Malware Analysis Report

2025-01-02 04:24

Sample ID 241205-zekn9axmcq
Target https://www.paypal.com/myaccount/transfer/claim-money?context_data=92Ie-KV8jY_RzZobxVPGQVLMOd9VyQG7j_RF-mSGj2cXJ2tUABJDvc80ceLGp1uZ0HwDYVA-U1DrGYczavMCSGQH3LguT6wVj7kwy5m7vKUeyE9rbaAG7-NEpGoDYTuWm5Fyq_1O_pRJFqDUY9CFRlKGzfie2mm2mYlqjkAEEw-wae4YBQhi7V67xjft78M4979PYKFMKm86EEz2ZiIgaQ63wP82wjlj3C-wH3idPNliPTj4uGaeEYx9pXO8x6xYQtjzPm
Tags
paypal discovery phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://www.paypal.com/myaccount/transfer/claim-money?context_data=92Ie-KV8jY_RzZobxVPGQVLMOd9VyQG7j_RF-mSGj2cXJ2tUABJDvc80ceLGp1uZ0HwDYVA-U1DrGYczavMCSGQH3LguT6wVj7kwy5m7vKUeyE9rbaAG7-NEpGoDYTuWm5Fyq_1O_pRJFqDUY9CFRlKGzfie2mm2mYlqjkAEEw-wae4YBQhi7V67xjft78M4979PYKFMKm86EEz2ZiIgaQ63wP82wjlj3C-wH3idPNliPTj4uGaeEYx9pXO8x6xYQtjzPm was found to be: Likely benign.

Malicious Activity Summary

paypal discovery phishing

Detected potential entity reuse from brand PAYPAL.

Drops file in Windows directory

Browser Information Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-05 20:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-05 20:37

Reported

2024-12-05 20:40

Platform

win11-20241007-en

Max time kernel

149s

Max time network

142s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/myaccount/transfer/claim-money?context_data=92Ie-KV8jY_RzZobxVPGQVLMOd9VyQG7j_RF-mSGj2cXJ2tUABJDvc80ceLGp1uZ0HwDYVA-U1DrGYczavMCSGQH3LguT6wVj7kwy5m7vKUeyE9rbaAG7-NEpGoDYTuWm5Fyq_1O_pRJFqDUY9CFRlKGzfie2mm2mYlqjkAEEw-wae4YBQhi7V67xjft78M4979PYKFMKm86EEz2ZiIgaQ63wP82wjlj3C-wH3idPNliPTj4uGaeEYx9pXO8x6xYQtjzPm

Signatures

Detected potential entity reuse from brand PAYPAL.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133779046840647644" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3704 wrote to memory of 2636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 2636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 3992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3704 wrote to memory of 536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.paypal.com/myaccount/transfer/claim-money?context_data=92Ie-KV8jY_RzZobxVPGQVLMOd9VyQG7j_RF-mSGj2cXJ2tUABJDvc80ceLGp1uZ0HwDYVA-U1DrGYczavMCSGQH3LguT6wVj7kwy5m7vKUeyE9rbaAG7-NEpGoDYTuWm5Fyq_1O_pRJFqDUY9CFRlKGzfie2mm2mYlqjkAEEw-wae4YBQhi7V67xjft78M4979PYKFMKm86EEz2ZiIgaQ63wP82wjlj3C-wH3idPNliPTj4uGaeEYx9pXO8x6xYQtjzPm

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd754cc40,0x7ffcd754cc4c,0x7ffcd754cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,13514137294616964284,1074726805270142699,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,13514137294616964284,1074726805270142699,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,13514137294616964284,1074726805270142699,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,13514137294616964284,1074726805270142699,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,13514137294616964284,1074726805270142699,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,13514137294616964284,1074726805270142699,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,13514137294616964284,1074726805270142699,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=736,i,13514137294616964284,1074726805270142699,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.paypal.com udp
US 151.101.65.21:443 www.paypal.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 151.101.3.1:443 t.paypal.com tcp
GB 172.217.16.227:443 www.recaptcha.net tcp
GB 172.217.16.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
GB 172.217.16.227:443 www.recaptcha.net udp
GB 142.250.187.196:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.195:443 beacons.gcp.gvt2.com tcp

Files

\??\pipe\crashpad_3704_ZPUDPRSWEOVDCPOM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 2be38925751dc3580e84c3af3a87f98d
SHA1 8a390d24e6588bef5da1d3db713784c11ca58921
SHA256 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA512 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 ea4de8e3d9242839c9168f1d794ecb7c
SHA1 7b9cf3a6c8f885c3632ae52926d76fc219136c19
SHA256 f81a84bb87fb7a024fca041245082944ee72a74f354a18dd23c447e3fa0a282d
SHA512 e95d11e17772398ee5b4347459c4bac173d4f2acb0b879b01d68641f49e7bde2db4e9dc2fa109722187a0ca68fb56fe514e8ecfa319c10d417f90a81720b5085

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e622a982f52f253f199a83eb988e3af0
SHA1 025c99e0e03e4e8c6ec91c3723444a79ce5122c6
SHA256 75b6b9b4ce9f376fa0c3d532e04b4fa7cd4819c2b63096dae8e58149ff331e39
SHA512 1c5f5b3f4cc5b63425eeb6b9a2f237cd2f1bfe34357d69d285294b3d77588a24640fb285aa4e6cfd4a924087853c2b696d58550e60648a5dce818229551832e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1568c07f75de343aaef58eff779827a
SHA1 2dac013cffe03204d49867a6e8a62a6855f8f552
SHA256 ef2e97cf4082fc539f3f7801bc99fbddda399452f9e1fae0a26ac73218cb8057
SHA512 d25f30d3e97c4fce1c96e6504f36474fbe10245038acc555eacea45eda43c91bb26f46786d52404caa55401491bb0cbf98df7c11ab28a2623107a3ffb4eb35a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3a948883100488f8ff0fad4fad6e82e9
SHA1 174b6616109fccddb9861537c47140814a28fd1f
SHA256 21addd0082e6a5e7639a4c177f8bbcf2a527b0f1d05e063e5368170ed95892d6
SHA512 57f5553e13674616c8592b98893ccbac2def9ac49db0965c9cd61ecf86f84b5b46fb353f10156b81f4f90db20dfbab2c5b96dd4f4a648b26c508cf9d58bc483a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 662ba54c5c02eaf926f6734729b04597
SHA1 96ca68c9367fa9b365379392a6a4e74d63989fb4
SHA256 877fafb348353d6e71a0cc92d550337f35377482f2af9f9cc149bd7d1a5d8d4e
SHA512 c9f291ec373d6d8a9023592c2bf562d459d76d043d5aa491be1f28d1aa9d853839134607598a7b85d3822730768494ef58b3bd6880983aaf142fd0ec84313d53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 498054ece95dd89ef6187b3930cd47bf
SHA1 0d97e6249c084c3cdf8d05241ea07baaa3be710c
SHA256 983a67310d95b874b2037aa5fb048444fc76930a774e1ffdafdb31ac816d8752
SHA512 0780ee43a43919e75c84dee14859568e858d704d8975c9830443b3b249c091aff30465f4a7c6e63fa3757bc2cad2ed1b873aca94514f35f93a070280dc85adae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f40f22e1140f78cefe7aee41fd8ace5f
SHA1 742936b2c4dfe3bf559815e18838daa1435566df
SHA256 26ddc9a5c371ec8b2fb0fcdc84b4221b53acc1ce3c6861f3b33542936ffdc77b
SHA512 37a3ef20438f079b0a64842e58ea539ee07d04ffaebdc1e5faa225ce8204fcad3d40d58daea88cb8dbd8cc9c377a47768ab50af608b59068417a9207301d340e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 336138ddb4ee0ad0ee976146dd0368a7
SHA1 e828b0584015cacc55c1c973d7f76c600bb82c61
SHA256 881dc47ebe0101479e3672d5e1da2b89d438465c5e60dd81ae95ad2eafd6e746
SHA512 eba64e4d260626531260ea42e16f7b56a5ac29f99a3126f8f1c1c55627175e59a25114fa82b5c41eaf1b6efd8f4f2fe04efb5a47478e9f9a031c204039b4fd0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 06171ba1ccdbdca271bbb7be43285539
SHA1 284eeab6c3c9d2ecabe615a8372358afe40cb933
SHA256 7ecbdbdb14e2ed0466d3e3e276181f782a8feb7d3d4ee34c0879a429594f28a1
SHA512 bd166d1ad6df489c33b24a9bbd08e8104ef86e8a701c2a67dd020eab3953ae17b4b0420d2cdceb35e9ebd7b9a4a56d289351ddb57108afb969387925aaa1b1de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70817cd0318c39ba09c05832a3b6085c
SHA1 319ff3a787a89402b4ca81b05c48c234281e41f3
SHA256 6ebb78a766344efc12a09de50e205b957cae4e2d9b071b6a91b5cfb48fe00f15
SHA512 0ad557446c8010c26d0ea5d73793256608cb6b28f56e624b4942ac839567b6fb0a31051bc282827aec9b511060f2de8eee4753e382660acbeabad8e0ea6064cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0374335da0110832d5d9dcf9338b4ab
SHA1 ab3b30474de050b3b116b0b0a141cb922f47fa45
SHA256 e374b8f3278bdc65e1e1ed7f00124f79987a20bdda55bb8726630ec20da4042a
SHA512 5f8e51c79d8742e5cfa046581742e7496c98d097a69bf979c76dacda8457e6eb498588ab46f0c23c7da46436c256d496d9b14ead8454458af99d8ef829b9c5db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b50657040786a8cd175d4bcec58b6bf1
SHA1 876aeca59ba71e15f02a51c20e1ccdcbb445c657
SHA256 374d7e89bf82a7dcaa25b3ec6e2f3f565a1983ee3ec05cda0f97eda60b098686
SHA512 cffb0888300222480950c5ecc0e4ae6157d9821ce982ea3a5574ed22728b1c197a418e8e1c59e9237ffb59416a882611b8c367b05f403df3450ff219a3a52288

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c67d9f3671eef33aa501ab7f5de6ec59
SHA1 67c0dca736fc9a4fb17fd38639589e8c999fc4b4
SHA256 18c89601f896bd60801cd5fe5d0efd540d70e83267486a0516e2b8e8ff61e14b
SHA512 20c64b40627e81c0e9abef48ae9e3da6130d27aef9e77a51ee66de43cc1ad3fd05741e16077fc9862de62310621c15129753cd6604e7835da1ad2a71afe071fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f06ee868c8a755d98241b3acb3f5315a
SHA1 411547a8f2f488b04da10e85179b1536acfca61a
SHA256 033044ad19aa4c561f57e2ed00e5b0f53d423be05a05955663cbcc16545b8a01
SHA512 adc708de434ed8a893c8819c5203ae6f92e9781226d1bd8390412c236a5f76eac3c386ab76769ec3b7dbfe4d4505945d803ec217786ae4de9ab441f7aea5b764