Malware Analysis Report

2025-01-02 04:25

Sample ID 241202-tfgq4awqdq
Target https://url.uk.m.mimecastprotect.com/s/xrQpCRoYpsvLL04vSNhgI1pa_L
Tags
paypal discovery phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://url.uk.m.mimecastprotect.com/s/xrQpCRoYpsvLL04vSNhgI1pa_L was found to be: Likely benign.

Malicious Activity Summary

paypal discovery phishing

Detected potential entity reuse from brand PAYPAL.

Drops file in Windows directory

Browser Information Discovery

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-02 15:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-02 15:59

Reported

2024-12-02 16:05

Platform

win10ltsc2021-20241023-en

Max time kernel

300s

Max time network

283s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/xrQpCRoYpsvLL04vSNhgI1pa_L

Signatures

Detected potential entity reuse from brand PAYPAL.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133776288102255119" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4896 wrote to memory of 3912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 3912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 1412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4896 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/xrQpCRoYpsvLL04vSNhgI1pa_L

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff827facc40,0x7ff827facc4c,0x7ff827facc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1632 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1892 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4332,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3364,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3392,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5000 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4588,i,3798853624963188576,8209812063011167074,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4800 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 27.252.100.95.in-addr.arpa udp
US 8.8.8.8:53 url.uk.m.mimecastprotect.com udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
GB 195.130.217.187:443 url.uk.m.mimecastprotect.com tcp
GB 195.130.217.187:443 url.uk.m.mimecastprotect.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 187.217.130.195.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.65.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 21.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
US 151.101.131.1:443 t.paypal.com tcp
GB 142.250.200.35:443 www.recaptcha.net tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.131.101.151.in-addr.arpa udp
GB 142.250.200.35:443 www.recaptcha.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.200.35:443 www.recaptcha.net udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

\??\pipe\crashpad_4896_FNILEPKUFRAUNBSY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 2be38925751dc3580e84c3af3a87f98d
SHA1 8a390d24e6588bef5da1d3db713784c11ca58921
SHA256 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA512 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b68db45ae9f314ebffcf87255b1318f4
SHA1 0e02bee5ce296538564c784df80205084e6dd39c
SHA256 8d06d34cfe2b0a9f70202d85704d1d44a749be79ca0227baec4fd19bfa98406e
SHA512 c2a0551370f3159980581282d366886cadbd9c5bb1d749410424ec2eebae0a9e0647bf6f0ab3625a3ddc556538428a54b25fc7d769a846afe15c30ccd02b9b95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 46771c5ee4cb936c2251f4a7f34fec0c
SHA1 d73c917930c3801eccd54c6ee3eb36c8c21a41f5
SHA256 53fece723e9b0204638a8375139bb19946c1bd08c404cad3b5c38fb8c1448b53
SHA512 478bd538b9564fa33fc50ef25229f9402dfedefa56a8cedd3034e1bc6cc39666ec36fd1b96b532efefede434dce05fa3ad70cd18462fd2ae0a6f8b8e4f080d76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41f1f820d1a477dace6566753222e2d2
SHA1 53ccf2b5c73f820576704ad9b49f6f2dbd371f95
SHA256 c719d00c6ef30fef7e92d2798cf4dc39503e789d5fbbe37879cd2ea3227f580a
SHA512 908129577eae86bfc3468af9a74d751bd911708ea1f8b9ff3ad6c6cf5a0a0eeb15a6fa18404d94beb7602fa435107a5b6d24501d30027c471bc6163e3d3b839f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d28b1dbbafe010c33f25f3d7765ac75e
SHA1 8998039d5d65b372a5a4b3e83bb85af5da6ef351
SHA256 18af435fcfe14363de4ccf54a35b844f94f2f0cb09634751f4e9ad3471e5bed6
SHA512 96b3fab92964d70faf608a44bba045cee5ec52f1b3ba2af1b788fe3bd423d31c913d6947aea34d7da7fba7c5e2b372c346eaaca87f9f0fa8e2824da2b542960d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac26d58f3c7e8961d881616681875764
SHA1 fbb6a3428751ec2aa1426a76034ff873ee3f3efb
SHA256 df90d6f21e6600a9a044410f0085791e1447ec54481e94005d7576b444731d0d
SHA512 fc5d5ca958053c52367cb2c8ddcfc77b74795e1ff91284d4f5d6b57b2f93a4aba4add57802dd20e4efd5ca954c54fa8f737c906dfc501964773923eaa66110ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ebac598a19a3b7cad6f0bee1975665b
SHA1 3f3edd11605293e3334de58b70276a5d9a5e13db
SHA256 d2034edc20dc4ead05aa95bd4ee1df083a950e9bca914e6637d9923a9757d4bd
SHA512 25f2b9283899449796927dc8159a14a7f9e5310f083ac41df635bdeaf1b56885608ec618c98e181bd1ae0481df90bb38f806807351dc629be051c83cef998d79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27ea58c8c850d7727b488eed27b0fd16
SHA1 cb37ff84a4a99c1ba8464aae10a98662265c11c6
SHA256 7834d6450f6887c856434fe447f86efc50fedb7b0e0e61e7957bdbe8cbb07d38
SHA512 998482cde23077c3cb8cfa797a69e402f79ae4bc9355d3acdeb0c5c1845d16f5e23798e119e8810c5c14b484023822796c47738145ced142fbda133212dc7175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9d03574c4681f572bd5949b07e9b8bc4
SHA1 00c9ee684b4acf4b7da907bb556f1acda619b378
SHA256 370e8d00edcb60c049839aae55fa0221a1a234445c163912ada166d8bea42236
SHA512 697095de57f7bc1cf0fe11de4c7ac2f7479ec4620d9cba6b90c0c9a60a58565d36298b45e2f9263331987d2fcb40bb69cfefc9b3ca80ab0cc72f3e9329cf7073

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e2d1489573e44666ec46dabe7811ca1
SHA1 e82fca85de27e56bb2232e56361ef46c095b4bb7
SHA256 23cfa3bf9eabcb8752fd74f57f9e8eda0a40096ab070b21090bbaa3e32b947b4
SHA512 2651565426a551c874a3e6e5a8777dc8af0d8b6308b047422992e4f589c99974fa0daa27e2dd0b3649b751546efd336d24653c3343c4b95ac8dc17d2b4e99c58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7a2d8e89fdbaf5c5893d7c3f6211d148
SHA1 77cbc3d18971d0a85273e9781175939cc0de41e7
SHA256 1a73b4c1bcc5c72290e5bb8620efd3260eef513f9e04b618725bfc280362fe0b
SHA512 da53be603b1ab41fc4811b2b00bf10d4260578f1e2c25c7498444ddfb2a19a0aec97ed12892c895865a91b65bd8662c7006263f82bafac43543d83d1126d63f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26598c76182b663ccfb27da939194765
SHA1 5242ed0b929e61738c40d1918b54c7609ffae24b
SHA256 d923e402ece32bf47db7cb50ac772bacda4f800f254fd31ee60ef43a0e71052a
SHA512 a3d124f9d94f3ff72054dd3581b1420830b1affde8988ac78683e5dc6091f9b4ebec86bfdde4b0f6f4d803194b1fd96a320a4eab018bb1a404d407d213338479

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d995ef93e131a82e0dceb5a11d6ccb5
SHA1 e82d22c50af04ead9300f6080ff8e69764dec7bb
SHA256 f8fef8e7c035973d45fef398f14c96321b6f89e422af95122100c9ab2622875c
SHA512 3176083ac6ef783999acfde2d85a2207227e2fc56aeca65d953318da657248fdd26e57acaa33f16fda8662661d247496377ad8aad38a7213b21f0102379ded8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 daa06fc8c1ce381c3ef347bb3cbfde17
SHA1 d41057e67a9bd6364ed8dbee388b36b935d4940e
SHA256 f13549940865186e03eb88d023411e2944d0079eaf3cb307a234385e9ee980e0
SHA512 e87b8b557a484069a9f2155ebe79cda92da481eb4e8ee8f4b1c0d5f150987a5a257878cafee127dfad01597743f3a4b7493b3f902dac7d768460c679fe5c0050

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 449935bbcb0409ee589ed2ed9d088213
SHA1 941f584d9a1eda82417d6e8e8a802c0ac6fb12d8
SHA256 43d41ad502bb3f397f6de9dfec22075dfc3f3251d13c8c08f72e9783bf72f6ff
SHA512 f0a450ac6681eb79a5c33e835f9c333519e69aa773d978f927aa681ae17b71407cc7d4305fbb53d2e2baa3d188523e28a85eabd2ef4c62de558751ad04bfb137

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\754331de-fc70-42b5-adbb-59b24c93190c.tmp

MD5 9b4c8d08a0a7dcad51c53b7cf63573b2
SHA1 3c2a89b08b2e370044b8fd774056f2a698cf8cb8
SHA256 e7e0b2ef5a46c51873ec96883dfc642d67ef77dfd0d8cb93bba567703d3d65c8
SHA512 0485d1790071a0fa6df856e2ce5e9c35955f79d80ad5641d49c9132717a0e91d70541e0e68213d9cb5cc586791ac3b76837d4fb89815eb3e95f423341598bbaa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 02406a85732405aa2a0d0193141f9e47
SHA1 55f3cf2e9c7d942524fdcbc4c3855285cbf9855a
SHA256 cecd0f8af682075ba413f227a5c019e6bd17cb09bbc1eeadfcada1e427fac0c8
SHA512 b4899d5113864e02c924c23ee21e313b54b19f004ac10396428cd2eb3b6469ce9d8b80d276385cce33101c86453080ed1314fe30c49d63ff8032f23c755ba0ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9acf4537e64781b6de7ecee03d5bf05a
SHA1 c3c08827f730d13ab7bba298234b8f4cb950fd48
SHA256 d3ff3f1886f7d00ad64f48e88628af66739b338f02e60307a302b5959b3dd38a
SHA512 00dccc16c97a2dd568d0f6a2b8ae32831b57c07968e3d079e0dcef0bdcf860b04b28685ab888853126509ac6297ef85a1834014bae819027b591e7a8ea18a1e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac6259335dd20da4965741057bf3c3ea
SHA1 52129ba08c2e8ea5e193ac4eee2195060ab46373
SHA256 623c03e373af2fa83828a4f0bfa04775f7fb38aa04ceaf9a0217e0efe9d86ebd
SHA512 d5eeb5afbc9eea1785962db1cf37352b5d52e6ed79f286af01be641b1459d5cc7db63b5be277e1bbc94f4957067371068ae77c86146525a9a102a7e118dc60eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e94a828a1bde9c1224d35317286f0e0
SHA1 c4a0e5686a5277fcd826dc3ce035484a5290aa16
SHA256 22aa307dffcfc5637ca9b849f6487bae85ad2a654ca9d0da1b10bd9884d9e4b2
SHA512 b07387feffa889321a010e2bb739fdec639177b4bd2e08253b931646d910dbae4d89fc945c218345780a479432fbe28fb56df7837abd85a12fa77787322c7f91