Analysis Overview
Threat Level: Likely malicious
The file https://github.com/ValdikSS/GoodbyeDPI/releases was found to be: Likely malicious.
Malicious Activity Summary
Download via BitsAdmin
Browser Information Discovery
Uses Task Scheduler COM API
Suspicious behavior: LoadsDriver
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-01 14:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-01 14:56
Reported
2024-08-01 14:58
Platform
win10-20240404-en
Max time kernel
143s
Max time network
141s
Command Line
Signatures
Download via BitsAdmin
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bitsadmin.exe | N/A |
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133669977956581141" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ValdikSS/GoodbyeDPI/releases
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffab44c9758,0x7ffab44c9768,0x7ffab44c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\russia-blacklist.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\russia-youtube.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd" "
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\0_russia_update_blacklist_file.cmd" "
C:\Windows\system32\bitsadmin.exe
bitsadmin /transfer blacklist https://p.thenewone.lol/domains-export.txt "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\russia-blacklist.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\2_any_country.cmd" "
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=824 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4812 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2960 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2960 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.0.667621642\805717576" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e633c02-34d3-450e-897a-485182c431b8} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 1796 207dfef7658 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.1.697477840\505997619" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c3386d5-6739-4a7b-a343-22394c055ce0} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2152 207dfe03858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.2.1718478321\763905606" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2780 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d62b9127-6912-483c-8a32-c8cade99cdcf} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2772 207e4196b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.3.824133752\989408939" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 3388 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61c4e923-f57d-410b-98a7-9a6b28972087} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3440 207cdb6e558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.4.1446569346\1027439535" -childID 3 -isForBrowser -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ceeabe54-0a08-4d0b-bd70-8410f9b64432} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4428 207e50a8258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.5.2078080118\501641199" -childID 4 -isForBrowser -prefsHandle 4760 -prefMapHandle 4756 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {117b661c-452b-496c-bcc0-633c524e2a31} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4772 207e63d9c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.6.28508553\1551814894" -childID 5 -isForBrowser -prefsHandle 4908 -prefMapHandle 4912 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f3f3d1c-0c43-4a24-98ca-a48ef9ecea4e} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4900 207e661bb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.7.1372092033\2048255871" -childID 6 -isForBrowser -prefsHandle 4900 -prefMapHandle 4988 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f8c8b46-9799-49a1-9afc-bd41c268f6cb} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4748 207e661a358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.8.404149715\1731975499" -childID 7 -isForBrowser -prefsHandle 5076 -prefMapHandle 5124 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a68bced7-552e-4560-85d6-305cbee98728} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5104 207e78c7258 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.102.95:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 95.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | p.thenewone.lol | udp |
| LV | 195.123.208.131:443 | p.thenewone.lol | tcp |
| US | 8.8.8.8:53 | 131.208.123.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.27.99:443 | www.google.com | tcp |
| NL | 142.250.27.99:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.27.250.142.in-addr.arpa | udp |
| NL | 142.250.102.95:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 94.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:50106 | tcp | |
| N/A | 127.0.0.1:50112 | tcp | |
| US | 8.8.8.8:53 | 122.28.160.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.27.91:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| NL | 142.250.27.91:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.27.119:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.27.119:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 91.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.102.84:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.102.84:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.27.106:443 | tcp | |
| US | 8.8.8.8:53 | udp |
Files
\??\pipe\crashpad_1340_DHLEPHVNVDZPHMGB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\90bd831e-226f-4989-86d2-1771e612078d.tmp
| MD5 | e7e3630018a175b4f459484383491a8f |
| SHA1 | 4525f5813eda359994c744dd11ce1a20a92523ef |
| SHA256 | 873de5a0583fa6d03ac3d34e5270fd7e5735dc8b0169a2d5c700685c4c4020ec |
| SHA512 | cbc54190916db678659aa81ba6f2a91b3bf599da9c66463e77a238ac515c3ea666ea4c22c5a399c3fae11a000efa35ebcc30ea2f8b625dfc2563b691faa8f676 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80f7534c2d232adf0a339b6cb290d231 |
| SHA1 | a7d7ec69c9e80a21914e0fc3e5ab2f6e24563491 |
| SHA256 | ea5191731ab1754734dacac43fe72f2bb24aa800003f692eda6ea95f83458fbd |
| SHA512 | 8bed15a9a46392e67604cb091d15286de1e60c88819d7a8540f229016ce9f996bd39fe41f336da8496f38f631a098cf742b80aaf8416de5d791bcd8970a4e7b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9d6c5061bbd450f9322979248f9d427c |
| SHA1 | 94a9da5d483715c4cde25350ee4accdcff39e26f |
| SHA256 | c0c64b17ac941dfefb05cdc2e3b056218a1ac0e607c6bd9535f8208cdc75879e |
| SHA512 | 554436a8974a44394be797b3f1f863f9b6a148b1846cd022acfca294a5adb286ba92fb88eba228017495e080fa39bed7ed51e8e8ded6eb006a7a81f1a78a2e94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ebf43e0a6f42f6a0f790bb19b64dd237 |
| SHA1 | d870de909937f9026e8e3ecd5cd6b4c7e3d4670d |
| SHA256 | 37b263fd7a652256fbba82ab6401d1d67364dea1f432ebd37e4c0b7dd16b5113 |
| SHA512 | 283511124f650c05ad3d14abd699fb059fdd912b7471b62d145713150a7af4566223e5c446e973b2e9061404f69ed9b541cdb0b8d3459018bd303f178bfcc576 |
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2.zip.crdownload
| MD5 | 41938d1256f900cdaca626a152ba5e95 |
| SHA1 | dbafc9a75213d46b19e8fd7a330b87bfd8c0b562 |
| SHA256 | e3ff0de76a44978ebd02b890f66be6f3f4320c99f8b443de1877d4e16a4a5443 |
| SHA512 | 5fcc097dec3144619c52f028ae1a8ffb0f6354779d86b5972017e57a0a7d1871ef2e3d6436c620e30a74d8ab969848b3bfcae979b96040f35ed10fdd184fba3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9a248eb1237dfe068eba71827b132ad6 |
| SHA1 | d193555303794dfc919cb753079f6d7a828cc952 |
| SHA256 | 4111aa33dad8087943a9caa3a7484949ebc7c1e2d24709381863fb2e66ff4379 |
| SHA512 | b21cd3099fc18e3ce7cde46fd07d98305d05010aed1466ea5146eec1c9496e184943642a25179b034f616f644b330b9b1650450edc0e97b8f4452690137cedfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b421d20f235e80a313510bb9ec5050c |
| SHA1 | 034a9f035d7c97301770f2ce289864f8e767b600 |
| SHA256 | a7acc91f47b232ab679868ff8b7e523904b064b795912ecb88898092ac5f0913 |
| SHA512 | d8235aea16d15a63f02366740fcd249864d13d7c8e6ee3698cca22e4b59d6f23e1b4086232c750344b775a06b13bd0f488a118f2292445b19763350b06c86ee0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8ffe9f384d9ce0161798c95c2c4de88b |
| SHA1 | 115ae42e5f256bc28a245730bd2e51e2c76e39c8 |
| SHA256 | b6d6db3bcf65fb868ea734f5ada24dd50ff539d88e798ac3f6d9b422faaacbd0 |
| SHA512 | 60d1168758b2be92a293d5b4a88d2aaba91af41dccc0557875b929f35d72b7fb8b5409b95011a73a0496985ec32a5452b93cd5dbf640b16b3e8786748caad6ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 595acae602b30df6c90ef450c7e1af9a |
| SHA1 | 45317440e88b3810898f496d05412c5a022081b8 |
| SHA256 | 9e895a99e36b88259d684f0711aed175fe81c61a9cf0f450c2d999dde4d4996a |
| SHA512 | 28ba0c321d9aef4dc5978a9ac1dd2ae624d30f50819357171dff7be24c516d14536a9085d9afc0d7836d983c7cb491526b314f1976d3d6afd2dcc1f01297663c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d8cc.TMP
| MD5 | c0bf612d09734a50116f4f9316bf7be0 |
| SHA1 | a9a82f6da98c9f4dee83f6c6adc3b188d0143e96 |
| SHA256 | dcf64928ec143e585b3f4775f80921c92d17250e950ba0765557a5c722d8e45d |
| SHA512 | 838dd1a22c4776efda05c2169ca25ed08b9e500f848a1128237317c12808110c6dc1889cc625352cb46cd365516fcf5cd510275f43f266a0cdeb59038558bb39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 42ae0ce1a0b0c2144c4a2e4938d1ffae |
| SHA1 | dad5711e7d42269230732dc0f7e6ed3da9e3382b |
| SHA256 | f69e4d5ba5b983aaf7e1220fb86e386939f010a1785f267d87446462707dee3c |
| SHA512 | 92cb4bcaf3bff1f6397566a521b8a5fc65cddf27793852aba5347dca883db60e99ca25796794578f3c1d7ad3c1b5ec559d5c15e1cd5b5df29ea39fe612aabac3 |
memory/4568-215-0x00007FF7DAF80000-0x00007FF7DAFA0000-memory.dmp
memory/4568-216-0x0000000062800000-0x0000000062813000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 04fdd1b3a11808cb4d9deb94ff201213 |
| SHA1 | 9e4d63270ef732eea80897bfe2ea27c916611827 |
| SHA256 | 6153dafb637a6071927be1eac5a6da7022088f67991f415d8a844a13baf971fe |
| SHA512 | 99d89242f13be09d1c0ad555ab4e05a9bde976bec99fd9f5d6b3e4a209ff6bb6b12ff104c58321583d8b1d57d7431585b5c0628b24f620bb681e30c58d31c84f |
memory/4568-226-0x00007FF7DAF80000-0x00007FF7DAFA0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7e30cc65c4f27703e61eeec1bdd95607 |
| SHA1 | d8f47f01c218dbd6c96a8fbd588b0675f2412034 |
| SHA256 | d90644eee10e6ac43635ab308456af1bf38cc1385999c2940e647229e270a681 |
| SHA512 | 07af91a61e5ea45efde07a764bd96aea33cdc96ce895b6060a0c6c1fad20599e051bc558a0985a89ed707561a16948939ac86c1f24d716c7b3023a1eaebc1d20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d8605a399970cd3342b3dcdf63458ad6 |
| SHA1 | b3844ba754b5eb60712d76c2ac531e5af7326f2a |
| SHA256 | 84e131ec664e387f546d79729cae4f07f3f366ce91160ca35a7e331e37466790 |
| SHA512 | ac913516fa1634041bdf3752e27c686caa2e1ac19466f090643e8993daa53bb64ebaa8071721c5982c471885691ceedef1b22188c35c59ec785052ea99081865 |
memory/764-246-0x00007FF7DAF80000-0x00007FF7DAFA0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d1780c5184a19074f8ad846dbf0d170 |
| SHA1 | acadf5af1714742c619f04e8e61fced052e55851 |
| SHA256 | 973b0c2a7565a975bc2c7a40936f0993660aee8106d1c08381d98a900bd64828 |
| SHA512 | 8ae486f7b05c8dacbc0bb344d726fc5657e97fb38a41ffa3b193785bc1a2e07ff0b46cd31cc5d4d97348c9f1654413c25fe7d67db2d28116a52c5ce14d7314be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8a5b7873611d33bba83c6b7cf651e7bb |
| SHA1 | 8205dc17878a4f8abe133c24dca9c5d3c27db322 |
| SHA256 | 9043b3576407716eee082c24efbdcf868d9e479f4c50860a8d85c7d31679929e |
| SHA512 | efa39dcee52a6835250ade807b22af5f94b8180332a419284cbe27cc2f8beebf7fe4af061e682de40a0871af794579ad198c865a1c35580713223da711ebc5c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3c867332902637dbebd97e21cb091661 |
| SHA1 | cd4e491ffab30844f9eb3bf9093dbce071689c1f |
| SHA256 | 0b6d81dbf538cfa4b1b49b74ebfb00317f6e353eea2f8a730b140dea3ccac112 |
| SHA512 | 2991d1523ce2c61d03842e501d3637a059157a0418cdda35f9bb7044df1c78e1573467849a36aeb0256fa6535f6c98cf092ca7a8043822d6ea6704d4164d51a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\3d2366d1-be75-4310-907e-710a47a22dcf
| MD5 | c6a9239fa89934dedeaa8d504fe2de23 |
| SHA1 | 58b87a8ea88d2ca214f5694a3d00ac676b075002 |
| SHA256 | c99aae341b0740d67f643eaf7fb8176f510e2d7add5f649657f10c3eb914d225 |
| SHA512 | 15b39e35c12376e7722fc2af2557d94ff9dcf03790b8b13a31be364be10d1155b9ddca6938e539fb8a7edc0decf46f720026aa289face9b620a1e391d7f13328 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\3fa321e5-9ef2-4ba7-8df1-28580bd8cdf4
| MD5 | 7b9c9f2c1c32955c0392eb4e47e0ebd1 |
| SHA1 | c80380fbba7619928f2ed61c9d756e52409856c7 |
| SHA256 | 9a0456fe4ff31591fb3039a8f19b22e38677132a784670a27cfcfc6b568c2c1f |
| SHA512 | aa697243497361d140b9880dfe10cdff5eabb9122a1c15908e25ba5d60fac252091324f246461cf6294ebfab5560fa24b8c797bdb8066afb451457a65a3a0387 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | d27186a2b17518220f64d312591ea154 |
| SHA1 | f7f72536c306b75a1da52ea36ab3db9813933772 |
| SHA256 | bef72974a0f9083434c6f421c27c9c543b4917842eb1dbe94c86aafd943cf315 |
| SHA512 | 20a5cd9d29432e3ad59bfc1a59ab1601f497481ef0e3fabf82e7c671f75bf716c0abe4ae356597358dffbb7a29fc9c87016713c3c7941951c4b782797376a7e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 7f868e557b098795d645df9ea302427f |
| SHA1 | 001f3306144559b4049a8ab139b4139f51e59c0e |
| SHA256 | b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5 |
| SHA512 | 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9d6ab238788a3d748f9aa722bbba71c5 |
| SHA1 | 3275761d3133adf4298ec0f3ab208db1aea3ebbf |
| SHA256 | 235080df662f94c8f15e1fa931398a4d8d17746ade164ea6f121368f439e8fc6 |
| SHA512 | 09fcfd7156ff52ca7655644369c1467a6e9fcc4fc40ac089413949b1fb61df645ccf57daae823b3715ce67b075f070ec8bde4106785f5931af2c4786388cac01 |