Analysis Overview
SHA256
f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9
Threat Level: Known bad
The file Setup Audiolens v1.2.0.exe was found to be: Known bad.
Malicious Activity Summary
DiamondFox payload
Diamondfox family
DiamondFox
DiamondFox payload
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-11-28 22:03
Signatures
DiamondFox payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Diamondfox family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-28 22:01
Reported
2023-11-28 22:08
Platform
win7-20231023-en
Max time kernel
93s
Max time network
34s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\is-HQ9LK.tmp | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\is-2B084.tmp | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\win64\is-6OKSP.tmp | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\iZotope\Audiolens\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$70122,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
Network
Files
memory/2772-1-0x0000000000400000-0x0000000000428000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
memory/2612-8-0x0000000000250000-0x0000000000251000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\R2RINNO.dll
| MD5 | 5df8ada84a16f5dfc24096ef90a5ce3a |
| SHA1 | 5e7e9c68119c3a0a1afc92c60674bc8714492823 |
| SHA256 | 48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b |
| SHA512 | 661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2 |
\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\ISSKINU.DLL
| MD5 | f30afccd6fafc1cad4567ada824c9358 |
| SHA1 | 60a65b72f208563f90fba0da6af013a36707caa9 |
| SHA256 | e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d |
| SHA512 | 59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c |
memory/2612-16-0x0000000010000000-0x0000000010061000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-6R2DP.tmp\SKIN.CJSTYLES
| MD5 | 5f87caf3f7cf63dde8e6af53bdf31289 |
| SHA1 | a2c3cc3d9d831acd797155b667db59a32000d7a8 |
| SHA256 | 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940 |
| SHA512 | 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d |
memory/2612-20-0x0000000074E60000-0x0000000074EEF000-memory.dmp
memory/2612-21-0x0000000074AC0000-0x0000000074C1C000-memory.dmp
memory/2612-22-0x00000000752C0000-0x0000000075360000-memory.dmp
memory/2612-23-0x00000000750F0000-0x000000007518D000-memory.dmp
memory/2612-24-0x0000000074EF0000-0x0000000074F47000-memory.dmp
memory/2612-26-0x0000000074510000-0x0000000074548000-memory.dmp
memory/2612-25-0x0000000075360000-0x0000000075FAA000-memory.dmp
memory/2612-27-0x0000000074380000-0x000000007449F000-memory.dmp
memory/2612-28-0x00000000742F0000-0x000000007437C000-memory.dmp
memory/2612-29-0x00000000762C0000-0x00000000762EA000-memory.dmp
memory/2612-30-0x00000000742B0000-0x00000000742E2000-memory.dmp
memory/2612-31-0x0000000074130000-0x0000000074225000-memory.dmp
memory/2612-32-0x00000000767B0000-0x000000007694D000-memory.dmp
memory/2612-34-0x0000000074E60000-0x0000000074EEF000-memory.dmp
memory/2612-33-0x0000000010000000-0x0000000010061000-memory.dmp
memory/2612-35-0x0000000074AC0000-0x0000000074C1C000-memory.dmp
memory/2612-36-0x00000000752C0000-0x0000000075360000-memory.dmp
memory/2612-37-0x00000000749C0000-0x00000000749C9000-memory.dmp
memory/2612-38-0x0000000074770000-0x000000007490E000-memory.dmp
memory/2612-39-0x0000000074EF0000-0x0000000074F47000-memory.dmp
memory/2612-41-0x0000000076700000-0x000000007677B000-memory.dmp
memory/2612-40-0x0000000075360000-0x0000000075FAA000-memory.dmp
memory/2612-44-0x0000000076510000-0x0000000076593000-memory.dmp
memory/2612-45-0x0000000074510000-0x0000000074548000-memory.dmp
memory/2612-46-0x00000000744F0000-0x0000000074507000-memory.dmp
memory/2612-47-0x0000000074380000-0x000000007449F000-memory.dmp
memory/2612-49-0x0000000074230000-0x0000000074269000-memory.dmp
memory/2612-48-0x00000000742B0000-0x00000000742E2000-memory.dmp
memory/2612-50-0x0000000074130000-0x0000000074225000-memory.dmp
memory/2612-51-0x00000000767B0000-0x000000007694D000-memory.dmp
memory/2612-52-0x00000000740A0000-0x00000000740D6000-memory.dmp
memory/2612-53-0x0000000010000000-0x0000000010061000-memory.dmp
memory/2612-54-0x0000000074E60000-0x0000000074EEF000-memory.dmp
memory/2612-55-0x00000000752C0000-0x0000000075360000-memory.dmp
memory/2612-56-0x00000000750F0000-0x000000007518D000-memory.dmp
memory/2612-57-0x0000000074750000-0x0000000074762000-memory.dmp
memory/2612-58-0x0000000074770000-0x000000007490E000-memory.dmp
memory/2612-59-0x0000000074EF0000-0x0000000074F47000-memory.dmp
memory/2612-60-0x0000000076700000-0x000000007677B000-memory.dmp
memory/2612-62-0x00000000749D0000-0x00000000749E3000-memory.dmp
memory/2612-63-0x0000000076510000-0x0000000076593000-memory.dmp
memory/2612-64-0x00000000742F0000-0x000000007437C000-memory.dmp
memory/2612-65-0x00000000742B0000-0x00000000742E2000-memory.dmp
memory/2612-66-0x0000000074230000-0x0000000074269000-memory.dmp
memory/2612-67-0x0000000074130000-0x0000000074225000-memory.dmp
memory/2612-69-0x0000000076780000-0x00000000767A7000-memory.dmp
memory/2612-70-0x0000000010000000-0x0000000010061000-memory.dmp
memory/2612-68-0x00000000767B0000-0x000000007694D000-memory.dmp
memory/2612-71-0x00000000752C0000-0x0000000075360000-memory.dmp
memory/2612-72-0x00000000749C0000-0x00000000749C9000-memory.dmp
memory/2612-73-0x0000000074750000-0x0000000074762000-memory.dmp
memory/2612-77-0x0000000076510000-0x0000000076593000-memory.dmp
memory/2612-79-0x00000000742B0000-0x00000000742E2000-memory.dmp
memory/2612-80-0x0000000074230000-0x0000000074269000-memory.dmp
memory/2612-78-0x00000000742F0000-0x000000007437C000-memory.dmp
memory/2612-81-0x0000000074130000-0x0000000074225000-memory.dmp
memory/2612-82-0x00000000767B0000-0x000000007694D000-memory.dmp
memory/2612-75-0x0000000074EF0000-0x0000000074F47000-memory.dmp
memory/2612-83-0x00000000740A0000-0x00000000740D6000-memory.dmp
memory/2612-74-0x0000000074770000-0x000000007490E000-memory.dmp
memory/2612-84-0x0000000010000000-0x0000000010061000-memory.dmp
memory/2772-279-0x0000000000400000-0x0000000000428000-memory.dmp
memory/2612-280-0x0000000000250000-0x0000000000251000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-OO0JT.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 2e682d268f1a21a0023d0eb8e445baa3 |
| SHA1 | 0f218a80b267a8ad0dd2d94b39506f6391069683 |
| SHA256 | d02ff3983269455f78869004b0df331aaf1c7ac1a8d4749e010a113634286332 |
| SHA512 | 9e0099928d0f42388a6048c726e1f37553a4b69c62427c014cc60360bf0d4fa8bb345d1ea005ac9f333be46a0f8bc17f2d2acc2bfbcdd51b8639a92bad01f760 |
C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | d25cc104dc5046c67adb86339c461e28 |
| SHA1 | 5ac0137835f3bb563741c353396c710c2b31b870 |
| SHA256 | c15d4a8c97bf532c1d1ac5c52119d358de2d86ac385da8b42f55facfe0217665 |
| SHA512 | 0a3f22a772745fd0d540be4f4bbbe48d7d6abe15fafbaa24d0652af2944ab906f618fa75455b91715599200ebd45740513cca3ebf6b35d00af2f21c0945f70d4 |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 6d570a17255afc052dba8c71650e064b |
| SHA1 | 92be959ddd74e63b27548e9e92e0d17e9a339e4c |
| SHA256 | ed203b5f2b93f3e13ea0ab23f1c28baf0738dd1fb9c77067903ec66e39052be9 |
| SHA512 | d3f34a24aba464c4013fe672f6425e0eb23d35392431ee87995de821f2460409cb6811de88efe7d8737fe409189c2d622021d7ea0d612b6693a6c87559d6a339 |
\Program Files\iZotope\Audiolens\unins000.exe
| MD5 | 497ac9f4ac3c9cd160441bcc116ccd2f |
| SHA1 | 3bacb9522b2c6bb125b7f49121e90367b8bff0b3 |
| SHA256 | a372248c9f39f2c6ec456f582702a8b9f2af629b74cd7c220621b0a631762e7c |
| SHA512 | 82cd25f063361e18fd5fce6fef5b7645ad0a592745cf66da72a30672313382b0ff5185aef33c674016c70442b1c46e98e427743257e40033ee586a14f77d1f59 |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 9ee17c6bbf54facd038e3a10bfabaaec |
| SHA1 | f6f4bb4aaf46cf9c2cb4f66f72eaf55cc35b4568 |
| SHA256 | 65e39227d205bb48dafec4cdcb4df0a939ba89e96ad2ea4be5e22347f861ea85 |
| SHA512 | d05a68d362a356ee9ba0a925334910861bd8a891b19e61d7de67f08c65a67c67875269a9c596a29955bed2c6539c79f0e93361a102ea8e6179565f6ae5e2d4e2 |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 60600b2eb05d222d5408799583304ae0 |
| SHA1 | bd3bfec8e38109866f63b7b4757c5c942bd576b5 |
| SHA256 | bf1765f143dc4d1718151b0fba016549281338a72343f7b09bcaee5d820bbbfc |
| SHA512 | 98bc0f1b0a5e6aa6ff8529485cd8ec14e7aa43df4f2a31ba7c7645c799b1f9984331d893db3dbca7cb4ca15c16d3f0896eedafa0dadb339a5ce7c28d5a64e1ff |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | bc97b9e481159952fd0a98926f62dd9a |
| SHA1 | dff540065092813912fff98342a24904ea260a42 |
| SHA256 | e49993b168727eb461cfceaba005dbe5e404365b8d60cfc5715560259b2808a9 |
| SHA512 | c6086e6d0a5023ef99e6e5f75040bff488fb868a5bd9033cd72964e9ff4c198cb287976de98e772b47bea0fcd60e2e1d774426aaa540fef02a7391343ffab7fd |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 930c9184e9aa0ea113d8428736a1cc95 |
| SHA1 | 1fe77b9a4cdeede9a60be43728ff3d417a02d884 |
| SHA256 | cbed872c64c347c425cef867d85d3ce2ae04c6a7e4e37fdb08ba24ac901c6c76 |
| SHA512 | 38bcad71f8aa441be63f06cf086368cacd2b0a9c65368e59697f4a0f52776f794acdabb46fa3a691f6cf8a6909919a1a60b68b24639ccb14a7705dc18c558a34 |
memory/2772-578-0x0000000000400000-0x0000000000428000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-28 22:01
Reported
2023-11-28 22:07
Platform
win10v2004-20231127-en
Max time kernel
121s
Max time network
187s
Command Line
Signatures
DiamondFox
DiamondFox payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\iZotope\Audiolens\is-G8CIP.tmp | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\is-K4HJL.tmp | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\win64\is-O9HN8.tmp | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\iZotope\Audiolens\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4676 wrote to memory of 456 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp |
| PID 4676 wrote to memory of 456 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp |
| PID 4676 wrote to memory of 456 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe | C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$5022C,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.254.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.254.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.23.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
memory/4676-0-0x0000000000400000-0x0000000000428000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
memory/456-5-0x0000000000740000-0x0000000000741000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-E700L.tmp\R2RINNO.dll
| MD5 | 5df8ada84a16f5dfc24096ef90a5ce3a |
| SHA1 | 5e7e9c68119c3a0a1afc92c60674bc8714492823 |
| SHA256 | 48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b |
| SHA512 | 661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2 |
C:\Users\Admin\AppData\Local\Temp\is-E700L.tmp\ISSKINU.DLL
| MD5 | f30afccd6fafc1cad4567ada824c9358 |
| SHA1 | 60a65b72f208563f90fba0da6af013a36707caa9 |
| SHA256 | e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d |
| SHA512 | 59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c |
memory/456-13-0x0000000010000000-0x0000000010061000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-E700L.tmp\SKIN.CJSTYLES
| MD5 | 5f87caf3f7cf63dde8e6af53bdf31289 |
| SHA1 | a2c3cc3d9d831acd797155b667db59a32000d7a8 |
| SHA256 | 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940 |
| SHA512 | 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d |
C:\Users\Admin\AppData\Local\Temp\is-E700L.tmp\SKIN.CJSTYLES
| MD5 | 5f87caf3f7cf63dde8e6af53bdf31289 |
| SHA1 | a2c3cc3d9d831acd797155b667db59a32000d7a8 |
| SHA256 | 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940 |
| SHA512 | 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d |
memory/456-19-0x0000000077430000-0x00000000774AA000-memory.dmp
memory/456-20-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-21-0x0000000077430000-0x00000000774AA000-memory.dmp
memory/456-22-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-23-0x0000000077430000-0x00000000774AA000-memory.dmp
memory/456-24-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-25-0x0000000077430000-0x00000000774AA000-memory.dmp
memory/456-26-0x0000000076890000-0x00000000768B5000-memory.dmp
memory/456-27-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-28-0x0000000077430000-0x00000000774AA000-memory.dmp
memory/456-30-0x0000000074470000-0x00000000744A0000-memory.dmp
memory/456-29-0x0000000076890000-0x00000000768B5000-memory.dmp
memory/456-31-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-32-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-33-0x0000000076890000-0x00000000768B5000-memory.dmp
memory/456-34-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-35-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-36-0x0000000075A10000-0x0000000075AF3000-memory.dmp
memory/456-37-0x0000000075C40000-0x00000000761F3000-memory.dmp
memory/456-38-0x00000000758D0000-0x000000007597F000-memory.dmp
memory/456-39-0x0000000075170000-0x0000000075380000-memory.dmp
memory/456-40-0x00000000742D0000-0x00000000743F2000-memory.dmp
memory/456-41-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-42-0x00000000771C0000-0x000000007729C000-memory.dmp
memory/456-43-0x0000000075A10000-0x0000000075AF3000-memory.dmp
memory/456-44-0x0000000075C40000-0x00000000761F3000-memory.dmp
memory/456-45-0x00000000758D0000-0x000000007597F000-memory.dmp
memory/456-46-0x0000000075170000-0x0000000075380000-memory.dmp
memory/456-47-0x00000000750F0000-0x0000000075164000-memory.dmp
memory/456-48-0x00000000742D0000-0x00000000743F2000-memory.dmp
memory/456-49-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-50-0x0000000075C40000-0x00000000761F3000-memory.dmp
memory/456-51-0x00000000758D0000-0x000000007597F000-memory.dmp
memory/456-52-0x0000000075170000-0x0000000075380000-memory.dmp
memory/456-53-0x00000000750F0000-0x0000000075164000-memory.dmp
memory/456-54-0x00000000742D0000-0x00000000743F2000-memory.dmp
memory/456-56-0x0000000075C40000-0x00000000761F3000-memory.dmp
memory/456-55-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-57-0x00000000758D0000-0x000000007597F000-memory.dmp
memory/456-58-0x0000000075170000-0x0000000075380000-memory.dmp
memory/456-59-0x0000000076890000-0x00000000768B5000-memory.dmp
memory/456-60-0x00000000750F0000-0x0000000075164000-memory.dmp
memory/456-61-0x00000000742D0000-0x00000000743F2000-memory.dmp
memory/456-62-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-64-0x00000000758D0000-0x000000007597F000-memory.dmp
memory/456-63-0x0000000075C40000-0x00000000761F3000-memory.dmp
memory/456-66-0x00000000750F0000-0x0000000075164000-memory.dmp
memory/456-65-0x0000000075170000-0x0000000075380000-memory.dmp
memory/456-67-0x00000000742D0000-0x00000000743F2000-memory.dmp
memory/456-68-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-69-0x00000000771C0000-0x000000007729C000-memory.dmp
memory/456-70-0x0000000075A10000-0x0000000075AF3000-memory.dmp
memory/456-71-0x0000000075C40000-0x00000000761F3000-memory.dmp
memory/456-72-0x00000000758D0000-0x000000007597F000-memory.dmp
memory/456-73-0x0000000075170000-0x0000000075380000-memory.dmp
memory/456-74-0x00000000750F0000-0x0000000075164000-memory.dmp
memory/456-75-0x00000000742D0000-0x00000000743F2000-memory.dmp
memory/456-76-0x0000000010000000-0x0000000010061000-memory.dmp
memory/456-77-0x0000000075C40000-0x00000000761F3000-memory.dmp
memory/456-78-0x0000000075170000-0x0000000075380000-memory.dmp
memory/456-79-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4676-160-0x0000000000400000-0x0000000000428000-memory.dmp
memory/456-162-0x0000000000740000-0x0000000000741000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-EISH0.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 618bd706bf213a70606793b5c7687d70 |
| SHA1 | c27840fa404cbde3becee97968276dbd6edab63b |
| SHA256 | 255003eaf2613e74e739b6b69290daae01f56e5a8f76fdb5336bcb18112f01da |
| SHA512 | 576efe6759d12e43a1bda5172d223e3056afdfb165a5c77978803942ca77305fb9a81d1698589543f2c65e50790f5aab6bd198d3b949d883017f02ac0c22860b |
memory/4676-338-0x0000000000400000-0x0000000000428000-memory.dmp