Malware Analysis Report

2024-07-11 07:26

Sample ID 231128-z763yscg9v
Target Setup Audiolens v1.2.0.exe
SHA256 f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9
Tags
discovery infostealer diamondfox
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9

Threat Level: Known bad

The file Setup Audiolens v1.2.0.exe was found to be: Known bad.

Malicious Activity Summary

discovery infostealer diamondfox

DiamondFox payload

Diamondfox family

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2023-11-28 21:24

Signatures

DiamondFox payload

infostealer
Description Indicator Process Target
N/A N/A N/A N/A

Diamondfox family

diamondfox

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-28 21:22

Reported

2023-11-28 21:50

Platform

win7-20231020-en

Max time kernel

115s

Max time network

26s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\iZotope\Audiolens\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A
File opened for modification C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\is-I1C5Q.tmp C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\is-MNHGE.tmp C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\win64\is-1CIRS.tmp C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe

"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$120150,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

Network

N/A

Files

memory/1776-1-0x0000000000400000-0x0000000000428000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

memory/1588-8-0x0000000000240000-0x0000000000241000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\R2RINNO.dll

MD5 5df8ada84a16f5dfc24096ef90a5ce3a
SHA1 5e7e9c68119c3a0a1afc92c60674bc8714492823
SHA256 48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b
SHA512 661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2

\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\ISSKINU.DLL

MD5 f30afccd6fafc1cad4567ada824c9358
SHA1 60a65b72f208563f90fba0da6af013a36707caa9
SHA256 e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d
SHA512 59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

memory/1588-16-0x0000000010000000-0x0000000010061000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\SKIN.CJSTYLES

MD5 5f87caf3f7cf63dde8e6af53bdf31289
SHA1 a2c3cc3d9d831acd797155b667db59a32000d7a8
SHA256 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940
SHA512 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

memory/1588-20-0x00000000764C0000-0x000000007654F000-memory.dmp

memory/1588-21-0x0000000076360000-0x00000000764BC000-memory.dmp

memory/1588-22-0x0000000076220000-0x00000000762C0000-memory.dmp

memory/1588-23-0x00000000754B0000-0x000000007554D000-memory.dmp

memory/1588-24-0x0000000075DD0000-0x0000000075E27000-memory.dmp

memory/1588-25-0x0000000076830000-0x000000007747A000-memory.dmp

memory/1588-26-0x0000000074F20000-0x0000000074F58000-memory.dmp

memory/1588-27-0x0000000074CF0000-0x0000000074E0F000-memory.dmp

memory/1588-28-0x0000000074C60000-0x0000000074CEC000-memory.dmp

memory/1588-29-0x0000000075820000-0x000000007584A000-memory.dmp

memory/1588-30-0x0000000074E70000-0x0000000074EA2000-memory.dmp

memory/1588-31-0x0000000074AE0000-0x0000000074BD5000-memory.dmp

memory/1588-32-0x0000000077480000-0x000000007761D000-memory.dmp

memory/1588-34-0x00000000764C0000-0x000000007654F000-memory.dmp

memory/1588-35-0x0000000076360000-0x00000000764BC000-memory.dmp

memory/1588-36-0x0000000076220000-0x00000000762C0000-memory.dmp

memory/1588-33-0x0000000010000000-0x0000000010061000-memory.dmp

memory/1588-37-0x00000000750C0000-0x00000000750C9000-memory.dmp

memory/1588-38-0x00000000751D0000-0x000000007536E000-memory.dmp

memory/1588-39-0x0000000075DD0000-0x0000000075E27000-memory.dmp

memory/1588-40-0x0000000076830000-0x000000007747A000-memory.dmp

memory/1588-41-0x0000000075700000-0x000000007577B000-memory.dmp

memory/1588-44-0x00000000767A0000-0x0000000076823000-memory.dmp

memory/1588-45-0x0000000074F20000-0x0000000074F58000-memory.dmp

memory/1588-46-0x0000000074F00000-0x0000000074F17000-memory.dmp

memory/1588-47-0x0000000074CF0000-0x0000000074E0F000-memory.dmp

memory/1588-48-0x0000000074E70000-0x0000000074EA2000-memory.dmp

memory/1588-49-0x0000000074BE0000-0x0000000074C19000-memory.dmp

memory/1588-50-0x0000000074AE0000-0x0000000074BD5000-memory.dmp

memory/1588-51-0x0000000077480000-0x000000007761D000-memory.dmp

memory/1588-52-0x0000000074A70000-0x0000000074AA6000-memory.dmp

memory/1588-54-0x00000000764C0000-0x000000007654F000-memory.dmp

memory/1588-55-0x0000000076220000-0x00000000762C0000-memory.dmp

memory/1588-56-0x00000000754B0000-0x000000007554D000-memory.dmp

memory/1588-53-0x0000000010000000-0x0000000010061000-memory.dmp

memory/1588-57-0x00000000750A0000-0x00000000750B2000-memory.dmp

memory/1588-58-0x00000000751D0000-0x000000007536E000-memory.dmp

memory/1588-60-0x0000000075700000-0x000000007577B000-memory.dmp

memory/1588-62-0x0000000075130000-0x0000000075143000-memory.dmp

memory/1588-59-0x0000000075DD0000-0x0000000075E27000-memory.dmp

memory/1588-63-0x00000000767A0000-0x0000000076823000-memory.dmp

memory/1588-65-0x0000000074E70000-0x0000000074EA2000-memory.dmp

memory/1588-66-0x0000000074BE0000-0x0000000074C19000-memory.dmp

memory/1588-64-0x0000000074C60000-0x0000000074CEC000-memory.dmp

memory/1588-67-0x0000000074AE0000-0x0000000074BD5000-memory.dmp

memory/1588-68-0x0000000077480000-0x000000007761D000-memory.dmp

memory/1588-69-0x0000000076060000-0x0000000076087000-memory.dmp

memory/1588-70-0x0000000010000000-0x0000000010061000-memory.dmp

memory/1588-71-0x0000000076220000-0x00000000762C0000-memory.dmp

memory/1588-73-0x00000000750A0000-0x00000000750B2000-memory.dmp

memory/1588-74-0x00000000751D0000-0x000000007536E000-memory.dmp

memory/1588-75-0x0000000075DD0000-0x0000000075E27000-memory.dmp

memory/1588-78-0x0000000074C60000-0x0000000074CEC000-memory.dmp

memory/1588-77-0x00000000767A0000-0x0000000076823000-memory.dmp

memory/1588-72-0x00000000750C0000-0x00000000750C9000-memory.dmp

memory/1588-79-0x0000000074E70000-0x0000000074EA2000-memory.dmp

memory/1588-80-0x0000000074BE0000-0x0000000074C19000-memory.dmp

memory/1588-81-0x0000000074AE0000-0x0000000074BD5000-memory.dmp

memory/1588-83-0x0000000074A70000-0x0000000074AA6000-memory.dmp

memory/1588-82-0x0000000077480000-0x000000007761D000-memory.dmp

memory/1588-84-0x0000000010000000-0x0000000010061000-memory.dmp

memory/1776-279-0x0000000000400000-0x0000000000428000-memory.dmp

memory/1588-280-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 d640a9467fa97b64387369104206114f
SHA1 6e32ba4b4bead3e24d1bef8ade3b2723d8ef268a
SHA256 394ab0be90220adec1ccded17e44198b5ba4d20bbe149317526660b4e6713a92
SHA512 b1dbe5e7a14c986a22bee9e79f4e5e2bea8ac1db56b533456f3fd5791eea1a92dd985b8c2c255645d1245633b31ee4ec6118d7df65837b0cd36a0b25311c4c6b

C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 fd2e39e9a3f96c8f14dfad04a5305662
SHA1 4633965765660d40cdb18941b1efa367c2cae136
SHA256 f39ae3d0e1d14efac537a421d949e13815ee5d2ac2abb408ce1f576f6807b4ec
SHA512 d2dd9a0e790f971f01b3a97813dd596c85f6622ac6352995998b4b49f45d8bac174a985461ad93c4b361c0c9643585d5509a4cbc1317607f2782e46f66475ca0

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 495fee171ebcd42a49f4ee0b1bcfa882
SHA1 bc477f81a8ebd9fe16409cb7634cf3a572c87d68
SHA256 8f51f5b4196a5394d5df518d96a5ee02671372320f16b1175363b8da0aaba963
SHA512 4a6623d7b5bb330b01a80c0e96dbb301de0082bc0366c34b9835dba819716d1e6415703ac3a22928014d75f966384b62bda084264e6cde075f2c0f7f6bfdf669

\Program Files\iZotope\Audiolens\unins000.exe

MD5 497ac9f4ac3c9cd160441bcc116ccd2f
SHA1 3bacb9522b2c6bb125b7f49121e90367b8bff0b3
SHA256 a372248c9f39f2c6ec456f582702a8b9f2af629b74cd7c220621b0a631762e7c
SHA512 82cd25f063361e18fd5fce6fef5b7645ad0a592745cf66da72a30672313382b0ff5185aef33c674016c70442b1c46e98e427743257e40033ee586a14f77d1f59

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 0b1519977eecde62bd58f1067e5ea97b
SHA1 1c255b3f84e95480d24328a21470c4013af1788e
SHA256 ebe96e4b1c6bbad3cc99af9941e09ad334504d0b220c37f3fd488a8570f9756a
SHA512 908a89b5a8d09a5c1b219e8dcbb5718c2a4a81762c8311f85c3951386917685500448540c68530922259333b30595f9df575db12af15222cb4ef1e4dd34a44af

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 a2baa37aa92cdfc935dffcf7653a4877
SHA1 931ea2828ae7327111aa8d97d4e801786140c1d8
SHA256 134ce0af3cd4885f1f9b369b268234864d149c89f21b8c70f5be1d3854db0225
SHA512 652a2e98f3c916a0da30df125e9596c62f8cb87d7c08fad50fe2aba12ccb1c417cbdbb3657f39f15e6e4aea74e9accff12a3a30b8499a8ac25ac59f810a01e0b

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 fc40bf3e99d5470f110952652fdbe589
SHA1 838b3ded4b3e6c6af870e15373bdf942fb78b2db
SHA256 47c8403282956cedc6d2b74c1f9e30f29f61fa587653f7796037ba74c1272273
SHA512 a808d0b11bab6abd6c9b293199bcebfdd8f824af346acd0b11574bb013070e9e8610cb83be24ce6115395cf0926e524df165709fe4cf2c688ba06d13214f21df

\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 783f5b5056066d13f4453a21186d02f6
SHA1 8a358bb6d421df4c5ec298f669e278310bc82fd9
SHA256 61a34d6a5074bfd4cdf067b1f5ac532c3de0dfa785c05979b035f9ebd03be5f3
SHA512 88880171002b0a5e1ffaf04d3bf4d13382f569f935f1e301b1b648f272418059606d9fc1fdb0922e1524d3230940e052e91cb78dbc0921f5e9b2ce45ec8e6971

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-28 21:22

Reported

2023-11-28 21:49

Platform

win10v2004-20231127-en

Max time kernel

121s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\iZotope\Audiolens\is-FPMCE.tmp C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\win64\is-IHJSK.tmp C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A
File opened for modification C:\Program Files\iZotope\Audiolens\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A
File opened for modification C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A
File created C:\Program Files\iZotope\Audiolens\is-OEDOL.tmp C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe

"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$B0204,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 89.254.221.88.in-addr.arpa udp
US 8.8.8.8:53 67.254.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.254.221.88.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

memory/3932-0-0x0000000000400000-0x0000000000428000-memory.dmp

memory/3932-2-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

memory/4984-6-0x0000000000710000-0x0000000000711000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\R2RINNO.dll

MD5 5df8ada84a16f5dfc24096ef90a5ce3a
SHA1 5e7e9c68119c3a0a1afc92c60674bc8714492823
SHA256 48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b
SHA512 661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2

C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\ISSKINU.DLL

MD5 f30afccd6fafc1cad4567ada824c9358
SHA1 60a65b72f208563f90fba0da6af013a36707caa9
SHA256 e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d
SHA512 59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

memory/4984-14-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-20-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\SKIN.CJSTYLES

MD5 5f87caf3f7cf63dde8e6af53bdf31289
SHA1 a2c3cc3d9d831acd797155b667db59a32000d7a8
SHA256 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940
SHA512 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

memory/4984-21-0x0000000010000000-0x0000000010061000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\SKIN.CJSTYLES

MD5 5f87caf3f7cf63dde8e6af53bdf31289
SHA1 a2c3cc3d9d831acd797155b667db59a32000d7a8
SHA256 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940
SHA512 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

memory/4984-22-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

memory/4984-23-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-24-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

memory/4984-25-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-26-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

memory/4984-27-0x0000000077750000-0x0000000077775000-memory.dmp

memory/4984-28-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-29-0x0000000076AB0000-0x0000000076B2A000-memory.dmp

memory/4984-30-0x0000000077750000-0x0000000077775000-memory.dmp

memory/4984-31-0x0000000074740000-0x0000000074770000-memory.dmp

memory/4984-32-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-33-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-34-0x0000000077750000-0x0000000077775000-memory.dmp

memory/4984-35-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-36-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-37-0x0000000076D00000-0x0000000076DE3000-memory.dmp

memory/4984-38-0x0000000075660000-0x0000000075C13000-memory.dmp

memory/4984-39-0x0000000076A00000-0x0000000076AAF000-memory.dmp

memory/4984-40-0x0000000075440000-0x0000000075650000-memory.dmp

memory/4984-41-0x0000000074570000-0x0000000074692000-memory.dmp

memory/4984-42-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-43-0x0000000075F40000-0x000000007601C000-memory.dmp

memory/4984-44-0x0000000076D00000-0x0000000076DE3000-memory.dmp

memory/4984-45-0x0000000075660000-0x0000000075C13000-memory.dmp

memory/4984-46-0x0000000076A00000-0x0000000076AAF000-memory.dmp

memory/4984-47-0x0000000075440000-0x0000000075650000-memory.dmp

memory/4984-48-0x00000000753C0000-0x0000000075434000-memory.dmp

memory/4984-49-0x0000000074570000-0x0000000074692000-memory.dmp

memory/4984-50-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-51-0x0000000075660000-0x0000000075C13000-memory.dmp

memory/4984-52-0x0000000076A00000-0x0000000076AAF000-memory.dmp

memory/4984-53-0x0000000075440000-0x0000000075650000-memory.dmp

memory/4984-54-0x00000000753C0000-0x0000000075434000-memory.dmp

memory/4984-56-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-55-0x0000000074570000-0x0000000074692000-memory.dmp

memory/4984-57-0x0000000075660000-0x0000000075C13000-memory.dmp

memory/4984-58-0x0000000076A00000-0x0000000076AAF000-memory.dmp

memory/4984-59-0x0000000075440000-0x0000000075650000-memory.dmp

memory/4984-60-0x0000000077750000-0x0000000077775000-memory.dmp

memory/4984-61-0x00000000753C0000-0x0000000075434000-memory.dmp

memory/4984-62-0x0000000074570000-0x0000000074692000-memory.dmp

memory/4984-63-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-64-0x0000000075660000-0x0000000075C13000-memory.dmp

memory/4984-65-0x0000000076A00000-0x0000000076AAF000-memory.dmp

memory/4984-66-0x0000000075440000-0x0000000075650000-memory.dmp

memory/4984-67-0x00000000753C0000-0x0000000075434000-memory.dmp

memory/4984-68-0x0000000074570000-0x0000000074692000-memory.dmp

memory/4984-69-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-70-0x0000000075F40000-0x000000007601C000-memory.dmp

memory/4984-71-0x0000000076D00000-0x0000000076DE3000-memory.dmp

memory/4984-72-0x0000000075660000-0x0000000075C13000-memory.dmp

memory/4984-73-0x0000000076A00000-0x0000000076AAF000-memory.dmp

memory/4984-74-0x0000000075440000-0x0000000075650000-memory.dmp

memory/4984-75-0x00000000753C0000-0x0000000075434000-memory.dmp

memory/4984-78-0x0000000075660000-0x0000000075C13000-memory.dmp

memory/4984-77-0x0000000010000000-0x0000000010061000-memory.dmp

memory/4984-76-0x0000000074570000-0x0000000074692000-memory.dmp

memory/4984-79-0x0000000075440000-0x0000000075650000-memory.dmp

memory/4984-80-0x0000000010000000-0x0000000010061000-memory.dmp

memory/3932-160-0x0000000000400000-0x0000000000428000-memory.dmp

memory/4984-162-0x0000000000710000-0x0000000000711000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp

MD5 34acc2bdb45a9c436181426828c4cb49
SHA1 5adaa1ac822e6128b8d4b59a54d19901880452ae
SHA256 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07
SHA512 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe

MD5 cf64f4aebc961afb56aa65d01efe9d54
SHA1 cc404ca892b8d3ad65f54c8714312a5a5aaeec9b
SHA256 8115e031da7200bc9f5d8f2ca1e35970d2ea67e417a04405e7ead6ca83dff168
SHA512 bd3d4c55bf7cb7cde529187a2f8ff24b3c6bf0e500b469f68fd80854058fcf72014a23db63fbf4c928f38d0954a870c4fc8fc10321e9ed6b51c58738320e0703

memory/3932-339-0x0000000000400000-0x0000000000428000-memory.dmp