fa9a32ae6eb24e2290941ea60f80e914168e1f84e900293bffd4393fb9a8fae2

Analysis

max time kernel
199s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/08/2024, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

goodbyedpi.exe
Size

95KB
MD5

fd680538c2a80dc54c63ae39c3563fbd
SHA1

34fc71b71ab4361a68bf8355e9b2f54dd8cf910f
SHA256

fa9a32ae6eb24e2290941ea60f80e914168e1f84e900293bffd4393fb9a8fae2
SHA512

8bae7d75dcaf708433504e8b725da41f051fdaffccfc2e27e2450f89866b8d113a2782a11c54e1dbf03e5db22b883eaf7bea8cfd2472e67c7eebabc9de2ef838
SSDEEP

1536:uS4122+admkx3xg+s8ZtkhMvIpylYTvf6EEXUaSsGe0yNgnIcm:/4122+admkx6cZi0IvUasKUgID

Score

8^/10

discovery dropper

Malware Config

Signatures

Download via BitsAdmin 1 TTPs 1 IoCs

dropper

BITS Jobs

T1197

pid	Process
1352	bitsadmin.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133672381053155721"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe
1576	chrome.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe
Token: SeShutdownPrivilege	4188	chrome.exe
Token: SeCreatePagefilePrivilege	4188	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe
4188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 4972	4188	chrome.exe	82
PID 4188 wrote to memory of 4972	4188	chrome.exe	82
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 1156	4188	chrome.exe	83
PID 4188 wrote to memory of 3308	4188	chrome.exe	84
PID 4188 wrote to memory of 3308	4188	chrome.exe	84
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85
PID 4188 wrote to memory of 3280	4188	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\goodbyedpi.exe
"C:\Users\Admin\AppData\Local\Temp\goodbyedpi.exe"
1⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5b73cc40,0x7ffd5b73cc4c,0x7ffd5b73cc58
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1444,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:3
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4768,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3420,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4080 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4384,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4984,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=868 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=212,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1576

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd" "
1⤵
PID:3996
- C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
  goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
  2⤵
  PID:2412

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\0_russia_update_blacklist_file.cmd" "
1⤵
PID:1976
- C:\Windows\system32\bitsadmin.exe
  bitsadmin /transfer blacklist https://p.thenewone.lol/domains-export.txt "C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\russia-blacklist.txt"
  2⤵
  - Download via BitsAdmin
  PID:1352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd" "
1⤵
PID:1600
- C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
  goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
  2⤵
  PID:4196

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd"
1⤵
PID:200
- C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe
  goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt
  2⤵
  PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

T1197

Privilege Escalation

Defense Evasion

BITS Jobs

T1197

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6af9c9c6-de53-4c77-9518-e7149f741ce2.tmp

Filesize
15KB

MD5
e165b1e72ba4509fc1304d3dd769adb5

SHA1
2f3a3a24a4c163652e8e96531c15b8cc1a4b96d3

SHA256
bdf4645327d4eeb7ef30a96b29dbe821bd5886eb920d6a35ad50718c1e57fe13

SHA512
53be62e1ffa83bdb81bfb33d4847d10f6091d3cea52c72cc93b29f5be60db3447b122d8d0ab8b6e568d02a2e9983cd3f903e3a2c33c9b4f5cd62ba08ee306231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d72a9b73b02cf6fd2ebfb441b1871457

SHA1
1d10e2cc1c9729602ce0295e143ccb02dcd26356

SHA256
9623d924ae72b7752fc7fe65115dbbdeafa8e3d7dbf9e8ae82d33378bb6742d8

SHA512
eadc9a02a89da5e381886a4e308ede05a0809d17b0c7c8da0fb1c97321eb57689e3e8e4c0e8ba5948c8392bad7e3ec4be327b6d1599fa1609e6ea0b465534fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a4d372c539f7802878afd27c9971f454

SHA1
78505151061052cbad45c6dd17a8761eeb0c195f

SHA256
468c3e42dfc73d571eb7b2bf6f171969e668c1a9e7ba3a31ff018c980f3f4718

SHA512
9b7c1a49bb2b94995ad01c388e326363e79d6a68787a0027a3e606bc734cb2bde092a26f67a3763f2b1a8b8b18d239d40513e56d37751be910980ae06ce3e165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
511113057f124cf4b15337f794df4cb3

SHA1
b46d890dee31b5c988fb440d32579ae360336df9

SHA256
95a6c71bdb39d974c6dae6295a149eeea5443596d87c051f491982da05835f42

SHA512
ad6694b12229216e2c3600b34d978611911da481db85dfe0b0e68f1c2381fca234466bfeefa007e6a1cce6ce8a4fa5fb2070688fbf56ee92ddebabe21d647d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
05cae8220652cb5477deb80afac8c3a3

SHA1
f144fd843cc28772c2da84dc83fdc42a85821069

SHA256
dc214cdcb37268f44d858c2627b09106a7098ec31e53b492cdddf9af1f52b565

SHA512
5aae9025fd05bd254ba1ebc16efbf0098564396f8b345b28776ea5f3a03315243cc670eda8234687fb3d079def08c20c903a32cb443720392b92ea30cafb331d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5488a521211a33b9991e1192db01d9de

SHA1
a7a8e61c4726c46fcb65c6fa155a8d5a4471f77a

SHA256
18b8664e283091221c43c5c54fc1222a1a7533df438737c4c3ef42e26b4207cc

SHA512
75cb5c0b0dc1479f039f3d4971f7bb0847fad588d1e7952f6c2be38e79abe62c4bfb538cc87b88f406e097154ad666cbfc90f52b7dae775ae2953eb4f6526424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d6ede900c764e1711fa2d08bde1ffc89

SHA1
08b0e9cee4ab7d7176efb46ea64e4324f511f757

SHA256
a40ce2696a9efe5d4e145656dc0feedcbddd41db2913612e1a0502f2340cba7a

SHA512
566eb9b3fdae803d454b85d40a525eb3b72160a7af94e89b0b1248f7bb15dd77a0b85d93cc7d0428033de1ac3890d9e0dd3d864a5c499125f4935b3521045d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce95bc736f6eee09fcb0ed451954b7fd

SHA1
6976df2cf807b105911bec83c6f8daa62228557b

SHA256
512d89aa1906acb05ffc391a148bb252aecdd9b55d3201915a1b6af5ef6157c0

SHA512
042a9365664a5510b71669160e84fbb2e3a8a1dcebadfc591612dc6eadb88d97444c6159eeafcc67ecd07a7e8cbfebb7fc79e2002e5420e697a9270ff3c72ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
7bde26decd336685e736f691c519a178

SHA1
e7182fe5f1f95b895cac75b237ac09f5cf65bb2e

SHA256
e0883fd6021fc1a7fb0812a833c69ab9839922983614c34a2ea4a5f5c2b35c2c

SHA512
7fd5c160d55213029ea6ca61c28511e4b2b015b84a112a8fb6833f8b544e919ed770f775ec504fcda4c32a368b1c032fdf76ce9b7f0b986b188053e70be15cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
bf43d1612eba3c771a290f2e10e6e417

SHA1
757a77f614de5b640951a5c8a218b127c48f3038

SHA256
d13cb9a5ce71abb5d29666cf3ec2d9978278404e9e76cd36467fc6762338950d

SHA512
290064044f6331559f8418bf39ae9980e7a85f33d467fd58bd76ef31d4a0199523942b38eb85889f17c61b32ad8c95892469f66cc0642ee59a85d92da57b7df1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
95b32d58f2550e2f7a80ba0de6cbfccc

SHA1
0e669f1c4f5577d9b1f5968e129693f4ebb3e896

SHA256
02fffcbe9a4282f31db224768b911b269bda0d5127f585ff328567fd09e38cbf

SHA512
b4a4a5e24539b070744dbe4f790f32314065418e21362f6dc1ec6d59c9301dea3c902250bf38eed4a78e017b37d6e707f24158ddfbcf1c541e680562a6d63941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17aa86f8ea6e6bbcd9b6b1c99826fc7d

SHA1
237e8aa2e1f7f9d8f576fbc6c290f81a9ff34ebe

SHA256
03fea58d358864d87c897475c16389bb376510183b6a6e735fd12dd0cf4097f2

SHA512
903cc256d6e10e7805cbc057aef89dcaf9805a4a422ba871d95555649065c67c54e2db94671781613956c0b81c214033c879c4f048860a1981c0aa17f8aa9083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
195af798f3e31b61885debc41f168fbd

SHA1
86e699adf42ec70b399e1d6e46cb9ec4fb40df5d

SHA256
ca85241840f308a555d1bf697c0e5d46abf131159568056517b8e67457a2777a

SHA512
048ecbb65cbcc7f9f7f3841190d5160c8b1485ecace97dfe3d25d456236e76cd08cd5f0f2f9cc7f1f488d2e2327af75e8b03600542e2179fb1fe42d8025ee9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f4afb804618f0a9f44b42c70ff625257

SHA1
f431eeb40064c786a37edd24f3b94e1011b2d70c

SHA256
8881285e5b1df27b612fe83d27299b335060a849e4807ef9fae24b9de0a75dc8

SHA512
9a6b38e337873af13617fec50468b2bc1a400d658b65cc2b57c9e0c04851c754238cb4d39df7ce0272c7c1119a9f4661b6c9ac1a8629be3d5cce6a6de5071901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b20431dac0819fe03adcfbfc3be3b5c

SHA1
1fe3c3fd54416915daf0a23b69d7ad6950ffc8fb

SHA256
2714a0289f3d95319c27e169d521a2b4444697399ae94b52a15b64eba8d5c2ba

SHA512
c9a4d9187dd149cc4d38dc4d5741754b7b51e009e9e3c361284563b4853b105206aa1b93b78435ad56eb8d1b54c27f2e32f856a4b015404b51295e6642ac64d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4784e2105e5566358a44a724f67ed3fd

SHA1
3c7cf4508d6f8bee034ece756a71a735f29f80ed

SHA256
2f6b6a1f128cbe36fa543035ed6cc2154ca8effbf3085a6650417c241b282538

SHA512
9d1b70004c2b2c54c2b86370a48d34b77427af24e0d52b00ddcedc2be10e858e3666807999f88dc889adcf51f067078c112f4568ad632cfad82fc819624b0a80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
799d1cc0d04c89aedc6e5ae41844ef74

SHA1
1acc21132b05a4e40be34a52bb14c2d03480ad22

SHA256
bc2adf77475c294422ee843b44a860fcb01466c5957611927c8d47033afd949c

SHA512
9153a587eab665fa6a6a2f5ad139dff630004a90a250a21c9e92416c3683c9f75d58e848fdd8714908fb4c8d1d3df46619672b1dea4302e7cb04c2af6d7bb120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6ffe5cca789d61cc7d1f0b1dfed6aed

SHA1
e9846845c4ceeb91fbf29ee5302a6b7de0b46839

SHA256
ca1f102b01c021cae3e4a984d990e0a0ab47e4a24ecfc528b7a7a6a5f5529753

SHA512
b2355c517b733b331f9e7f0881a9a02588d0c2e1f5222b291dcade2a978690b7779dfcfe8a3b77aa32dbe3b58e9603a4b032483c6ccd06ea6f27dc4854686b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fda7ac64ecc6dda56f8bd130022d881d

SHA1
fea78809fa6332701178cca7fcb1a14d92aa9ee5

SHA256
68a3d3d314e7139490a725df63f427a8fe2c7768cd144707b7a2b0d5457a7e1f

SHA512
5a8871f07cea70c2da819eb79783200e56c3d7f0a3a44cb9eedca9837aa01f2ca69aaa970bd20c33d8e806dd7a09c8252f78269851796905f05de3dd616cc685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a5c621b38ef2de8871751d54c516c4a

SHA1
f872168b7a0f50732d76e1739e0d0a2e1574a795

SHA256
5c1e2dc39d02d89721b517b44cc32946bb4aec7ab984d20011ece9cb214ac489

SHA512
230f478c4e1582608484007fda038758dd6a88476ba64e1ce10aa4cdaa82f62e1e91c6c44650ae46a2e714caba583c4f453b71f5682da2bfc389ac2e8a13a38b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88da25704e0ad8d236f83898f79ac276

SHA1
8305cc5e2b965755eb5c2cb2f18f1ab9bc7387d3

SHA256
d9fb5535c14db3a465f81f089713d19a8c2c23c00160b7327e78590ff6d67b61

SHA512
850f04b4830f983170619bbe9c59f699bfaa89ebed8b56480d869643d624213365f5157fc3767e217e07bd0aba22a4ae7ee56b93a726f46fb4f507ca15aa5e2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
703e9ad3657d5ca823ff507b6ed0ebf1

SHA1
d8650ee473168192c5ad44d07d2d7a7b047a8703

SHA256
a1dcdb904d464e084f5c37105c7b0a640f3b17a8fe85d424d9777957bae4c4f5

SHA512
412a97e5f6e202a4e3db0b3361634fefdb45a99f6537d06023762515fc127915772e28ddedcdc39b35b1baf9815ef292d7a5970e1695d210fece8b9c72647755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
fe0bc8d92c46737c64649d321c17bbf8

SHA1
08cdbc38878141707a21254b468a1e04754e2878

SHA256
6e1ad3cf94a7c6cb59ed86f686bb84524d538d6c3f666c68636cec47c9fec0ab

SHA512
d505fb72127a0781eb230e78f2468c457bc2f6e930d4fab58b841946e68f2542b7aa1589250ada7b0ad114876d677ddd89378ead4f859766f93d5e85834addda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
726d798389844626128a224eb98ca6fa

SHA1
afc1e73695c02b1a9ed8387b14782f66eb72b434

SHA256
c0bbf2ec585a0a57cee99c1890e6cf63bc802c1c347a7b3687bc0d521ea041ba

SHA512
fc05738a532fb0d4b0be731fcdcbe5974ebd6ee052062edbecd918fb60a0add555e61ae93ba756a23ccde168a00de6dcca1a91931146dcb9a7fc2eff695b4e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
7af46436ea99de3cfa55bdb3556b179c

SHA1
7c26aba84dd8b7d10e15937f4048a9ee8858308d

SHA256
6bbe62d6c3358d5522f4ab0afa0ad67103bd95e0a2988ad9501526518a0b14ad

SHA512
fb86ca1273f962427771fe33a6e03ed5e017c281777b50ede46435ab3cd0dde0406046e67a12017cc1450e082f2725314d60114351456f7a5f6cc08b7a354c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
e89e929b0ce2e7f42c43ff89cac12ac3

SHA1
d58d9c63a128ca5a659dd7579354c1577bfee9c1

SHA256
8d7410a4f569accdf73dc9a339270058b2351aed091590e46a761847fef2b4e7

SHA512
bf24e4c3acbd578fbf7f375207bb7dedd33aca2890d85a14dba21818307231c8135d38054f4a6716d4cbe0c06b29aeb5699e51da972e3a2cc72628e00e6f76c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
7d3ed46ce57afd883151d5420b77a08d

SHA1
a5360d08a52e63a1d740e7f7d5c42fbe66219aa6

SHA256
d02078228caccb345c4fe7522575f8cdb81b58d3dabf7aa1fd3057546007da4a

SHA512
ccc32fbbf624ae74fa06b663698d6e2c48bdab3edaa43078d52c61d9eab7cf21948d6d5facd64578c8d55647cc477dc45e0dddd2c9cb6e38b602902a9e98c0f8

Download Submit
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2.zip.crdownload

Filesize
971KB

MD5
41938d1256f900cdaca626a152ba5e95

SHA1
dbafc9a75213d46b19e8fd7a330b87bfd8c0b562

SHA256
e3ff0de76a44978ebd02b890f66be6f3f4320c99f8b443de1877d4e16a4a5443

SHA512
5fcc097dec3144619c52f028ae1a8ffb0f6354779d86b5972017e57a0a7d1871ef2e3d6436c620e30a74d8ab969848b3bfcae979b96040f35ed10fdd184fba3a

Download Submit
C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2368-510-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

Filesize
128KB

Download
memory/2368-521-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

Filesize
128KB

Download
memory/2412-443-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

Filesize
128KB

Download
memory/2412-444-0x0000000062800000-0x0000000062813000-memory.dmp

Filesize
76KB

Download
memory/4196-497-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

Filesize
128KB

Download
memory/4196-499-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

Filesize
128KB

Download