Analysis Overview
Threat Level: Likely malicious
The file https://github.com/ValdikSS/GoodbyeDPI/releases/download/0.2.3rc1/goodbyedpi-0.2.3rc1-2.zip was found to be: Likely malicious.
Malicious Activity Summary
Stops running service(s)
Download via BitsAdmin
Launches sc.exe
Browser Information Discovery
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Uses Volume Shadow Copy WMI provider
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-03 15:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-03 15:44
Reported
2024-08-03 15:47
Platform
win7-20240705-en
Max time kernel
49s
Max time network
146s
Command Line
Signatures
Download via BitsAdmin
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bitsadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\bitsadmin.exe | N/A |
Stops running service(s)
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ValdikSS/GoodbyeDPI/releases/download/0.2.3rc1/goodbyedpi-0.2.3rc1-2.zip
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7729758,0x7fef7729768,0x7fef7729778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1388 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3312 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3584 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3456 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1296,i,4422684048840408638,5192829359212302219,131072 /prefetch:8
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd" "
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\0_russia_update_blacklist_file.cmd" "
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd" "
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\1_russia_blacklist_dnsredir.cmd" "
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\2_any_country.cmd" "
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\2_any_country_dnsredir.cmd" "
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\service_install_russia_blacklist.cmd" "
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\service_install_russia_blacklist_dnsredir.cmd" "
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\service_remove.cmd" "
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
C:\Windows\system32\bitsadmin.exe
bitsadmin /transfer blacklist https://p.thenewone.lol/domains-export.txt "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\russia-blacklist.txt"
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9 --dns-addr 77.88.8.8 --dns-port 1253 --dnsv6-addr 2a02:6b8::feed:0ff --dnsv6-port 1253 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9 --dns-addr 77.88.8.8 --dns-port 1253 --dnsv6-addr 2a02:6b8::feed:0ff --dnsv6-port 1253
C:\Windows\system32\sc.exe
sc stop "GoodbyeDPI"
C:\Windows\system32\sc.exe
sc delete "GoodbyeDPI"
C:\Windows\system32\sc.exe
sc stop "WinDivert"
C:\Windows\system32\sc.exe
sc delete "WinDivert"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\2_any_country.cmd"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\2_any_country_dnsredir.cmd"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\service_install_russia_blacklist.cmd"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\service_install_russia_blacklist_dnsredir.cmd"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\service_remove.cmd"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\0_russia_update_blacklist_file.cmd"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\1_russia_blacklist_dnsredir.cmd"
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9 --dns-addr 77.88.8.8 --dns-port 1253 --dnsv6-addr 2a02:6b8::feed:0ff --dnsv6-port 1253
C:\Windows\system32\bitsadmin.exe
bitsadmin /transfer blacklist https://p.thenewone.lol/domains-export.txt "C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\russia-blacklist.txt"
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
goodbyedpi.exe -9 --dns-addr 77.88.8.8 --dns-port 1253 --dnsv6-addr 2a02:6b8::feed:0ff --dnsv6-port 1253 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| NL | 142.250.27.94:80 | www.gstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | support.google.com | udp |
| NL | 142.250.102.102:443 | support.google.com | tcp |
| NL | 142.250.102.102:443 | support.google.com | tcp |
| NL | 142.250.102.102:443 | support.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| NL | 142.250.102.132:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.102.102:443 | play.google.com | udp |
| NL | 142.250.102.101:443 | play.google.com | tcp |
| NL | 142.250.102.101:443 | play.google.com | tcp |
| NL | 142.250.102.101:443 | play.google.com | tcp |
| NL | 142.250.102.101:443 | play.google.com | tcp |
| NL | 142.250.102.101:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.27.147:443 | www.google.com | udp |
| NL | 142.250.27.147:443 | www.google.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | p.thenewone.lol | udp |
| LV | 195.123.208.131:443 | p.thenewone.lol | tcp |
| LV | 195.123.208.131:443 | p.thenewone.lol | tcp |
| US | 8.8.8.8:53 | google.com | udp |
Files
\??\pipe\crashpad_2652_SMHJBODLATYSFKVG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Temp\Cab4240.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4291.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e0eb7f16ff24aec73b8685821f0ca6e0 |
| SHA1 | d7bae29a2c4a34961ca1c1a27315750818c835af |
| SHA256 | 0627e634ca28f6ca29c7f7436346f9504fcc7a66fa47980e6d6cb3de7d60aa12 |
| SHA512 | db4201d2b9d39f72ea28a06c0737e5d110061b55e564bc3479486bc71a1882bd74d995838ddd82eafbd4984bd31b1fbfb66ec57f52a38352d8f2568f2a1e822e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6545fed4f754024bf48763a742394068 |
| SHA1 | 82264342bb56b00869ca3c6db2cb5fda97559a54 |
| SHA256 | d69b7ff35c6d9dc3117fa583e5f6b2b3018c54aab2d04b7879557f07830d9ec1 |
| SHA512 | 357ccedf2236da31b64ced09e07ce4b4376e1bc61a9349dcc07fde8c3de8cb19e7d0742c002c1b5af156f4067bd1cd372760513da2591cc512ca899fef1c5ace |
memory/2872-252-0x0000000062800000-0x0000000062813000-memory.dmp
memory/2872-251-0x000000013FAF0000-0x000000013FB10000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\45034d9f-c410-4e74-8ba1-dda565ebf415.tmp
| MD5 | 481d957bcfb34f95201d7ad828866d4b |
| SHA1 | 5f27e78edf82ad13f33118609e32ed83bb999f01 |
| SHA256 | 528c053c2f028ba0b1e374473dc7a3e6c32c3f2fdb44eafa25b1531473048f56 |
| SHA512 | 1766e678a2f8af085fcb3a03ba65e6c06c5ae64bd4c80d3ee0fd3d4465fcd8a5ec5314b7ca7ea915361720542f7ac9259eb0ef91448c73d040645d649bdd4760 |
memory/1860-264-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/1716-266-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/1512-270-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/3040-268-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/2004-272-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/1716-274-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/1512-276-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/3040-278-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/484-280-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/2880-282-0x000000013FDD0000-0x000000013FDF0000-memory.dmp
memory/2556-284-0x000000013FDD0000-0x000000013FDF0000-memory.dmp