Malware Analysis Report

2024-07-11 07:25

Sample ID 231128-1xdt4ach93
Target Setup Audiolens v1.2.0.exe
SHA256 f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9
Tags
infostealer diamondfox discovery botnet stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9

Threat Level: Known bad

The file Setup Audiolens v1.2.0.exe was found to be: Known bad.

Malicious Activity Summary

infostealer diamondfox discovery botnet stealer

DiamondFox payload

Diamondfox family

DiamondFox

DiamondFox payload

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-11-28 22:03

Signatures

DiamondFox payload

infostealer
Description Indicator Process Target
N/A N/A N/A N/A

Diamondfox family

diamondfox

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-28 22:01

Reported

2023-11-28 22:08

Platform

win7-20231023-en

Max time kernel

93s

Max time network

34s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\is-HQ9LK.tmp C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\is-2B084.tmp C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\win64\is-6OKSP.tmp C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A
File opened for modification C:\Program Files\iZotope\Audiolens\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe

"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$70122,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

Network

N/A

Files

memory/2772-1-0x0000000000400000-0x0000000000428000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

memory/2612-8-0x0000000000250000-0x0000000000251000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\R2RINNO.dll

MD5 5df8ada84a16f5dfc24096ef90a5ce3a
SHA1 5e7e9c68119c3a0a1afc92c60674bc8714492823
SHA256 48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b
SHA512 661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2

\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\ISSKINU.DLL

MD5 f30afccd6fafc1cad4567ada824c9358
SHA1 60a65b72f208563f90fba0da6af013a36707caa9
SHA256 e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d
SHA512 59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

memory/2612-16-0x0000000010000000-0x0000000010061000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\SKIN.CJSTYLES

MD5 5f87caf3f7cf63dde8e6af53bdf31289
SHA1 a2c3cc3d9d831acd797155b667db59a32000d7a8
SHA256 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940
SHA512 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

memory/2612-20-0x0000000074E60000-0x0000000074EEF000-memory.dmp

memory/2612-21-0x0000000074AC0000-0x0000000074C1C000-memory.dmp

memory/2612-22-0x00000000752C0000-0x0000000075360000-memory.dmp

memory/2612-23-0x00000000750F0000-0x000000007518D000-memory.dmp

memory/2612-24-0x0000000074EF0000-0x0000000074F47000-memory.dmp

memory/2612-26-0x0000000074510000-0x0000000074548000-memory.dmp

memory/2612-25-0x0000000075360000-0x0000000075FAA000-memory.dmp

memory/2612-27-0x0000000074380000-0x000000007449F000-memory.dmp

memory/2612-28-0x00000000742F0000-0x000000007437C000-memory.dmp

memory/2612-29-0x00000000762C0000-0x00000000762EA000-memory.dmp

memory/2612-30-0x00000000742B0000-0x00000000742E2000-memory.dmp

memory/2612-31-0x0000000074130000-0x0000000074225000-memory.dmp

memory/2612-32-0x00000000767B0000-0x000000007694D000-memory.dmp

memory/2612-34-0x0000000074E60000-0x0000000074EEF000-memory.dmp

memory/2612-33-0x0000000010000000-0x0000000010061000-memory.dmp

memory/2612-35-0x0000000074AC0000-0x0000000074C1C000-memory.dmp

memory/2612-36-0x00000000752C0000-0x0000000075360000-memory.dmp

memory/2612-37-0x00000000749C0000-0x00000000749C9000-memory.dmp

memory/2612-38-0x0000000074770000-0x000000007490E000-memory.dmp

memory/2612-39-0x0000000074EF0000-0x0000000074F47000-memory.dmp

memory/2612-41-0x0000000076700000-0x000000007677B000-memory.dmp

memory/2612-40-0x0000000075360000-0x0000000075FAA000-memory.dmp

memory/2612-44-0x0000000076510000-0x0000000076593000-memory.dmp

memory/2612-45-0x0000000074510000-0x0000000074548000-memory.dmp

memory/2612-46-0x00000000744F0000-0x0000000074507000-memory.dmp

memory/2612-47-0x0000000074380000-0x000000007449F000-memory.dmp

memory/2612-49-0x0000000074230000-0x0000000074269000-memory.dmp

memory/2612-48-0x00000000742B0000-0x00000000742E2000-memory.dmp

memory/2612-50-0x0000000074130000-0x0000000074225000-memory.dmp

memory/2612-51-0x00000000767B0000-0x000000007694D000-memory.dmp

memory/2612-52-0x00000000740A0000-0x00000000740D6000-memory.dmp

memory/2612-53-0x0000000010000000-0x0000000010061000-memory.dmp

memory/2612-54-0x0000000074E60000-0x0000000074EEF000-memory.dmp

memory/2612-55-0x00000000752C0000-0x0000000075360000-memory.dmp

memory/2612-56-0x00000000750F0000-0x000000007518D000-memory.dmp

memory/2612-57-0x0000000074750000-0x0000000074762000-memory.dmp

memory/2612-58-0x0000000074770000-0x000000007490E000-memory.dmp

memory/2612-59-0x0000000074EF0000-0x0000000074F47000-memory.dmp

memory/2612-60-0x0000000076700000-0x000000007677B000-memory.dmp

memory/2612-62-0x00000000749D0000-0x00000000749E3000-memory.dmp

memory/2612-63-0x0000000076510000-0x0000000076593000-memory.dmp

memory/2612-64-0x00000000742F0000-0x000000007437C000-memory.dmp

memory/2612-65-0x00000000742B0000-0x00000000742E2000-memory.dmp

memory/2612-66-0x0000000074230000-0x0000000074269000-memory.dmp

memory/2612-67-0x0000000074130000-0x0000000074225000-memory.dmp

memory/2612-69-0x0000000076780000-0x00000000767A7000-memory.dmp

memory/2612-70-0x0000000010000000-0x0000000010061000-memory.dmp

memory/2612-68-0x00000000767B0000-0x000000007694D000-memory.dmp

memory/2612-71-0x00000000752C0000-0x0000000075360000-memory.dmp

memory/2612-72-0x00000000749C0000-0x00000000749C9000-memory.dmp

memory/2612-73-0x0000000074750000-0x0000000074762000-memory.dmp

memory/2612-77-0x0000000076510000-0x0000000076593000-memory.dmp

memory/2612-79-0x00000000742B0000-0x00000000742E2000-memory.dmp

memory/2612-80-0x0000000074230000-0x0000000074269000-memory.dmp

memory/2612-78-0x00000000742F0000-0x000000007437C000-memory.dmp

memory/2612-81-0x0000000074130000-0x0000000074225000-memory.dmp

memory/2612-82-0x00000000767B0000-0x000000007694D000-memory.dmp

memory/2612-75-0x0000000074EF0000-0x0000000074F47000-memory.dmp

memory/2612-83-0x00000000740A0000-0x00000000740D6000-memory.dmp

memory/2612-74-0x0000000074770000-0x000000007490E000-memory.dmp

memory/2612-84-0x0000000010000000-0x0000000010061000-memory.dmp

memory/2772-279-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2612-280-0x0000000000250000-0x0000000000251000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 2e682d268f1a21a0023d0eb8e445baa3
SHA1 0f218a80b267a8ad0dd2d94b39506f6391069683
SHA256 d02ff3983269455f78869004b0df331aaf1c7ac1a8d4749e010a113634286332
SHA512 9e0099928d0f42388a6048c726e1f37553a4b69c62427c014cc60360bf0d4fa8bb345d1ea005ac9f333be46a0f8bc17f2d2acc2bfbcdd51b8639a92bad01f760

C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 d25cc104dc5046c67adb86339c461e28
SHA1 5ac0137835f3bb563741c353396c710c2b31b870
SHA256 c15d4a8c97bf532c1d1ac5c52119d358de2d86ac385da8b42f55facfe0217665
SHA512 0a3f22a772745fd0d540be4f4bbbe48d7d6abe15fafbaa24d0652af2944ab906f618fa75455b91715599200ebd45740513cca3ebf6b35d00af2f21c0945f70d4

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 6d570a17255afc052dba8c71650e064b
SHA1 92be959ddd74e63b27548e9e92e0d17e9a339e4c
SHA256 ed203b5f2b93f3e13ea0ab23f1c28baf0738dd1fb9c77067903ec66e39052be9
SHA512 d3f34a24aba464c4013fe672f6425e0eb23d35392431ee87995de821f2460409cb6811de88efe7d8737fe409189c2d622021d7ea0d612b6693a6c87559d6a339

\Program Files\iZotope\Audiolens\unins000.exe

MD5 497ac9f4ac3c9cd160441bcc116ccd2f
SHA1 3bacb9522b2c6bb125b7f49121e90367b8bff0b3
SHA256 a372248c9f39f2c6ec456f582702a8b9f2af629b74cd7c220621b0a631762e7c
SHA512 82cd25f063361e18fd5fce6fef5b7645ad0a592745cf66da72a30672313382b0ff5185aef33c674016c70442b1c46e98e427743257e40033ee586a14f77d1f59

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 9ee17c6bbf54facd038e3a10bfabaaec
SHA1 f6f4bb4aaf46cf9c2cb4f66f72eaf55cc35b4568
SHA256 65e39227d205bb48dafec4cdcb4df0a939ba89e96ad2ea4be5e22347f861ea85
SHA512 d05a68d362a356ee9ba0a925334910861bd8a891b19e61d7de67f08c65a67c67875269a9c596a29955bed2c6539c79f0e93361a102ea8e6179565f6ae5e2d4e2

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 60600b2eb05d222d5408799583304ae0
SHA1 bd3bfec8e38109866f63b7b4757c5c942bd576b5
SHA256 bf1765f143dc4d1718151b0fba016549281338a72343f7b09bcaee5d820bbbfc
SHA512 98bc0f1b0a5e6aa6ff8529485cd8ec14e7aa43df4f2a31ba7c7645c799b1f9984331d893db3dbca7cb4ca15c16d3f0896eedafa0dadb339a5ce7c28d5a64e1ff

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 bc97b9e481159952fd0a98926f62dd9a
SHA1 dff540065092813912fff98342a24904ea260a42
SHA256 e49993b168727eb461cfceaba005dbe5e404365b8d60cfc5715560259b2808a9
SHA512 c6086e6d0a5023ef99e6e5f75040bff488fb868a5bd9033cd72964e9ff4c198cb287976de98e772b47bea0fcd60e2e1d774426aaa540fef02a7391343ffab7fd

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 930c9184e9aa0ea113d8428736a1cc95
SHA1 1fe77b9a4cdeede9a60be43728ff3d417a02d884
SHA256 cbed872c64c347c425cef867d85d3ce2ae04c6a7e4e37fdb08ba24ac901c6c76
SHA512 38bcad71f8aa441be63f06cf086368cacd2b0a9c65368e59697f4a0f52776f794acdabb46fa3a691f6cf8a6909919a1a60b68b24639ccb14a7705dc18c558a34

memory/2772-578-0x0000000000400000-0x0000000000428000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-28 22:01

Reported

2023-11-28 22:07

Platform

win10v2004-20231127-en

Max time kernel

121s

Max time network

187s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

Signatures

DiamondFox

botnet stealer diamondfox

DiamondFox payload

infostealer
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\iZotope\Audiolens\is-G8CIP.tmp C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\is-K4HJL.tmp C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\win64\is-O9HN8.tmp C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A
File opened for modification C:\Program Files\iZotope\Audiolens\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A
File opened for modification C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe

"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$5022C,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 67.254.221.88.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 48.254.221.88.in-addr.arpa udp
US 8.8.8.8:53 126.23.238.8.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

memory/4676-0-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

memory/456-5-0x0000000000740000-0x0000000000741000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-E700L.tmp\R2RINNO.dll

MD5 5df8ada84a16f5dfc24096ef90a5ce3a
SHA1 5e7e9c68119c3a0a1afc92c60674bc8714492823
SHA256 48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b
SHA512 661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2

C:\Users\Admin\AppData\Local\Temp\is-E700L.tmp\ISSKINU.DLL

MD5 f30afccd6fafc1cad4567ada824c9358
SHA1 60a65b72f208563f90fba0da6af013a36707caa9
SHA256 e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d
SHA512 59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

memory/456-13-0x0000000010000000-0x0000000010061000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-E700L.tmp\SKIN.CJSTYLES

MD5 5f87caf3f7cf63dde8e6af53bdf31289
SHA1 a2c3cc3d9d831acd797155b667db59a32000d7a8
SHA256 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940
SHA512 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

C:\Users\Admin\AppData\Local\Temp\is-E700L.tmp\SKIN.CJSTYLES

MD5 5f87caf3f7cf63dde8e6af53bdf31289
SHA1 a2c3cc3d9d831acd797155b667db59a32000d7a8
SHA256 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940
SHA512 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

memory/456-19-0x0000000077430000-0x00000000774AA000-memory.dmp

memory/456-20-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-21-0x0000000077430000-0x00000000774AA000-memory.dmp

memory/456-22-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-23-0x0000000077430000-0x00000000774AA000-memory.dmp

memory/456-24-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-25-0x0000000077430000-0x00000000774AA000-memory.dmp

memory/456-26-0x0000000076890000-0x00000000768B5000-memory.dmp

memory/456-27-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-28-0x0000000077430000-0x00000000774AA000-memory.dmp

memory/456-30-0x0000000074470000-0x00000000744A0000-memory.dmp

memory/456-29-0x0000000076890000-0x00000000768B5000-memory.dmp

memory/456-31-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-32-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-33-0x0000000076890000-0x00000000768B5000-memory.dmp

memory/456-34-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-35-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-36-0x0000000075A10000-0x0000000075AF3000-memory.dmp

memory/456-37-0x0000000075C40000-0x00000000761F3000-memory.dmp

memory/456-38-0x00000000758D0000-0x000000007597F000-memory.dmp

memory/456-39-0x0000000075170000-0x0000000075380000-memory.dmp

memory/456-40-0x00000000742D0000-0x00000000743F2000-memory.dmp

memory/456-41-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-42-0x00000000771C0000-0x000000007729C000-memory.dmp

memory/456-43-0x0000000075A10000-0x0000000075AF3000-memory.dmp

memory/456-44-0x0000000075C40000-0x00000000761F3000-memory.dmp

memory/456-45-0x00000000758D0000-0x000000007597F000-memory.dmp

memory/456-46-0x0000000075170000-0x0000000075380000-memory.dmp

memory/456-47-0x00000000750F0000-0x0000000075164000-memory.dmp

memory/456-48-0x00000000742D0000-0x00000000743F2000-memory.dmp

memory/456-49-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-50-0x0000000075C40000-0x00000000761F3000-memory.dmp

memory/456-51-0x00000000758D0000-0x000000007597F000-memory.dmp

memory/456-52-0x0000000075170000-0x0000000075380000-memory.dmp

memory/456-53-0x00000000750F0000-0x0000000075164000-memory.dmp

memory/456-54-0x00000000742D0000-0x00000000743F2000-memory.dmp

memory/456-56-0x0000000075C40000-0x00000000761F3000-memory.dmp

memory/456-55-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-57-0x00000000758D0000-0x000000007597F000-memory.dmp

memory/456-58-0x0000000075170000-0x0000000075380000-memory.dmp

memory/456-59-0x0000000076890000-0x00000000768B5000-memory.dmp

memory/456-60-0x00000000750F0000-0x0000000075164000-memory.dmp

memory/456-61-0x00000000742D0000-0x00000000743F2000-memory.dmp

memory/456-62-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-64-0x00000000758D0000-0x000000007597F000-memory.dmp

memory/456-63-0x0000000075C40000-0x00000000761F3000-memory.dmp

memory/456-66-0x00000000750F0000-0x0000000075164000-memory.dmp

memory/456-65-0x0000000075170000-0x0000000075380000-memory.dmp

memory/456-67-0x00000000742D0000-0x00000000743F2000-memory.dmp

memory/456-68-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-69-0x00000000771C0000-0x000000007729C000-memory.dmp

memory/456-70-0x0000000075A10000-0x0000000075AF3000-memory.dmp

memory/456-71-0x0000000075C40000-0x00000000761F3000-memory.dmp

memory/456-72-0x00000000758D0000-0x000000007597F000-memory.dmp

memory/456-73-0x0000000075170000-0x0000000075380000-memory.dmp

memory/456-74-0x00000000750F0000-0x0000000075164000-memory.dmp

memory/456-75-0x00000000742D0000-0x00000000743F2000-memory.dmp

memory/456-76-0x0000000010000000-0x0000000010061000-memory.dmp

memory/456-77-0x0000000075C40000-0x00000000761F3000-memory.dmp

memory/456-78-0x0000000075170000-0x0000000075380000-memory.dmp

memory/456-79-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4676-160-0x0000000000400000-0x0000000000428000-memory.dmp

memory/456-162-0x0000000000740000-0x0000000000741000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 618bd706bf213a70606793b5c7687d70
SHA1 c27840fa404cbde3becee97968276dbd6edab63b
SHA256 255003eaf2613e74e739b6b69290daae01f56e5a8f76fdb5336bcb18112f01da
SHA512 576efe6759d12e43a1bda5172d223e3056afdfb165a5c77978803942ca77305fb9a81d1698589543f2c65e50790f5aab6bd198d3b949d883017f02ac0c22860b

memory/4676-338-0x0000000000400000-0x0000000000428000-memory.dmp