{"report_id":"a4fe6576-53d2-4552-bc35-6fc89d055155","version":6,"status":"done","tags":[],"date":"2024-12-29T17:05:54Z","url":{"schema":"http","addr":"github.com/ValdikSS/GoodbyeDPI/releases/download/0.2.3rc2/goodbyedpi-0.2.3rc2.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-03-09T17:05:54Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"github.com","ip":{"addr":"140.82.121.4","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13T12:28:22Z","last_seen":"2024-12-25T02:09:22.182763Z","alert_count":0,"request_count":1,"received_data":4349,"sent_data":535,"comment":"","tags":null,"fingerprints":null},{"fqdn":"objects.githubusercontent.com","ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":134060,"first_seen":"2021-11-01T21:34:29Z","last_seen":"2024-12-25T04:07:18.226351Z","alert_count":1,"request_count":1,"received_data":1084426,"sent_data":965,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"6fc25f0c7044a292fb67bd6ba063d900","sha1":"28e9d01a471f4ff0228cfe9af1958e4d4d97c6fd","sha256":"f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","sha512":"a7a517f8635bd248a6fef4c937ddde0b46efa957464cabb24729565e928eeae0d5d395f76b5799145193c69989d308c092c33655f45cef5ffa44de03faecaa0c","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":1083625,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/91493088/46f83bda-2730-48ca-bc92-54102e2af783?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20241229%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20241229T170529Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=f206856bb8bc28103b0588ae699acebf6b72c439bcdcc860e46585a5a46647b3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3Dgoodbyedpi-0.2.3rc2.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"goodbyedpi-0.2.3rc2/licenses/LICENSE-getline.txt","filename":"LICENSE-getline.txt","modified":"2017-12-17T00:31:26Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1517,"md5":"3a7edebc3612bcea2306f73b92342a44","sha1":"9b177bac083f79d4334373a8144899b60155ecc6","sha256":"ec5f8e03fccb3842cc62ad79ea5f6f6058988e2721a3e6566e8fb72786d485c4","sha512":"17e987e112d02b1afd430db553ba0826c4b2ae7cfeba9adc3b9d8cebc93bbb6f02024a6ef95adf623eab5331af718fd10bafbf20b2dc5e906c0d2381ca11ba8d","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/licenses/LICENSE-goodbyedpi.txt","filename":"LICENSE-goodbyedpi.txt","modified":"2017-05-26T15:59:20Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":11558,"md5":"c4082b6c254c9fb71136710391d9728b","sha1":"ff426822972c8972e3e4e782baac6f5304fd458c","sha256":"e03ba41d7fab20700769fe4118bab50d800cb74f990353a05d2f5fff1c228363","sha512":"4c71355f37002b14cf072328fe42569405cac2dc13b8c6ae871a1a5e958411417b7d4238a49c60c9bf5d956c5488b8ec9f4af99a6a6f8e5d8508443e4ceed2fa","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/licenses/LICENSE-uthash.txt","filename":"LICENSE-uthash.txt","modified":"2106-02-07T09:28:16Z","Modified":"","magic":"ASCII text","size":1141,"md5":"5cc1f1e4c71f19f580458586756c02b4","sha1":"08473f885bd0231790223311cc3a712faf8abded","sha256":"d3c6556e48104c31e3e0c62238c749c2a09ca79ee87da50b9cd29c6c9027d57d","sha512":"d038952606c33cac0870b7018e8a33fc0e4d120363b392d9f5af36fd4e2519d95f51da1f87c30787db02d71208e40f806e8e0f6c9766791086150f98b3b8a489","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/licenses/LICENSE-windivert.txt","filename":"LICENSE-windivert.txt","modified":"2017-05-26T15:59:14Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":40941,"md5":"b864fbb188a7c3a11cef80f3ee902d77","sha1":"7a3f0538f8fd2ee1c30fc1952cbf83b13b360b3f","sha256":"e5453b2e71e4c4dcdb89a2539655add3a63202521cf3012b768e8bfeda199312","sha512":"eb03bb26490535d98e270c89d70dfc9d1a0e2a22ad2bc09ed316e522fb52177b24bb6a2c023c9b010837b6b9a28dfe6492dc0b77f45883385a7e66dd00463c32","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/x86/WinDivert.dll","filename":"WinDivert.dll","modified":"2024-07-31T11:49:58Z","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections","size":43008,"md5":"1cb0efd60883b5637b31bf46c34ae199","sha1":"b91de8d5f072f8c6aabd029d96568effdd5662d9","sha256":"625ffdd95bfabff32d0e8a95beabcd303c01c8bba73b90402d4e84d6e15dd8e5","sha512":"68c7c257b8cd28011f4b9af09b1e4c7b3d69c6f1457ca6f68fe114fcb382e470b87b9c12ca5d6d4aedd27a103a35fac9093c08b288867cceb9621a60ac70a6f7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-12-29","alert":"Detects WinDivert User-Mode packet capturing driver","trigger":"goodbyedpi-0.2.3rc2/x86/WinDivert.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-10-02","description":"Detects WinDivert User-Mode packet capturing driver","hash1":"33c657fa27b92cfcced66b331cfea7a880460a98cf037e4277faa1420fe59d1c","hash2":"9b834e8f9d117bf2c564a37434973dc0717270ebfac8d8251711905d18da3858","hash3":"5ef707ea68a9bd3a3e568793a0f7d66d166694801ada067d9ebac1d13e53153e","hash4":"df12afa691e529f01c75b3dd734f6b45bf1488dbf90ced218657f0d205bff319","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://www.reqrypt.org/windivert.html","rule":"WinDivert_Driver","score":"40"}}]}},{"path":"goodbyedpi-0.2.3rc2/x86/WinDivert32.sys","filename":"WinDivert32.sys","modified":"2024-07-31T11:49:58Z","Modified":"","magic":"PE32 executable (native) Intel 80386, for MS Windows, 6 sections","size":77784,"md5":"cd477ee96ff05cacda8ac3c0e9316d7a","sha1":"68da0c17728aa672f140477b3822aefb5810c8b5","sha256":"29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca","sha512":"27e13504eb291a5324d824360532ca6d19c409022c72f5609ca55f92558388e3f25f1e8d657afd3d1e4f9ea9c082483c954d6f4e89df049e4f732383a04adcad","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-11","alert":"Scan result 2/72","trigger":"29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca","meta":null}]}},{"path":"goodbyedpi-0.2.3rc2/x86/WinDivert64.sys","filename":"WinDivert64.sys","modified":"2024-07-31T11:49:58Z","Modified":"","magic":"PE32+ executable (native) x86-64, for MS Windows, 8 sections","size":92120,"md5":"6a33620de63bccaf5e5314ee49cd58fb","sha1":"ac728b339681b2e27099fecc1419821f01d04b34","sha256":"e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","sha512":"638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-27","alert":"Scan result 2/71","trigger":"e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","verdict":"suspicious","severity":"","comment":"suspicious - 2/71","link":"https://www.virustotal.com/gui/file/e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","meta":null}]}},{"path":"goodbyedpi-0.2.3rc2/x86/goodbyedpi.exe","filename":"goodbyedpi.exe","modified":"2024-09-14T20:27:04Z","Modified":"","magic":"PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections","size":100864,"md5":"ca4bb8e03aef6cd3681f3f5d22420688","sha1":"6fe09ba51a8c921ef0b79e73292eca0d8d68d52f","sha256":"1447a5a9c5fc5d7463f0485f03b55e50d59b4c7b22ecafdb61143d75c6643dec","sha512":"591ac796573421cc6fc0986de8ea120e764c06ea36571777adbae8387b5bb4c78785ef6034e63eb3d367476c9e32c624ab9108ac1f3b27795bed5def50682a6d","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/x86_64/WinDivert.dll","filename":"WinDivert.dll","modified":"2024-07-31T11:49:56Z","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections","size":47104,"md5":"88e1c19b978436258f7c938013408a8a","sha1":"09b77c8c85757e11667a7b83231598dd67fe0b8b","sha256":"6110bfa44667405179c3e15e12af1b62037e447ed59b054b19042032995e6c7e","sha512":"eaa0d8369b76fd9a4978f14702716ae31d801cd0dc36a86531f9320b4ddb683265c4f0e07af2b9d2e85f513270d98d1b11ae7d501d08287442bc505176d16e14","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-12-29","alert":"Detects WinDivert User-Mode packet capturing driver","trigger":"goodbyedpi-0.2.3rc2/x86_64/WinDivert.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-10-02","description":"Detects WinDivert User-Mode packet capturing driver","hash1":"33c657fa27b92cfcced66b331cfea7a880460a98cf037e4277faa1420fe59d1c","hash2":"9b834e8f9d117bf2c564a37434973dc0717270ebfac8d8251711905d18da3858","hash3":"5ef707ea68a9bd3a3e568793a0f7d66d166694801ada067d9ebac1d13e53153e","hash4":"df12afa691e529f01c75b3dd734f6b45bf1488dbf90ced218657f0d205bff319","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://www.reqrypt.org/windivert.html","rule":"WinDivert_Driver","score":"40"}}]}},{"path":"goodbyedpi-0.2.3rc2/x86_64/WinDivert64.sys","filename":"WinDivert64.sys","modified":"2024-07-31T11:49:56Z","Modified":"","magic":"PE32+ executable (native) x86-64, for MS Windows, 8 sections","size":92120,"md5":"6a33620de63bccaf5e5314ee49cd58fb","sha1":"ac728b339681b2e27099fecc1419821f01d04b34","sha256":"e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","sha512":"638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-27","alert":"Scan result 2/71","trigger":"e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","verdict":"suspicious","severity":"","comment":"suspicious - 2/71","link":"https://www.virustotal.com/gui/file/e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","meta":null}]}},{"path":"goodbyedpi-0.2.3rc2/x86_64/goodbyedpi.exe","filename":"goodbyedpi.exe","modified":"2024-09-14T20:27:02Z","Modified":"","magic":"PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections","size":101888,"md5":"17d48981add03f748a33175d19d305a5","sha1":"3cce637a1dcdcfc5e8d7c90f2f47c5cc461ddf4b","sha256":"70cc726e9c852d93ef34630f2373342dbb7a5103bdfc4f6e9229e14382b4077b","sha512":"ed869c2208193d4c2ce61dc6d91ddf37c914df3519ffaed584ca48d5c0e318c2ed20c117a45083159c240b5e05cccc4df8218570472f24be7dbe8c66770d8f3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/0_russia_update_blacklist_file.cmd","filename":"0_russia_update_blacklist_file.cmd","modified":"2024-07-31T14:53:42Z","Modified":"","magic":"DOS batch file, ASCII text","size":130,"md5":"a6af4b081a4cbcd448759306b2366eac","sha1":"0d1d887413e074b0991b5be0ca296f18053502c0","sha256":"d9d7c57c7dedb3a4e6566ddd7623758f53986a2c34e0cd3784b84f7f881a01c4","sha512":"f406b865f4bbe08181f1c1f239f198bab03b5b681174323b78f0b3c1790a1e177473a89ee566dac906c08d044fb0eb9a48991cf773222d378f469bd4941af62f","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/1_russia_blacklist.cmd","filename":"1_russia_blacklist.cmd","modified":"2024-08-01T07:50:30Z","Modified":"","magic":"DOS batch file, ASCII text","size":274,"md5":"76763259e528cd27e998fb4c665c2b78","sha1":"f2b6e15dca04c54ace2aefc4bc72656dc7550cab","sha256":"69c8b67fafbca446ce5302e97f9947191ecb84d2a51eae61d4955dc3e2147da0","sha512":"69d35fb64ab4cee901b7ecc9baac437cd4dd5e3feb5b006a0fa8c3d52fce8ac9eea5ee68a6dcea01f5386966ac135e85bfba8fc8eecec5d8c70212e795d0dd76","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/1_russia_blacklist_dnsredir.cmd","filename":"1_russia_blacklist_dnsredir.cmd","modified":"2024-08-01T07:50:36Z","Modified":"","magic":"DOS batch file, ASCII text","size":361,"md5":"06018c5958cddd1d0cf3135762aeb2eb","sha1":"42323a08fc5a9d9b600852cd587f0a7dd914858b","sha256":"472d9bd4f0366bb9478b6cd61302f12bf6cffbed038508a67087250bf610e355","sha512":"c49a4b90e08785401049dc374599404976d9a5e145ed0a034f18615d4b8a4c4cf8adc4b714ed7b68445e66546d9c59a5666846d71e70b7fba600659821f4a4f0","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/2_any_country.cmd","filename":"2_any_country.cmd","modified":"2024-07-31T14:54:24Z","Modified":"","magic":"DOS batch file, ASCII text","size":204,"md5":"72103c58f2ed536ebc07e19fd00fa2f0","sha1":"cd37e3bfdc4dbeecfd945561b8538e328dcfe2f9","sha256":"17a3d7b8b1e1340f67d3687ce9162199c0a25025941d23954880808403487d07","sha512":"4270dfb825f03d41d5911db8cef7de43c58a0401d84bd72e047da6b9fc6753789c070c9fd61bb0145f70b47026ba70d9d18612fefd1314436998adb354de815b","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/2_any_country_dnsredir.cmd","filename":"2_any_country_dnsredir.cmd","modified":"2024-07-31T14:54:18Z","Modified":"","magic":"DOS batch file, ASCII text","size":291,"md5":"77048213eb9358ff71f99667dd08034b","sha1":"cb35b4554e96f3a7089c103e911eab58c9369d53","sha256":"e599adb50f219cfbd620a21167b6cfc68e326da50836b5985826e45e88d247fe","sha512":"6af0c1281108ad7d61d61ae98ae84e5ad024fed32dd997e2f053dcb40a1d595cf76310ce36397791e747cad984a341a959fd4eb43d284cfcaf6cf17f7c5f7236","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_install_russia_blacklist.cmd","filename":"service_install_russia_blacklist.cmd","modified":"2024-08-01T07:56:52Z","Modified":"","magic":"DOS batch file, ASCII text","size":660,"md5":"af6dac6686b77dc51203800737f41b75","sha1":"385568a96d92ca8206e45b6cf945b2fa11b29f80","sha256":"4d2068f04436998bdf003c430f7bc28f0d0fc7d48031b8a37983f84bad6374bb","sha512":"ae54f13ec18a71983b598f9f2d38231168b9f7de3238f6f742128331f2957e0a770b9502f2bf1997c8f6a6cb0c4bb90e9f4a8156ac807744141c51f4b0c4c49c","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_install_russia_blacklist_dnsredir.cmd","filename":"service_install_russia_blacklist_dnsredir.cmd","modified":"2024-08-01T09:33:00Z","Modified":"","magic":"DOS batch file, ASCII text","size":747,"md5":"77b1d63472e67c4368961c463cc1d92c","sha1":"7653fa303944e6f2436ef72ad8a6d11eb6f8b95e","sha256":"450f2b003fb579f897eded1131c9e893afde7b2ebf07b86110449e57ed9a0da8","sha512":"67763f15836d456bd8713533599f2bc6d97d16887fc4078f5c5c36ec0b42beffc267e5eb9396f16aa350ce39a61c57ecc1c82e32068495a74489af68dacc3a31","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_remove.cmd","filename":"service_remove.cmd","modified":"2024-09-14T23:34:08Z","Modified":"","magic":"DOS batch file, ASCII text","size":309,"md5":"204b35d000d6b29c1102b1d8b6a63dc7","sha1":"94a92cb8ea948b5ebac3b3eea2cb9bcf31f85e20","sha256":"63915b4b09658cdfec4c74923650398d9fc497ae3ce9e68c5592337051d2fb64","sha512":"bb9dfa323938700c562bd68e5c1bb500e39b9f7ece58a3c7284ee0a895b4bd4b2337f693e9593d190a4461d66694ea7ec135e7b83824edce9ff73b7e4d413db7","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/russia-blacklist.txt","filename":"russia-blacklist.txt","modified":"2024-09-14T23:28:08Z","Modified":"","magic":"ASCII text","size":2358084,"md5":"c778017427c08556621c3360e7b60b12","sha1":"9f2e0a127dcc409c10d4890a27d165c08977c8e0","sha256":"227b4961ea7bafac9bb5aaf3dfeb2537beb64169ae37f7658efebb573bc9c01a","sha512":"7bac0ea2123c4be8ad0f1f0df6a941fa3ceb80bc0aa728b004f52cfc36bca99d8cbbf43ebd28a56cff90bf9e551e99a39750b364435ca05af21676a326b64fab","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/russia-youtube.txt","filename":"russia-youtube.txt","modified":"2024-09-14T23:31:30Z","Modified":"","magic":"ASCII text","size":256,"md5":"91d74100607dba77eda0d7a75dacb0cc","sha1":"95490aede362c6275d325615fdbf3f94fee8e392","sha256":"2d8de5532bae45852a3f6d8270e881fc10fec89f8d9daec3d91988a669760f79","sha512":"9f55f99971789c0f53aefda6d3beab78b28854b0a8ca74869e09d5e1dd905f8394a2927bca2f1bbb3a73198e5da6e8b6e3ac72ddd2cbf6363c0c88298bdadfdd","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/1_russia_blacklist_YOUTUBE.cmd","filename":"1_russia_blacklist_YOUTUBE.cmd","modified":"2024-09-14T23:32:30Z","Modified":"","magic":"DOS batch file, ASCII text","size":287,"md5":"2627a5d6391bf8e824ecebecb370c09e","sha1":"16e42dd0d140f55aab95251fb61c736e3f7b8a23","sha256":"424293653957dd7e1e5196d08c3fcc75ad646517b36f7447149486d69ee5a284","sha512":"32a7c93f1e32ca68c446c6867a8ada8e1dd6f861d57280582920cfbe85737f6d3c543d475eeef15f3890bb95ffa4ae54c433dd0e5c95e916c3df60b05dab782e","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_install_russia_blacklist_YOUTUBE.cmd","filename":"service_install_russia_blacklist_YOUTUBE.cmd","modified":"2024-09-14T23:34:42Z","Modified":"","magic":"DOS batch file, ASCII text","size":673,"md5":"13a3550b6edd5b95127889f95b79c764","sha1":"2ae80c2b3ba356fd83bc8819b6dbabc14862e5bf","sha256":"97ec9e6554a0796dd7ec9b37295f1e1d544ba827480b218e1db86b70e2d7c35d","sha512":"8a634d8934e50ec1b2f6a14509777448fda99046f764ed752c78e4e89f85b8641f17a65260dca0abd360f5807b7f1bacdb8caf7e621eac623d44a532c83b330f","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_install_russia_blacklist_YOUTUBE_ALT.cmd","filename":"service_install_russia_blacklist_YOUTUBE_ALT.cmd","modified":"2024-09-14T23:35:06Z","Modified":"","magic":"DOS batch file, ASCII text","size":680,"md5":"e2ba1aaf4a89b8f271ca78f3598054ca","sha1":"1069101b4abce8771c930bfb368a6e27603b6d1e","sha256":"7e5acd924e78ef21de959a18f87f43d68a9c2ffb02408de195b5d1e3bb063251","sha512":"dbdbadc5ad7c7e681129b36538a546e04db9b197ad8f7a1c2465838af2f8a200249d5190d150d2d0a831bd821ac456a63f76aa050343e8d68acb4029a9817071","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/1_russia_blacklist_YOUTUBE_ALT.cmd","filename":"1_russia_blacklist_YOUTUBE_ALT.cmd","modified":"2024-09-14T23:33:12Z","Modified":"","magic":"DOS batch file, ASCII text","size":294,"md5":"61d122cea83daa938ccc8fe87a5b8d97","sha1":"203c7ff6e4d94270d2f37c4ebe1f57744f425c6c","sha256":"b7253c2f8fd782273269ff40a26ed23e97a23edc7db6ad23f0632a70a2f6b437","sha512":"d390df920071297ac566dd982fe6c3b7cb6a8a775dac32808354b30ff30b3dfef61e6dc570fa4e3cfaaa6fdde9665eaffd6dfb9e56dbb34a07a14d5bb5e35ba2","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-12-29","alert":"Detects WinDivert User-Mode packet capturing driver","trigger":"goodbyedpi-0.2.3rc2/x86/WinDivert.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-10-02","description":"Detects WinDivert User-Mode packet capturing driver","hash1":"33c657fa27b92cfcced66b331cfea7a880460a98cf037e4277faa1420fe59d1c","hash2":"9b834e8f9d117bf2c564a37434973dc0717270ebfac8d8251711905d18da3858","hash3":"5ef707ea68a9bd3a3e568793a0f7d66d166694801ada067d9ebac1d13e53153e","hash4":"df12afa691e529f01c75b3dd734f6b45bf1488dbf90ced218657f0d205bff319","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://www.reqrypt.org/windivert.html","rule":"WinDivert_Driver","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-12-29","alert":"Detects WinDivert User-Mode packet capturing driver","trigger":"goodbyedpi-0.2.3rc2/x86_64/WinDivert.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-10-02","description":"Detects WinDivert User-Mode packet capturing driver","hash1":"33c657fa27b92cfcced66b331cfea7a880460a98cf037e4277faa1420fe59d1c","hash2":"9b834e8f9d117bf2c564a37434973dc0717270ebfac8d8251711905d18da3858","hash3":"5ef707ea68a9bd3a3e568793a0f7d66d166694801ada067d9ebac1d13e53153e","hash4":"df12afa691e529f01c75b3dd734f6b45bf1488dbf90ced218657f0d205bff319","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://www.reqrypt.org/windivert.html","rule":"WinDivert_Driver","score":"40"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-21","alert":"Scan result 2/65","trigger":"f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"6fc25f0c7044a292fb67bd6ba063d900","sha1":"28e9d01a471f4ff0228cfe9af1958e4d4d97c6fd","sha256":"f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","sha512":"a7a517f8635bd248a6fef4c937ddde0b46efa957464cabb24729565e928eeae0d5d395f76b5799145193c69989d308c092c33655f45cef5ffa44de03faecaa0c","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":1083625,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/91493088/46f83bda-2730-48ca-bc92-54102e2af783?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20241229%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20241229T170529Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=f206856bb8bc28103b0588ae699acebf6b72c439bcdcc860e46585a5a46647b3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3Dgoodbyedpi-0.2.3rc2.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"goodbyedpi-0.2.3rc2/licenses/LICENSE-getline.txt","filename":"LICENSE-getline.txt","modified":"2017-12-17T00:31:26Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1517,"md5":"3a7edebc3612bcea2306f73b92342a44","sha1":"9b177bac083f79d4334373a8144899b60155ecc6","sha256":"ec5f8e03fccb3842cc62ad79ea5f6f6058988e2721a3e6566e8fb72786d485c4","sha512":"17e987e112d02b1afd430db553ba0826c4b2ae7cfeba9adc3b9d8cebc93bbb6f02024a6ef95adf623eab5331af718fd10bafbf20b2dc5e906c0d2381ca11ba8d","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/licenses/LICENSE-goodbyedpi.txt","filename":"LICENSE-goodbyedpi.txt","modified":"2017-05-26T15:59:20Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":11558,"md5":"c4082b6c254c9fb71136710391d9728b","sha1":"ff426822972c8972e3e4e782baac6f5304fd458c","sha256":"e03ba41d7fab20700769fe4118bab50d800cb74f990353a05d2f5fff1c228363","sha512":"4c71355f37002b14cf072328fe42569405cac2dc13b8c6ae871a1a5e958411417b7d4238a49c60c9bf5d956c5488b8ec9f4af99a6a6f8e5d8508443e4ceed2fa","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/licenses/LICENSE-uthash.txt","filename":"LICENSE-uthash.txt","modified":"2106-02-07T09:28:16Z","Modified":"","magic":"ASCII text","size":1141,"md5":"5cc1f1e4c71f19f580458586756c02b4","sha1":"08473f885bd0231790223311cc3a712faf8abded","sha256":"d3c6556e48104c31e3e0c62238c749c2a09ca79ee87da50b9cd29c6c9027d57d","sha512":"d038952606c33cac0870b7018e8a33fc0e4d120363b392d9f5af36fd4e2519d95f51da1f87c30787db02d71208e40f806e8e0f6c9766791086150f98b3b8a489","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/licenses/LICENSE-windivert.txt","filename":"LICENSE-windivert.txt","modified":"2017-05-26T15:59:14Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":40941,"md5":"b864fbb188a7c3a11cef80f3ee902d77","sha1":"7a3f0538f8fd2ee1c30fc1952cbf83b13b360b3f","sha256":"e5453b2e71e4c4dcdb89a2539655add3a63202521cf3012b768e8bfeda199312","sha512":"eb03bb26490535d98e270c89d70dfc9d1a0e2a22ad2bc09ed316e522fb52177b24bb6a2c023c9b010837b6b9a28dfe6492dc0b77f45883385a7e66dd00463c32","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/x86/WinDivert.dll","filename":"WinDivert.dll","modified":"2024-07-31T11:49:58Z","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections","size":43008,"md5":"1cb0efd60883b5637b31bf46c34ae199","sha1":"b91de8d5f072f8c6aabd029d96568effdd5662d9","sha256":"625ffdd95bfabff32d0e8a95beabcd303c01c8bba73b90402d4e84d6e15dd8e5","sha512":"68c7c257b8cd28011f4b9af09b1e4c7b3d69c6f1457ca6f68fe114fcb382e470b87b9c12ca5d6d4aedd27a103a35fac9093c08b288867cceb9621a60ac70a6f7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-12-29","alert":"Detects WinDivert User-Mode packet capturing driver","trigger":"goodbyedpi-0.2.3rc2/x86/WinDivert.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-10-02","description":"Detects WinDivert User-Mode packet capturing driver","hash1":"33c657fa27b92cfcced66b331cfea7a880460a98cf037e4277faa1420fe59d1c","hash2":"9b834e8f9d117bf2c564a37434973dc0717270ebfac8d8251711905d18da3858","hash3":"5ef707ea68a9bd3a3e568793a0f7d66d166694801ada067d9ebac1d13e53153e","hash4":"df12afa691e529f01c75b3dd734f6b45bf1488dbf90ced218657f0d205bff319","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://www.reqrypt.org/windivert.html","rule":"WinDivert_Driver","score":"40"}}]}},{"path":"goodbyedpi-0.2.3rc2/x86/WinDivert32.sys","filename":"WinDivert32.sys","modified":"2024-07-31T11:49:58Z","Modified":"","magic":"PE32 executable (native) Intel 80386, for MS Windows, 6 sections","size":77784,"md5":"cd477ee96ff05cacda8ac3c0e9316d7a","sha1":"68da0c17728aa672f140477b3822aefb5810c8b5","sha256":"29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca","sha512":"27e13504eb291a5324d824360532ca6d19c409022c72f5609ca55f92558388e3f25f1e8d657afd3d1e4f9ea9c082483c954d6f4e89df049e4f732383a04adcad","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-11","alert":"Scan result 2/72","trigger":"29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/29ca5ceb59c9c6993a349e82b1fd46078e6f8a302764153ab84fa22e382fcdca","meta":null}]}},{"path":"goodbyedpi-0.2.3rc2/x86/WinDivert64.sys","filename":"WinDivert64.sys","modified":"2024-07-31T11:49:58Z","Modified":"","magic":"PE32+ executable (native) x86-64, for MS Windows, 8 sections","size":92120,"md5":"6a33620de63bccaf5e5314ee49cd58fb","sha1":"ac728b339681b2e27099fecc1419821f01d04b34","sha256":"e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","sha512":"638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-27","alert":"Scan result 2/71","trigger":"e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","verdict":"suspicious","severity":"","comment":"suspicious - 2/71","link":"https://www.virustotal.com/gui/file/e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","meta":null}]}},{"path":"goodbyedpi-0.2.3rc2/x86/goodbyedpi.exe","filename":"goodbyedpi.exe","modified":"2024-09-14T20:27:04Z","Modified":"","magic":"PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 11 sections","size":100864,"md5":"ca4bb8e03aef6cd3681f3f5d22420688","sha1":"6fe09ba51a8c921ef0b79e73292eca0d8d68d52f","sha256":"1447a5a9c5fc5d7463f0485f03b55e50d59b4c7b22ecafdb61143d75c6643dec","sha512":"591ac796573421cc6fc0986de8ea120e764c06ea36571777adbae8387b5bb4c78785ef6034e63eb3d367476c9e32c624ab9108ac1f3b27795bed5def50682a6d","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/x86_64/WinDivert.dll","filename":"WinDivert.dll","modified":"2024-07-31T11:49:56Z","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections","size":47104,"md5":"88e1c19b978436258f7c938013408a8a","sha1":"09b77c8c85757e11667a7b83231598dd67fe0b8b","sha256":"6110bfa44667405179c3e15e12af1b62037e447ed59b054b19042032995e6c7e","sha512":"eaa0d8369b76fd9a4978f14702716ae31d801cd0dc36a86531f9320b4ddb683265c4f0e07af2b9d2e85f513270d98d1b11ae7d501d08287442bc505176d16e14","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-12-29","alert":"Detects WinDivert User-Mode packet capturing driver","trigger":"goodbyedpi-0.2.3rc2/x86_64/WinDivert.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-10-02","description":"Detects WinDivert User-Mode packet capturing driver","hash1":"33c657fa27b92cfcced66b331cfea7a880460a98cf037e4277faa1420fe59d1c","hash2":"9b834e8f9d117bf2c564a37434973dc0717270ebfac8d8251711905d18da3858","hash3":"5ef707ea68a9bd3a3e568793a0f7d66d166694801ada067d9ebac1d13e53153e","hash4":"df12afa691e529f01c75b3dd734f6b45bf1488dbf90ced218657f0d205bff319","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://www.reqrypt.org/windivert.html","rule":"WinDivert_Driver","score":"40"}}]}},{"path":"goodbyedpi-0.2.3rc2/x86_64/WinDivert64.sys","filename":"WinDivert64.sys","modified":"2024-07-31T11:49:56Z","Modified":"","magic":"PE32+ executable (native) x86-64, for MS Windows, 8 sections","size":92120,"md5":"6a33620de63bccaf5e5314ee49cd58fb","sha1":"ac728b339681b2e27099fecc1419821f01d04b34","sha256":"e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","sha512":"638d1b8aa4dc0e4ac504f51aaa3ec8375ccc3d69a4d36821f6bb98060b58586007f47966b9d58d222b9f067e12e80755f56559286cbabec8746146acaf24f945","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-27","alert":"Scan result 2/71","trigger":"e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","verdict":"suspicious","severity":"","comment":"suspicious - 2/71","link":"https://www.virustotal.com/gui/file/e69b5ba3f0cd6cfb2983e442636e7f0b342b61b15264b0328317d4559c82cf50","meta":null}]}},{"path":"goodbyedpi-0.2.3rc2/x86_64/goodbyedpi.exe","filename":"goodbyedpi.exe","modified":"2024-09-14T20:27:02Z","Modified":"","magic":"PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections","size":101888,"md5":"17d48981add03f748a33175d19d305a5","sha1":"3cce637a1dcdcfc5e8d7c90f2f47c5cc461ddf4b","sha256":"70cc726e9c852d93ef34630f2373342dbb7a5103bdfc4f6e9229e14382b4077b","sha512":"ed869c2208193d4c2ce61dc6d91ddf37c914df3519ffaed584ca48d5c0e318c2ed20c117a45083159c240b5e05cccc4df8218570472f24be7dbe8c66770d8f3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/0_russia_update_blacklist_file.cmd","filename":"0_russia_update_blacklist_file.cmd","modified":"2024-07-31T14:53:42Z","Modified":"","magic":"DOS batch file, ASCII text","size":130,"md5":"a6af4b081a4cbcd448759306b2366eac","sha1":"0d1d887413e074b0991b5be0ca296f18053502c0","sha256":"d9d7c57c7dedb3a4e6566ddd7623758f53986a2c34e0cd3784b84f7f881a01c4","sha512":"f406b865f4bbe08181f1c1f239f198bab03b5b681174323b78f0b3c1790a1e177473a89ee566dac906c08d044fb0eb9a48991cf773222d378f469bd4941af62f","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/1_russia_blacklist.cmd","filename":"1_russia_blacklist.cmd","modified":"2024-08-01T07:50:30Z","Modified":"","magic":"DOS batch file, ASCII text","size":274,"md5":"76763259e528cd27e998fb4c665c2b78","sha1":"f2b6e15dca04c54ace2aefc4bc72656dc7550cab","sha256":"69c8b67fafbca446ce5302e97f9947191ecb84d2a51eae61d4955dc3e2147da0","sha512":"69d35fb64ab4cee901b7ecc9baac437cd4dd5e3feb5b006a0fa8c3d52fce8ac9eea5ee68a6dcea01f5386966ac135e85bfba8fc8eecec5d8c70212e795d0dd76","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/1_russia_blacklist_dnsredir.cmd","filename":"1_russia_blacklist_dnsredir.cmd","modified":"2024-08-01T07:50:36Z","Modified":"","magic":"DOS batch file, ASCII text","size":361,"md5":"06018c5958cddd1d0cf3135762aeb2eb","sha1":"42323a08fc5a9d9b600852cd587f0a7dd914858b","sha256":"472d9bd4f0366bb9478b6cd61302f12bf6cffbed038508a67087250bf610e355","sha512":"c49a4b90e08785401049dc374599404976d9a5e145ed0a034f18615d4b8a4c4cf8adc4b714ed7b68445e66546d9c59a5666846d71e70b7fba600659821f4a4f0","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/2_any_country.cmd","filename":"2_any_country.cmd","modified":"2024-07-31T14:54:24Z","Modified":"","magic":"DOS batch file, ASCII text","size":204,"md5":"72103c58f2ed536ebc07e19fd00fa2f0","sha1":"cd37e3bfdc4dbeecfd945561b8538e328dcfe2f9","sha256":"17a3d7b8b1e1340f67d3687ce9162199c0a25025941d23954880808403487d07","sha512":"4270dfb825f03d41d5911db8cef7de43c58a0401d84bd72e047da6b9fc6753789c070c9fd61bb0145f70b47026ba70d9d18612fefd1314436998adb354de815b","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/2_any_country_dnsredir.cmd","filename":"2_any_country_dnsredir.cmd","modified":"2024-07-31T14:54:18Z","Modified":"","magic":"DOS batch file, ASCII text","size":291,"md5":"77048213eb9358ff71f99667dd08034b","sha1":"cb35b4554e96f3a7089c103e911eab58c9369d53","sha256":"e599adb50f219cfbd620a21167b6cfc68e326da50836b5985826e45e88d247fe","sha512":"6af0c1281108ad7d61d61ae98ae84e5ad024fed32dd997e2f053dcb40a1d595cf76310ce36397791e747cad984a341a959fd4eb43d284cfcaf6cf17f7c5f7236","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_install_russia_blacklist.cmd","filename":"service_install_russia_blacklist.cmd","modified":"2024-08-01T07:56:52Z","Modified":"","magic":"DOS batch file, ASCII text","size":660,"md5":"af6dac6686b77dc51203800737f41b75","sha1":"385568a96d92ca8206e45b6cf945b2fa11b29f80","sha256":"4d2068f04436998bdf003c430f7bc28f0d0fc7d48031b8a37983f84bad6374bb","sha512":"ae54f13ec18a71983b598f9f2d38231168b9f7de3238f6f742128331f2957e0a770b9502f2bf1997c8f6a6cb0c4bb90e9f4a8156ac807744141c51f4b0c4c49c","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_install_russia_blacklist_dnsredir.cmd","filename":"service_install_russia_blacklist_dnsredir.cmd","modified":"2024-08-01T09:33:00Z","Modified":"","magic":"DOS batch file, ASCII text","size":747,"md5":"77b1d63472e67c4368961c463cc1d92c","sha1":"7653fa303944e6f2436ef72ad8a6d11eb6f8b95e","sha256":"450f2b003fb579f897eded1131c9e893afde7b2ebf07b86110449e57ed9a0da8","sha512":"67763f15836d456bd8713533599f2bc6d97d16887fc4078f5c5c36ec0b42beffc267e5eb9396f16aa350ce39a61c57ecc1c82e32068495a74489af68dacc3a31","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_remove.cmd","filename":"service_remove.cmd","modified":"2024-09-14T23:34:08Z","Modified":"","magic":"DOS batch file, ASCII text","size":309,"md5":"204b35d000d6b29c1102b1d8b6a63dc7","sha1":"94a92cb8ea948b5ebac3b3eea2cb9bcf31f85e20","sha256":"63915b4b09658cdfec4c74923650398d9fc497ae3ce9e68c5592337051d2fb64","sha512":"bb9dfa323938700c562bd68e5c1bb500e39b9f7ece58a3c7284ee0a895b4bd4b2337f693e9593d190a4461d66694ea7ec135e7b83824edce9ff73b7e4d413db7","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/russia-blacklist.txt","filename":"russia-blacklist.txt","modified":"2024-09-14T23:28:08Z","Modified":"","magic":"ASCII text","size":2358084,"md5":"c778017427c08556621c3360e7b60b12","sha1":"9f2e0a127dcc409c10d4890a27d165c08977c8e0","sha256":"227b4961ea7bafac9bb5aaf3dfeb2537beb64169ae37f7658efebb573bc9c01a","sha512":"7bac0ea2123c4be8ad0f1f0df6a941fa3ceb80bc0aa728b004f52cfc36bca99d8cbbf43ebd28a56cff90bf9e551e99a39750b364435ca05af21676a326b64fab","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/russia-youtube.txt","filename":"russia-youtube.txt","modified":"2024-09-14T23:31:30Z","Modified":"","magic":"ASCII text","size":256,"md5":"91d74100607dba77eda0d7a75dacb0cc","sha1":"95490aede362c6275d325615fdbf3f94fee8e392","sha256":"2d8de5532bae45852a3f6d8270e881fc10fec89f8d9daec3d91988a669760f79","sha512":"9f55f99971789c0f53aefda6d3beab78b28854b0a8ca74869e09d5e1dd905f8394a2927bca2f1bbb3a73198e5da6e8b6e3ac72ddd2cbf6363c0c88298bdadfdd","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/1_russia_blacklist_YOUTUBE.cmd","filename":"1_russia_blacklist_YOUTUBE.cmd","modified":"2024-09-14T23:32:30Z","Modified":"","magic":"DOS batch file, ASCII text","size":287,"md5":"2627a5d6391bf8e824ecebecb370c09e","sha1":"16e42dd0d140f55aab95251fb61c736e3f7b8a23","sha256":"424293653957dd7e1e5196d08c3fcc75ad646517b36f7447149486d69ee5a284","sha512":"32a7c93f1e32ca68c446c6867a8ada8e1dd6f861d57280582920cfbe85737f6d3c543d475eeef15f3890bb95ffa4ae54c433dd0e5c95e916c3df60b05dab782e","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_install_russia_blacklist_YOUTUBE.cmd","filename":"service_install_russia_blacklist_YOUTUBE.cmd","modified":"2024-09-14T23:34:42Z","Modified":"","magic":"DOS batch file, ASCII text","size":673,"md5":"13a3550b6edd5b95127889f95b79c764","sha1":"2ae80c2b3ba356fd83bc8819b6dbabc14862e5bf","sha256":"97ec9e6554a0796dd7ec9b37295f1e1d544ba827480b218e1db86b70e2d7c35d","sha512":"8a634d8934e50ec1b2f6a14509777448fda99046f764ed752c78e4e89f85b8641f17a65260dca0abd360f5807b7f1bacdb8caf7e621eac623d44a532c83b330f","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/service_install_russia_blacklist_YOUTUBE_ALT.cmd","filename":"service_install_russia_blacklist_YOUTUBE_ALT.cmd","modified":"2024-09-14T23:35:06Z","Modified":"","magic":"DOS batch file, ASCII text","size":680,"md5":"e2ba1aaf4a89b8f271ca78f3598054ca","sha1":"1069101b4abce8771c930bfb368a6e27603b6d1e","sha256":"7e5acd924e78ef21de959a18f87f43d68a9c2ffb02408de195b5d1e3bb063251","sha512":"dbdbadc5ad7c7e681129b36538a546e04db9b197ad8f7a1c2465838af2f8a200249d5190d150d2d0a831bd821ac456a63f76aa050343e8d68acb4029a9817071","alerts":{"urlquery":null,"analyzer":null}},{"path":"goodbyedpi-0.2.3rc2/1_russia_blacklist_YOUTUBE_ALT.cmd","filename":"1_russia_blacklist_YOUTUBE_ALT.cmd","modified":"2024-09-14T23:33:12Z","Modified":"","magic":"DOS batch file, ASCII text","size":294,"md5":"61d122cea83daa938ccc8fe87a5b8d97","sha1":"203c7ff6e4d94270d2f37c4ebe1f57744f425c6c","sha256":"b7253c2f8fd782273269ff40a26ed23e97a23edc7db6ad23f0632a70a2f6b437","sha512":"d390df920071297ac566dd982fe6c3b7cb6a8a775dac32808354b30ff30b3dfef61e6dc570fa4e3cfaaa6fdde9665eaffd6dfb9e56dbb34a07a14d5bb5e35ba2","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-12-29","alert":"Detects WinDivert User-Mode packet capturing driver","trigger":"goodbyedpi-0.2.3rc2/x86/WinDivert.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-10-02","description":"Detects WinDivert User-Mode packet capturing driver","hash1":"33c657fa27b92cfcced66b331cfea7a880460a98cf037e4277faa1420fe59d1c","hash2":"9b834e8f9d117bf2c564a37434973dc0717270ebfac8d8251711905d18da3858","hash3":"5ef707ea68a9bd3a3e568793a0f7d66d166694801ada067d9ebac1d13e53153e","hash4":"df12afa691e529f01c75b3dd734f6b45bf1488dbf90ced218657f0d205bff319","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://www.reqrypt.org/windivert.html","rule":"WinDivert_Driver","score":"40"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-12-29","alert":"Detects WinDivert User-Mode packet capturing driver","trigger":"goodbyedpi-0.2.3rc2/x86_64/WinDivert.dll","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2017-10-02","description":"Detects WinDivert User-Mode packet capturing driver","hash1":"33c657fa27b92cfcced66b331cfea7a880460a98cf037e4277faa1420fe59d1c","hash2":"9b834e8f9d117bf2c564a37434973dc0717270ebfac8d8251711905d18da3858","hash3":"5ef707ea68a9bd3a3e568793a0f7d66d166694801ada067d9ebac1d13e53153e","hash4":"df12afa691e529f01c75b3dd734f6b45bf1488dbf90ced218657f0d205bff319","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","reference":"https://www.reqrypt.org/windivert.html","rule":"WinDivert_Driver","score":"40"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-21","alert":"Scan result 2/65","trigger":"f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"github.com/ValdikSS/GoodbyeDPI/releases/download/0.2.3rc2/goodbyedpi-0.2.3rc2.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-29T17:05:29.095Z","timestamp":1735491929095,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 07 Mar 2024 00:00:00 GMT","end":"Fri, 07 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"E7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0","sha256":"FD:6E:9B:0E:F3:98:BC:D9:04:C3:B2:EC:16:7A:7B:0F:DA:72:01:C9:03:C5:3A:6A:6A:E5:D0:41:43:63:EF:65"}}},"request":{"raw":"GET /ValdikSS/GoodbyeDPI/releases/download/0.2.3rc2/goodbyedpi-0.2.3rc2.zip HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Sun, 29 Dec 2024 17:05:29 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/91493088/46f83bda-2730-48ca-bc92-54102e2af783?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20241229%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20241229T170529Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=f206856bb8bc28103b0588ae699acebf6b72c439bcdcc860e46585a5a46647b3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3Dgoodbyedpi-0.2.3rc2.zip\u0026response-content-type=application%2Foctet-stream\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: D7DD:4DAE2:15F36C27:1692A8B3:67718159\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T17:07:55.698935Z","times_seen":15618608,"resource_available":true,"data":null}},"time_used":496,"timings":{"blocked":158,"dns":0,"connect":19,"send":0,"wait":179,"receive":0,"ssl":122},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/91493088/46f83bda-2730-48ca-bc92-54102e2af783?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20241229%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20241229T170529Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=f206856bb8bc28103b0588ae699acebf6b72c439bcdcc860e46585a5a46647b3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3Dgoodbyedpi-0.2.3rc2.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.110.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-29T17:05:29.437Z","timestamp":1735491929437,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /github-production-release-asset-2e65be/91493088/46f83bda-2730-48ca-bc92-54102e2af783?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20241229%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20241229T170529Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=f206856bb8bc28103b0588ae699acebf6b72c439bcdcc860e46585a5a46647b3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3Dgoodbyedpi-0.2.3rc2.zip\u0026response-content-type=application%2Foctet-stream HTTP/1.1\r\nHost: objects.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Sat, 14 Sep 2024 20:42:43 GMT\r\netag: \"0x8DCD4FDC8C1FE76\"\r\nserver: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: ff0109ff-901e-0028-0d9b-4e80fd000000\r\nx-ms-version: 2024-11-04\r\nx-ms-creation-time: Sat, 14 Sep 2024 20:42:43 GMT\r\nx-ms-lease-status: unlocked\r\nx-ms-lease-state: available\r\nx-ms-blob-type: BlockBlob\r\ncontent-disposition: attachment; filename=goodbyedpi-0.2.3rc2.zip\r\nx-ms-server-encrypted: true\r\nvia: 1.1 varnish, 1.1 varnish\r\nfastly-restarts: 1\r\naccept-ranges: bytes\r\nage: 4009\r\ndate: Sun, 29 Dec 2024 17:05:29 GMT\r\nx-served-by: cache-iad-kjyo7100161-IAD, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 293, 0\r\nx-timer: S1735491929.478394,VS0,VE1\r\ncontent-length: 1083625\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1083625,"size_decoded":1083625,"mime_type":"application/octet-stream","magic":"Zip archive data, at least v2.0 to extract, compression method=store","md5":"6fc25f0c7044a292fb67bd6ba063d900","sha1":"28e9d01a471f4ff0228cfe9af1958e4d4d97c6fd","sha256":"f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","sha512":"a7a517f8635bd248a6fef4c937ddde0b46efa957464cabb24729565e928eeae0d5d395f76b5799145193c69989d308c092c33655f45cef5ffa44de03faecaa0c","ssdeep":"24576:iCi0wVmDjgXSJ4l7DHX8RFJF45pRVMj/qcSlw6n3fKDz+fBt+1fX1:iGwVmDjglPQT2XKHSG+PE+JAJl","tlshash":"9535333d28e9d6b3e662dfb2657eb005c864bf3fe49c7e23913001184c55e991bca9c6","first_seen":"2024-09-19T19:45:28.822465Z","last_seen":"2025-05-11T21:10:45.219291Z","times_seen":12,"resource_available":false,"data":null}},"time_used":664,"timings":{"blocked":36,"dns":1,"connect":13,"send":0,"wait":423,"receive":169,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-12-21","alert":"Scan result 2/65","trigger":"f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/f081740ce7d0fef4d8e7988347697b37943c3cb14cfcc0a32d22328752d0fef0","meta":null}],"urlquery":null}}]}