Malware Analysis Report

2024-10-16 05:01

Sample ID 240804-lnw7rawgle
Target goodbyedpi.exe
SHA256 fa9a32ae6eb24e2290941ea60f80e914168e1f84e900293bffd4393fb9a8fae2
Tags
discovery dropper
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

fa9a32ae6eb24e2290941ea60f80e914168e1f84e900293bffd4393fb9a8fae2

Threat Level: Likely malicious

The file goodbyedpi.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery dropper

Download via BitsAdmin

Drops file in System32 directory

Drops file in Windows directory

Browser Information Discovery

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies data under HKEY_USERS

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-04 09:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-04 09:41

Reported

2024-08-04 09:44

Platform

win11-20240802-en

Max time kernel

199s

Max time network

202s

Command Line

"C:\Users\Admin\AppData\Local\Temp\goodbyedpi.exe"

Signatures

Download via BitsAdmin

dropper
Description Indicator Process Target
N/A N/A C:\Windows\system32\bitsadmin.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133672381053155721" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4188 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 1156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4188 wrote to memory of 3280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\goodbyedpi.exe

"C:\Users\Admin\AppData\Local\Temp\goodbyedpi.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5b73cc40,0x7ffd5b73cc4c,0x7ffd5b73cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1444,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4768,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3420,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4080 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4384,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4984,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=868 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd" "

C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe

goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\0_russia_update_blacklist_file.cmd" "

C:\Windows\system32\bitsadmin.exe

bitsadmin /transfer blacklist https://p.thenewone.lol/domains-export.txt "C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\russia-blacklist.txt"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=212,i,14875837796410483990,6208151515521283474,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd" "

C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe

goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\1_russia_blacklist.cmd"

C:\Users\Admin\Desktop\goodbyedpi-0.2.3rc1\x86_64\goodbyedpi.exe

goodbyedpi.exe -9 --blacklist ..\russia-blacklist.txt --blacklist ..\russia-youtube.txt

Network

Country Destination Domain Proto
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
NL 172.217.23.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
NL 172.217.23.206:443 clients2.google.com tcp
NL 216.58.214.10:443 content-autofill.googleapis.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
NL 216.58.214.14:443 play.google.com tcp
NL 172.217.168.206:443 consent.google.com tcp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
NL 216.58.214.10:443 content-autofill.googleapis.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
LV 195.123.208.131:443 p.thenewone.lol tcp

Files

\??\pipe\crashpad_4188_ZLIZWOHUJGYVQQQV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fe0bc8d92c46737c64649d321c17bbf8
SHA1 08cdbc38878141707a21254b468a1e04754e2878
SHA256 6e1ad3cf94a7c6cb59ed86f686bb84524d538d6c3f666c68636cec47c9fec0ab
SHA512 d505fb72127a0781eb230e78f2468c457bc2f6e930d4fab58b841946e68f2542b7aa1589250ada7b0ad114876d677ddd89378ead4f859766f93d5e85834addda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7d3ed46ce57afd883151d5420b77a08d
SHA1 a5360d08a52e63a1d740e7f7d5c42fbe66219aa6
SHA256 d02078228caccb345c4fe7522575f8cdb81b58d3dabf7aa1fd3057546007da4a
SHA512 ccc32fbbf624ae74fa06b663698d6e2c48bdab3edaa43078d52c61d9eab7cf21948d6d5facd64578c8d55647cc477dc45e0dddd2c9cb6e38b602902a9e98c0f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 95b32d58f2550e2f7a80ba0de6cbfccc
SHA1 0e669f1c4f5577d9b1f5968e129693f4ebb3e896
SHA256 02fffcbe9a4282f31db224768b911b269bda0d5127f585ff328567fd09e38cbf
SHA512 b4a4a5e24539b070744dbe4f790f32314065418e21362f6dc1ec6d59c9301dea3c902250bf38eed4a78e017b37d6e707f24158ddfbcf1c541e680562a6d63941

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7bde26decd336685e736f691c519a178
SHA1 e7182fe5f1f95b895cac75b237ac09f5cf65bb2e
SHA256 e0883fd6021fc1a7fb0812a833c69ab9839922983614c34a2ea4a5f5c2b35c2c
SHA512 7fd5c160d55213029ea6ca61c28511e4b2b015b84a112a8fb6833f8b544e919ed770f775ec504fcda4c32a368b1c032fdf76ce9b7f0b986b188053e70be15cb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6af9c9c6-de53-4c77-9518-e7149f741ce2.tmp

MD5 e165b1e72ba4509fc1304d3dd769adb5
SHA1 2f3a3a24a4c163652e8e96531c15b8cc1a4b96d3
SHA256 bdf4645327d4eeb7ef30a96b29dbe821bd5886eb920d6a35ad50718c1e57fe13
SHA512 53be62e1ffa83bdb81bfb33d4847d10f6091d3cea52c72cc93b29f5be60db3447b122d8d0ab8b6e568d02a2e9983cd3f903e3a2c33c9b4f5cd62ba08ee306231

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 3e552d017d45f8fd93b94cfc86f842f2
SHA1 dbeebe83854328e2575ff67259e3fb6704b17a47
SHA256 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512 e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17aa86f8ea6e6bbcd9b6b1c99826fc7d
SHA1 237e8aa2e1f7f9d8f576fbc6c290f81a9ff34ebe
SHA256 03fea58d358864d87c897475c16389bb376510183b6a6e735fd12dd0cf4097f2
SHA512 903cc256d6e10e7805cbc057aef89dcaf9805a4a422ba871d95555649065c67c54e2db94671781613956c0b81c214033c879c4f048860a1981c0aa17f8aa9083

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 726d798389844626128a224eb98ca6fa
SHA1 afc1e73695c02b1a9ed8387b14782f66eb72b434
SHA256 c0bbf2ec585a0a57cee99c1890e6cf63bc802c1c347a7b3687bc0d521ea041ba
SHA512 fc05738a532fb0d4b0be731fcdcbe5974ebd6ee052062edbecd918fb60a0add555e61ae93ba756a23ccde168a00de6dcca1a91931146dcb9a7fc2eff695b4e6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf43d1612eba3c771a290f2e10e6e417
SHA1 757a77f614de5b640951a5c8a218b127c48f3038
SHA256 d13cb9a5ce71abb5d29666cf3ec2d9978278404e9e76cd36467fc6762338950d
SHA512 290064044f6331559f8418bf39ae9980e7a85f33d467fd58bd76ef31d4a0199523942b38eb85889f17c61b32ad8c95892469f66cc0642ee59a85d92da57b7df1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a4d372c539f7802878afd27c9971f454
SHA1 78505151061052cbad45c6dd17a8761eeb0c195f
SHA256 468c3e42dfc73d571eb7b2bf6f171969e668c1a9e7ba3a31ff018c980f3f4718
SHA512 9b7c1a49bb2b94995ad01c388e326363e79d6a68787a0027a3e606bc734cb2bde092a26f67a3763f2b1a8b8b18d239d40513e56d37751be910980ae06ce3e165

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a5c621b38ef2de8871751d54c516c4a
SHA1 f872168b7a0f50732d76e1739e0d0a2e1574a795
SHA256 5c1e2dc39d02d89721b517b44cc32946bb4aec7ab984d20011ece9cb214ac489
SHA512 230f478c4e1582608484007fda038758dd6a88476ba64e1ce10aa4cdaa82f62e1e91c6c44650ae46a2e714caba583c4f453b71f5682da2bfc389ac2e8a13a38b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 195af798f3e31b61885debc41f168fbd
SHA1 86e699adf42ec70b399e1d6e46cb9ec4fb40df5d
SHA256 ca85241840f308a555d1bf697c0e5d46abf131159568056517b8e67457a2777a
SHA512 048ecbb65cbcc7f9f7f3841190d5160c8b1485ecace97dfe3d25d456236e76cd08cd5f0f2f9cc7f1f488d2e2327af75e8b03600542e2179fb1fe42d8025ee9d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d6ede900c764e1711fa2d08bde1ffc89
SHA1 08b0e9cee4ab7d7176efb46ea64e4324f511f757
SHA256 a40ce2696a9efe5d4e145656dc0feedcbddd41db2913612e1a0502f2340cba7a
SHA512 566eb9b3fdae803d454b85d40a525eb3b72160a7af94e89b0b1248f7bb15dd77a0b85d93cc7d0428033de1ac3890d9e0dd3d864a5c499125f4935b3521045d27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 703e9ad3657d5ca823ff507b6ed0ebf1
SHA1 d8650ee473168192c5ad44d07d2d7a7b047a8703
SHA256 a1dcdb904d464e084f5c37105c7b0a640f3b17a8fe85d424d9777957bae4c4f5
SHA512 412a97e5f6e202a4e3db0b3361634fefdb45a99f6537d06023762515fc127915772e28ddedcdc39b35b1baf9815ef292d7a5970e1695d210fece8b9c72647755

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e89e929b0ce2e7f42c43ff89cac12ac3
SHA1 d58d9c63a128ca5a659dd7579354c1577bfee9c1
SHA256 8d7410a4f569accdf73dc9a339270058b2351aed091590e46a761847fef2b4e7
SHA512 bf24e4c3acbd578fbf7f375207bb7dedd33aca2890d85a14dba21818307231c8135d38054f4a6716d4cbe0c06b29aeb5699e51da972e3a2cc72628e00e6f76c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 05cae8220652cb5477deb80afac8c3a3
SHA1 f144fd843cc28772c2da84dc83fdc42a85821069
SHA256 dc214cdcb37268f44d858c2627b09106a7098ec31e53b492cdddf9af1f52b565
SHA512 5aae9025fd05bd254ba1ebc16efbf0098564396f8b345b28776ea5f3a03315243cc670eda8234687fb3d079def08c20c903a32cb443720392b92ea30cafb331d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce95bc736f6eee09fcb0ed451954b7fd
SHA1 6976df2cf807b105911bec83c6f8daa62228557b
SHA256 512d89aa1906acb05ffc391a148bb252aecdd9b55d3201915a1b6af5ef6157c0
SHA512 042a9365664a5510b71669160e84fbb2e3a8a1dcebadfc591612dc6eadb88d97444c6159eeafcc67ecd07a7e8cbfebb7fc79e2002e5420e697a9270ff3c72ea4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4784e2105e5566358a44a724f67ed3fd
SHA1 3c7cf4508d6f8bee034ece756a71a735f29f80ed
SHA256 2f6b6a1f128cbe36fa543035ed6cc2154ca8effbf3085a6650417c241b282538
SHA512 9d1b70004c2b2c54c2b86370a48d34b77427af24e0d52b00ddcedc2be10e858e3666807999f88dc889adcf51f067078c112f4568ad632cfad82fc819624b0a80

C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2.zip.crdownload

MD5 41938d1256f900cdaca626a152ba5e95
SHA1 dbafc9a75213d46b19e8fd7a330b87bfd8c0b562
SHA256 e3ff0de76a44978ebd02b890f66be6f3f4320c99f8b443de1877d4e16a4a5443
SHA512 5fcc097dec3144619c52f028ae1a8ffb0f6354779d86b5972017e57a0a7d1871ef2e3d6436c620e30a74d8ab969848b3bfcae979b96040f35ed10fdd184fba3a

C:\Users\Admin\Downloads\goodbyedpi-0.2.3rc1-2.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7af46436ea99de3cfa55bdb3556b179c
SHA1 7c26aba84dd8b7d10e15937f4048a9ee8858308d
SHA256 6bbe62d6c3358d5522f4ab0afa0ad67103bd95e0a2988ad9501526518a0b14ad
SHA512 fb86ca1273f962427771fe33a6e03ed5e017c281777b50ede46435ab3cd0dde0406046e67a12017cc1450e082f2725314d60114351456f7a5f6cc08b7a354c0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5488a521211a33b9991e1192db01d9de
SHA1 a7a8e61c4726c46fcb65c6fa155a8d5a4471f77a
SHA256 18b8664e283091221c43c5c54fc1222a1a7533df438737c4c3ef42e26b4207cc
SHA512 75cb5c0b0dc1479f039f3d4971f7bb0847fad588d1e7952f6c2be38e79abe62c4bfb538cc87b88f406e097154ad666cbfc90f52b7dae775ae2953eb4f6526424

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d72a9b73b02cf6fd2ebfb441b1871457
SHA1 1d10e2cc1c9729602ce0295e143ccb02dcd26356
SHA256 9623d924ae72b7752fc7fe65115dbbdeafa8e3d7dbf9e8ae82d33378bb6742d8
SHA512 eadc9a02a89da5e381886a4e308ede05a0809d17b0c7c8da0fb1c97321eb57689e3e8e4c0e8ba5948c8392bad7e3ec4be327b6d1599fa1609e6ea0b465534fb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 799d1cc0d04c89aedc6e5ae41844ef74
SHA1 1acc21132b05a4e40be34a52bb14c2d03480ad22
SHA256 bc2adf77475c294422ee843b44a860fcb01466c5957611927c8d47033afd949c
SHA512 9153a587eab665fa6a6a2f5ad139dff630004a90a250a21c9e92416c3683c9f75d58e848fdd8714908fb4c8d1d3df46619672b1dea4302e7cb04c2af6d7bb120

memory/2412-444-0x0000000062800000-0x0000000062813000-memory.dmp

memory/2412-443-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b20431dac0819fe03adcfbfc3be3b5c
SHA1 1fe3c3fd54416915daf0a23b69d7ad6950ffc8fb
SHA256 2714a0289f3d95319c27e169d521a2b4444697399ae94b52a15b64eba8d5c2ba
SHA512 c9a4d9187dd149cc4d38dc4d5741754b7b51e009e9e3c361284563b4853b105206aa1b93b78435ad56eb8d1b54c27f2e32f856a4b015404b51295e6642ac64d9

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4afb804618f0a9f44b42c70ff625257
SHA1 f431eeb40064c786a37edd24f3b94e1011b2d70c
SHA256 8881285e5b1df27b612fe83d27299b335060a849e4807ef9fae24b9de0a75dc8
SHA512 9a6b38e337873af13617fec50468b2bc1a400d658b65cc2b57c9e0c04851c754238cb4d39df7ce0272c7c1119a9f4661b6c9ac1a8629be3d5cce6a6de5071901

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 511113057f124cf4b15337f794df4cb3
SHA1 b46d890dee31b5c988fb440d32579ae360336df9
SHA256 95a6c71bdb39d974c6dae6295a149eeea5443596d87c051f491982da05835f42
SHA512 ad6694b12229216e2c3600b34d978611911da481db85dfe0b0e68f1c2381fca234466bfeefa007e6a1cce6ce8a4fa5fb2070688fbf56ee92ddebabe21d647d21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6ffe5cca789d61cc7d1f0b1dfed6aed
SHA1 e9846845c4ceeb91fbf29ee5302a6b7de0b46839
SHA256 ca1f102b01c021cae3e4a984d990e0a0ab47e4a24ecfc528b7a7a6a5f5529753
SHA512 b2355c517b733b331f9e7f0881a9a02588d0c2e1f5222b291dcade2a978690b7779dfcfe8a3b77aa32dbe3b58e9603a4b032483c6ccd06ea6f27dc4854686b29

memory/4196-497-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

memory/4196-499-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fda7ac64ecc6dda56f8bd130022d881d
SHA1 fea78809fa6332701178cca7fcb1a14d92aa9ee5
SHA256 68a3d3d314e7139490a725df63f427a8fe2c7768cd144707b7a2b0d5457a7e1f
SHA512 5a8871f07cea70c2da819eb79783200e56c3d7f0a3a44cb9eedca9837aa01f2ca69aaa970bd20c33d8e806dd7a09c8252f78269851796905f05de3dd616cc685

memory/2368-510-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88da25704e0ad8d236f83898f79ac276
SHA1 8305cc5e2b965755eb5c2cb2f18f1ab9bc7387d3
SHA256 d9fb5535c14db3a465f81f089713d19a8c2c23c00160b7327e78590ff6d67b61
SHA512 850f04b4830f983170619bbe9c59f699bfaa89ebed8b56480d869643d624213365f5157fc3767e217e07bd0aba22a4ae7ee56b93a726f46fb4f507ca15aa5e2f

memory/2368-521-0x00007FF63B1D0000-0x00007FF63B1F0000-memory.dmp