f38d
SHA512 5f706d669bf6b9dc3cd1fb4f17c04ff851dbfb377bafdfa68096b596397e86b4f128cb2d3de02206925871736b6e15fd00b62709106001dabc5d8efd1e9a25e9