Malware Analysis Report

2024-10-16 05:05

Sample ID 240801-sa296swcnq
Target https://github.com/ValdikSS/GoodbyeDPI/releases
Tags
discovery dropper
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/ValdikSS/GoodbyeDPI/releases was found to be: Likely malicious.

Malicious Activity Summary

discovery dropper

Download via BitsAdmin

Browser Information Discovery

Uses Task Scheduler COM API

Suspicious behavior: LoadsDriver

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-01 14:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-01 14:56

Reported

2024-08-01 14:58

Platform

win10-20240404-en

Max time kernel

143s

Max time network

141s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ValdikSS/GoodbyeDPI/releases

Signatures

Download via BitsAdmin

dropper
Description Indicator Process Target
N/A N/A C:\Windows\system32\bitsadmin.exe N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133669977956581141" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1340 wrote to memory of 1596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 1596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ValdikSS/GoodbyeDPI/releases

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffab44c9758,0x7ffab44c9768,0x7ffab44c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\russia-blacklist.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\russia-youtube.txt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd" "

C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe

goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\0_russia_update_blacklist_file.cmd" "

C:\Windows\system32\bitsadmin.exe

bitsadmin /transfer blacklist https://p.thenewone.lol/domains-export.txt "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\russia-blacklist.txt"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\2_any_country.cmd" "

C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe

goodbyedpi.exe -9

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=824 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4812 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2960 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2960 --field-trial-handle=1768,i,3932745357729875529,14265548811515024499,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.0.667621642\805717576" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e633c02-34d3-450e-897a-485182c431b8} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 1796 207dfef7658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.1.697477840\505997619" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c3386d5-6739-4a7b-a343-22394c055ce0} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2152 207dfe03858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.2.1718478321\763905606" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2780 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d62b9127-6912-483c-8a32-c8cade99cdcf} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2772 207e4196b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.3.824133752\989408939" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 3388 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61c4e923-f57d-410b-98a7-9a6b28972087} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3440 207cdb6e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.4.1446569346\1027439535" -childID 3 -isForBrowser -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ceeabe54-0a08-4d0b-bd70-8410f9b64432} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4428 207e50a8258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.5.2078080118\501641199" -childID 4 -isForBrowser -prefsHandle 4760 -prefMapHandle 4756 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {117b661c-452b-496c-bcc0-633c524e2a31} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4772 207e63d9c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.6.28508553\1551814894" -childID 5 -isForBrowser -prefsHandle 4908 -prefMapHandle 4912 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f3f3d1c-0c43-4a24-98ca-a48ef9ecea4e} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4900 207e661bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.7.1372092033\2048255871" -childID 6 -isForBrowser -prefsHandle 4900 -prefMapHandle 4988 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f8c8b46-9799-49a1-9afc-bd41c268f6cb} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4748 207e661a358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.8.404149715\1731975499" -childID 7 -isForBrowser -prefsHandle 5076 -prefMapHandle 5124 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a68bced7-552e-4560-85d6-305cbee98728} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5104 207e78c7258 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.102.95:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 95.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 p.thenewone.lol udp
LV 195.123.208.131:443 p.thenewone.lol tcp
US 8.8.8.8:53 131.208.123.195.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.99:443 www.google.com tcp
NL 142.250.27.99:443 www.google.com udp
US 8.8.8.8:53 99.27.250.142.in-addr.arpa udp
NL 142.250.102.95:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 94.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
N/A 127.0.0.1:50106 tcp
N/A 127.0.0.1:50112 tcp
US 8.8.8.8:53 122.28.160.35.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.27.91:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.250.27.91:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.27.119:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.27.119:443 i.ytimg.com udp
US 8.8.8.8:53 91.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 142.250.102.84:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 142.250.102.84:443 udp
US 8.8.8.8:53 udp
N/A 142.250.27.106:443 tcp
US 8.8.8.8:53 udp

Files

\??\pipe\crashpad_1340_DHLEPHVNVDZPHMGB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\90bd831e-226f-4989-86d2-1771e612078d.tmp

MD5 e7e3630018a175b4f459484383491a8f
SHA1 4525f5813eda359994c744dd11ce1a20a92523ef
SHA256 873de5a0583fa6d03ac3d34e5270fd7e5735dc8b0169a2d5c700685c4c4020ec
SHA512 cbc54190916db678659aa81ba6f2a91b3bf599da9c66463e77a238ac515c3ea666ea4c22c5a399c3fae11a000efa35ebcc30ea2f8b625dfc2563b691faa8f676

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80f7534c2d232adf0a339b6cb290d231
SHA1 a7d7ec69c9e80a21914e0fc3e5ab2f6e24563491
SHA256 ea5191731ab1754734dacac43fe72f2bb24aa800003f692eda6ea95f83458fbd
SHA512 8bed15a9a46392e67604cb091d15286de1e60c88819d7a8540f229016ce9f996bd39fe41f336da8496f38f631a098cf742b80aaf8416de5d791bcd8970a4e7b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9d6c5061bbd450f9322979248f9d427c
SHA1 94a9da5d483715c4cde25350ee4accdcff39e26f
SHA256 c0c64b17ac941dfefb05cdc2e3b056218a1ac0e607c6bd9535f8208cdc75879e
SHA512 554436a8974a44394be797b3f1f863f9b6a148b1846cd022acfca294a5adb286ba92fb88eba228017495e080fa39bed7ed51e8e8ded6eb006a7a81f1a78a2e94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ebf43e0a6f42f6a0f790bb19b64dd237
SHA1 d870de909937f9026e8e3ecd5cd6b4c7e3d4670d
SHA256 37b263fd7a652256fbba82ab6401d1d67364dea1f432ebd37e4c0b7dd16b5113
SHA512 283511124f650c05ad3d14abd699fb059fdd912b7471b62d145713150a7af4566223e5c446e973b2e9061404f69ed9b541cdb0b8d3459018bd303f178bfcc576

C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2.zip.crdownload

MD5 41938d1256f900cdaca626a152ba5e95
SHA1 dbafc9a75213d46b19e8fd7a330b87bfd8c0b562
SHA256 e3ff0de76a44978ebd02b890f66be6f3f4320c99f8b443de1877d4e16a4a5443
SHA512 5fcc097dec3144619c52f028ae1a8ffb0f6354779d86b5972017e57a0a7d1871ef2e3d6436c620e30a74d8ab969848b3bfcae979b96040f35ed10fdd184fba3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9a248eb1237dfe068eba71827b132ad6
SHA1 d193555303794dfc919cb753079f6d7a828cc952
SHA256 4111aa33dad8087943a9caa3a7484949ebc7c1e2d24709381863fb2e66ff4379
SHA512 b21cd3099fc18e3ce7cde46fd07d98305d05010aed1466ea5146eec1c9496e184943642a25179b034f616f644b330b9b1650450edc0e97b8f4452690137cedfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b421d20f235e80a313510bb9ec5050c
SHA1 034a9f035d7c97301770f2ce289864f8e767b600
SHA256 a7acc91f47b232ab679868ff8b7e523904b064b795912ecb88898092ac5f0913
SHA512 d8235aea16d15a63f02366740fcd249864d13d7c8e6ee3698cca22e4b59d6f23e1b4086232c750344b775a06b13bd0f488a118f2292445b19763350b06c86ee0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ffe9f384d9ce0161798c95c2c4de88b
SHA1 115ae42e5f256bc28a245730bd2e51e2c76e39c8
SHA256 b6d6db3bcf65fb868ea734f5ada24dd50ff539d88e798ac3f6d9b422faaacbd0
SHA512 60d1168758b2be92a293d5b4a88d2aaba91af41dccc0557875b929f35d72b7fb8b5409b95011a73a0496985ec32a5452b93cd5dbf640b16b3e8786748caad6ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 595acae602b30df6c90ef450c7e1af9a
SHA1 45317440e88b3810898f496d05412c5a022081b8
SHA256 9e895a99e36b88259d684f0711aed175fe81c61a9cf0f450c2d999dde4d4996a
SHA512 28ba0c321d9aef4dc5978a9ac1dd2ae624d30f50819357171dff7be24c516d14536a9085d9afc0d7836d983c7cb491526b314f1976d3d6afd2dcc1f01297663c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d8cc.TMP

MD5 c0bf612d09734a50116f4f9316bf7be0
SHA1 a9a82f6da98c9f4dee83f6c6adc3b188d0143e96
SHA256 dcf64928ec143e585b3f4775f80921c92d17250e950ba0765557a5c722d8e45d
SHA512 838dd1a22c4776efda05c2169ca25ed08b9e500f848a1128237317c12808110c6dc1889cc625352cb46cd365516fcf5cd510275f43f266a0cdeb59038558bb39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 42ae0ce1a0b0c2144c4a2e4938d1ffae
SHA1 dad5711e7d42269230732dc0f7e6ed3da9e3382b
SHA256 f69e4d5ba5b983aaf7e1220fb86e386939f010a1785f267d87446462707dee3c
SHA512 92cb4bcaf3bff1f6397566a521b8a5fc65cddf27793852aba5347dca883db60e99ca25796794578f3c1d7ad3c1b5ec559d5c15e1cd5b5df29ea39fe612aabac3

memory/4568-215-0x00007FF7DAF80000-0x00007FF7DAFA0000-memory.dmp

memory/4568-216-0x0000000062800000-0x0000000062813000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 04fdd1b3a11808cb4d9deb94ff201213
SHA1 9e4d63270ef732eea80897bfe2ea27c916611827
SHA256 6153dafb637a6071927be1eac5a6da7022088f67991f415d8a844a13baf971fe
SHA512 99d89242f13be09d1c0ad555ab4e05a9bde976bec99fd9f5d6b3e4a209ff6bb6b12ff104c58321583d8b1d57d7431585b5c0628b24f620bb681e30c58d31c84f

memory/4568-226-0x00007FF7DAF80000-0x00007FF7DAFA0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e30cc65c4f27703e61eeec1bdd95607
SHA1 d8f47f01c218dbd6c96a8fbd588b0675f2412034
SHA256 d90644eee10e6ac43635ab308456af1bf38cc1385999c2940e647229e270a681
SHA512 07af91a61e5ea45efde07a764bd96aea33cdc96ce895b6060a0c6c1fad20599e051bc558a0985a89ed707561a16948939ac86c1f24d716c7b3023a1eaebc1d20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d8605a399970cd3342b3dcdf63458ad6
SHA1 b3844ba754b5eb60712d76c2ac531e5af7326f2a
SHA256 84e131ec664e387f546d79729cae4f07f3f366ce91160ca35a7e331e37466790
SHA512 ac913516fa1634041bdf3752e27c686caa2e1ac19466f090643e8993daa53bb64ebaa8071721c5982c471885691ceedef1b22188c35c59ec785052ea99081865

memory/764-246-0x00007FF7DAF80000-0x00007FF7DAFA0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 3e552d017d45f8fd93b94cfc86f842f2
SHA1 dbeebe83854328e2575ff67259e3fb6704b17a47
SHA256 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512 e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d1780c5184a19074f8ad846dbf0d170
SHA1 acadf5af1714742c619f04e8e61fced052e55851
SHA256 973b0c2a7565a975bc2c7a40936f0993660aee8106d1c08381d98a900bd64828
SHA512 8ae486f7b05c8dacbc0bb344d726fc5657e97fb38a41ffa3b193785bc1a2e07ff0b46cd31cc5d4d97348c9f1654413c25fe7d67db2d28116a52c5ce14d7314be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8a5b7873611d33bba83c6b7cf651e7bb
SHA1 8205dc17878a4f8abe133c24dca9c5d3c27db322
SHA256 9043b3576407716eee082c24efbdcf868d9e479f4c50860a8d85c7d31679929e
SHA512 efa39dcee52a6835250ade807b22af5f94b8180332a419284cbe27cc2f8beebf7fe4af061e682de40a0871af794579ad198c865a1c35580713223da711ebc5c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3c867332902637dbebd97e21cb091661
SHA1 cd4e491ffab30844f9eb3bf9093dbce071689c1f
SHA256 0b6d81dbf538cfa4b1b49b74ebfb00317f6e353eea2f8a730b140dea3ccac112
SHA512 2991d1523ce2c61d03842e501d3637a059157a0418cdda35f9bb7044df1c78e1573467849a36aeb0256fa6535f6c98cf092ca7a8043822d6ea6704d4164d51a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\3d2366d1-be75-4310-907e-710a47a22dcf

MD5 c6a9239fa89934dedeaa8d504fe2de23
SHA1 58b87a8ea88d2ca214f5694a3d00ac676b075002
SHA256 c99aae341b0740d67f643eaf7fb8176f510e2d7add5f649657f10c3eb914d225
SHA512 15b39e35c12376e7722fc2af2557d94ff9dcf03790b8b13a31be364be10d1155b9ddca6938e539fb8a7edc0decf46f720026aa289face9b620a1e391d7f13328

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\3fa321e5-9ef2-4ba7-8df1-28580bd8cdf4

MD5 7b9c9f2c1c32955c0392eb4e47e0ebd1
SHA1 c80380fbba7619928f2ed61c9d756e52409856c7
SHA256 9a0456fe4ff31591fb3039a8f19b22e38677132a784670a27cfcfc6b568c2c1f
SHA512 aa697243497361d140b9880dfe10cdff5eabb9122a1c15908e25ba5d60fac252091324f246461cf6294ebfab5560fa24b8c797bdb8066afb451457a65a3a0387

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 d27186a2b17518220f64d312591ea154
SHA1 f7f72536c306b75a1da52ea36ab3db9813933772
SHA256 bef72974a0f9083434c6f421c27c9c543b4917842eb1dbe94c86aafd943cf315
SHA512 20a5cd9d29432e3ad59bfc1a59ab1601f497481ef0e3fabf82e7c671f75bf716c0abe4ae356597358dffbb7a29fc9c87016713c3c7941951c4b782797376a7e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7f868e557b098795d645df9ea302427f
SHA1 001f3306144559b4049a8ab139b4139f51e59c0e
SHA256 b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5
SHA512 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9d6ab238788a3d748f9aa722bbba71c5
SHA1 3275761d3133adf4298ec0f3ab208db1aea3ebbf
SHA256 235080df662f94c8f15e1fa931398a4d8d17746ade164ea6f121368f439e8fc6
SHA512 09fcfd7156ff52ca7655644369c1467a6e9fcc4fc40ac089413949b1fb61df645ccf57daae823b3715ce67b075f070ec8bde4106785f5931af2c4786388cac01