Analysis Overview
SHA256
f7695730f1e5eaeaace310617f7c4174f63af6651fcce1de6572e19340df93d9
Threat Level: Known bad
The file Setup Audiolens v1.2.0.exe was found to be: Known bad.
Malicious Activity Summary
DiamondFox payload
Diamondfox family
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2023-11-28 21:24
Signatures
DiamondFox payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Diamondfox family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-28 21:22
Reported
2023-11-28 21:50
Platform
win7-20231020-en
Max time kernel
115s
Max time network
26s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\iZotope\Audiolens\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\is-I1C5Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\is-MNHGE.tmp | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\win64\is-1CIRS.tmp | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$120150,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
Network
Files
memory/1776-1-0x0000000000400000-0x0000000000428000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
memory/1588-8-0x0000000000240000-0x0000000000241000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\R2RINNO.dll
| MD5 | 5df8ada84a16f5dfc24096ef90a5ce3a |
| SHA1 | 5e7e9c68119c3a0a1afc92c60674bc8714492823 |
| SHA256 | 48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b |
| SHA512 | 661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2 |
\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\ISSKINU.DLL
| MD5 | f30afccd6fafc1cad4567ada824c9358 |
| SHA1 | 60a65b72f208563f90fba0da6af013a36707caa9 |
| SHA256 | e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d |
| SHA512 | 59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c |
memory/1588-16-0x0000000010000000-0x0000000010061000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-L00QA.tmp\SKIN.CJSTYLES
| MD5 | 5f87caf3f7cf63dde8e6af53bdf31289 |
| SHA1 | a2c3cc3d9d831acd797155b667db59a32000d7a8 |
| SHA256 | 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940 |
| SHA512 | 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d |
memory/1588-20-0x00000000764C0000-0x000000007654F000-memory.dmp
memory/1588-21-0x0000000076360000-0x00000000764BC000-memory.dmp
memory/1588-22-0x0000000076220000-0x00000000762C0000-memory.dmp
memory/1588-23-0x00000000754B0000-0x000000007554D000-memory.dmp
memory/1588-24-0x0000000075DD0000-0x0000000075E27000-memory.dmp
memory/1588-25-0x0000000076830000-0x000000007747A000-memory.dmp
memory/1588-26-0x0000000074F20000-0x0000000074F58000-memory.dmp
memory/1588-27-0x0000000074CF0000-0x0000000074E0F000-memory.dmp
memory/1588-28-0x0000000074C60000-0x0000000074CEC000-memory.dmp
memory/1588-29-0x0000000075820000-0x000000007584A000-memory.dmp
memory/1588-30-0x0000000074E70000-0x0000000074EA2000-memory.dmp
memory/1588-31-0x0000000074AE0000-0x0000000074BD5000-memory.dmp
memory/1588-32-0x0000000077480000-0x000000007761D000-memory.dmp
memory/1588-34-0x00000000764C0000-0x000000007654F000-memory.dmp
memory/1588-35-0x0000000076360000-0x00000000764BC000-memory.dmp
memory/1588-36-0x0000000076220000-0x00000000762C0000-memory.dmp
memory/1588-33-0x0000000010000000-0x0000000010061000-memory.dmp
memory/1588-37-0x00000000750C0000-0x00000000750C9000-memory.dmp
memory/1588-38-0x00000000751D0000-0x000000007536E000-memory.dmp
memory/1588-39-0x0000000075DD0000-0x0000000075E27000-memory.dmp
memory/1588-40-0x0000000076830000-0x000000007747A000-memory.dmp
memory/1588-41-0x0000000075700000-0x000000007577B000-memory.dmp
memory/1588-44-0x00000000767A0000-0x0000000076823000-memory.dmp
memory/1588-45-0x0000000074F20000-0x0000000074F58000-memory.dmp
memory/1588-46-0x0000000074F00000-0x0000000074F17000-memory.dmp
memory/1588-47-0x0000000074CF0000-0x0000000074E0F000-memory.dmp
memory/1588-48-0x0000000074E70000-0x0000000074EA2000-memory.dmp
memory/1588-49-0x0000000074BE0000-0x0000000074C19000-memory.dmp
memory/1588-50-0x0000000074AE0000-0x0000000074BD5000-memory.dmp
memory/1588-51-0x0000000077480000-0x000000007761D000-memory.dmp
memory/1588-52-0x0000000074A70000-0x0000000074AA6000-memory.dmp
memory/1588-54-0x00000000764C0000-0x000000007654F000-memory.dmp
memory/1588-55-0x0000000076220000-0x00000000762C0000-memory.dmp
memory/1588-56-0x00000000754B0000-0x000000007554D000-memory.dmp
memory/1588-53-0x0000000010000000-0x0000000010061000-memory.dmp
memory/1588-57-0x00000000750A0000-0x00000000750B2000-memory.dmp
memory/1588-58-0x00000000751D0000-0x000000007536E000-memory.dmp
memory/1588-60-0x0000000075700000-0x000000007577B000-memory.dmp
memory/1588-62-0x0000000075130000-0x0000000075143000-memory.dmp
memory/1588-59-0x0000000075DD0000-0x0000000075E27000-memory.dmp
memory/1588-63-0x00000000767A0000-0x0000000076823000-memory.dmp
memory/1588-65-0x0000000074E70000-0x0000000074EA2000-memory.dmp
memory/1588-66-0x0000000074BE0000-0x0000000074C19000-memory.dmp
memory/1588-64-0x0000000074C60000-0x0000000074CEC000-memory.dmp
memory/1588-67-0x0000000074AE0000-0x0000000074BD5000-memory.dmp
memory/1588-68-0x0000000077480000-0x000000007761D000-memory.dmp
memory/1588-69-0x0000000076060000-0x0000000076087000-memory.dmp
memory/1588-70-0x0000000010000000-0x0000000010061000-memory.dmp
memory/1588-71-0x0000000076220000-0x00000000762C0000-memory.dmp
memory/1588-73-0x00000000750A0000-0x00000000750B2000-memory.dmp
memory/1588-74-0x00000000751D0000-0x000000007536E000-memory.dmp
memory/1588-75-0x0000000075DD0000-0x0000000075E27000-memory.dmp
memory/1588-78-0x0000000074C60000-0x0000000074CEC000-memory.dmp
memory/1588-77-0x00000000767A0000-0x0000000076823000-memory.dmp
memory/1588-72-0x00000000750C0000-0x00000000750C9000-memory.dmp
memory/1588-79-0x0000000074E70000-0x0000000074EA2000-memory.dmp
memory/1588-80-0x0000000074BE0000-0x0000000074C19000-memory.dmp
memory/1588-81-0x0000000074AE0000-0x0000000074BD5000-memory.dmp
memory/1588-83-0x0000000074A70000-0x0000000074AA6000-memory.dmp
memory/1588-82-0x0000000077480000-0x000000007761D000-memory.dmp
memory/1588-84-0x0000000010000000-0x0000000010061000-memory.dmp
memory/1776-279-0x0000000000400000-0x0000000000428000-memory.dmp
memory/1588-280-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-N6T53.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | d640a9467fa97b64387369104206114f |
| SHA1 | 6e32ba4b4bead3e24d1bef8ade3b2723d8ef268a |
| SHA256 | 394ab0be90220adec1ccded17e44198b5ba4d20bbe149317526660b4e6713a92 |
| SHA512 | b1dbe5e7a14c986a22bee9e79f4e5e2bea8ac1db56b533456f3fd5791eea1a92dd985b8c2c255645d1245633b31ee4ec6118d7df65837b0cd36a0b25311c4c6b |
C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | fd2e39e9a3f96c8f14dfad04a5305662 |
| SHA1 | 4633965765660d40cdb18941b1efa367c2cae136 |
| SHA256 | f39ae3d0e1d14efac537a421d949e13815ee5d2ac2abb408ce1f576f6807b4ec |
| SHA512 | d2dd9a0e790f971f01b3a97813dd596c85f6622ac6352995998b4b49f45d8bac174a985461ad93c4b361c0c9643585d5509a4cbc1317607f2782e46f66475ca0 |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 495fee171ebcd42a49f4ee0b1bcfa882 |
| SHA1 | bc477f81a8ebd9fe16409cb7634cf3a572c87d68 |
| SHA256 | 8f51f5b4196a5394d5df518d96a5ee02671372320f16b1175363b8da0aaba963 |
| SHA512 | 4a6623d7b5bb330b01a80c0e96dbb301de0082bc0366c34b9835dba819716d1e6415703ac3a22928014d75f966384b62bda084264e6cde075f2c0f7f6bfdf669 |
\Program Files\iZotope\Audiolens\unins000.exe
| MD5 | 497ac9f4ac3c9cd160441bcc116ccd2f |
| SHA1 | 3bacb9522b2c6bb125b7f49121e90367b8bff0b3 |
| SHA256 | a372248c9f39f2c6ec456f582702a8b9f2af629b74cd7c220621b0a631762e7c |
| SHA512 | 82cd25f063361e18fd5fce6fef5b7645ad0a592745cf66da72a30672313382b0ff5185aef33c674016c70442b1c46e98e427743257e40033ee586a14f77d1f59 |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 0b1519977eecde62bd58f1067e5ea97b |
| SHA1 | 1c255b3f84e95480d24328a21470c4013af1788e |
| SHA256 | ebe96e4b1c6bbad3cc99af9941e09ad334504d0b220c37f3fd488a8570f9756a |
| SHA512 | 908a89b5a8d09a5c1b219e8dcbb5718c2a4a81762c8311f85c3951386917685500448540c68530922259333b30595f9df575db12af15222cb4ef1e4dd34a44af |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | a2baa37aa92cdfc935dffcf7653a4877 |
| SHA1 | 931ea2828ae7327111aa8d97d4e801786140c1d8 |
| SHA256 | 134ce0af3cd4885f1f9b369b268234864d149c89f21b8c70f5be1d3854db0225 |
| SHA512 | 652a2e98f3c916a0da30df125e9596c62f8cb87d7c08fad50fe2aba12ccb1c417cbdbb3657f39f15e6e4aea74e9accff12a3a30b8499a8ac25ac59f810a01e0b |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | fc40bf3e99d5470f110952652fdbe589 |
| SHA1 | 838b3ded4b3e6c6af870e15373bdf942fb78b2db |
| SHA256 | 47c8403282956cedc6d2b74c1f9e30f29f61fa587653f7796037ba74c1272273 |
| SHA512 | a808d0b11bab6abd6c9b293199bcebfdd8f824af346acd0b11574bb013070e9e8610cb83be24ce6115395cf0926e524df165709fe4cf2c688ba06d13214f21df |
\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | 783f5b5056066d13f4453a21186d02f6 |
| SHA1 | 8a358bb6d421df4c5ec298f669e278310bc82fd9 |
| SHA256 | 61a34d6a5074bfd4cdf067b1f5ac532c3de0dfa785c05979b035f9ebd03be5f3 |
| SHA512 | 88880171002b0a5e1ffaf04d3bf4d13382f569f935f1e301b1b648f272418059606d9fc1fdb0922e1524d3230940e052e91cb78dbc0921f5e9b2ce45ec8e6971 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-28 21:22
Reported
2023-11-28 21:49
Platform
win10v2004-20231127-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\iZotope\Audiolens\is-FPMCE.tmp | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\win64\is-IHJSK.tmp | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\iZotope\Audiolens\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File opened for modification | C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| File created | C:\Program Files\iZotope\Audiolens\is-OEDOL.tmp | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3932 wrote to memory of 4984 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp |
| PID 3932 wrote to memory of 4984 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp |
| PID 3932 wrote to memory of 4984 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe | C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp" /SL5="$B0204,411638018,121344,C:\Users\Admin\AppData\Local\Temp\Setup Audiolens v1.2.0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.254.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.254.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.254.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
memory/3932-0-0x0000000000400000-0x0000000000428000-memory.dmp
memory/3932-2-0x0000000000400000-0x0000000000428000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
memory/4984-6-0x0000000000710000-0x0000000000711000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\R2RINNO.dll
| MD5 | 5df8ada84a16f5dfc24096ef90a5ce3a |
| SHA1 | 5e7e9c68119c3a0a1afc92c60674bc8714492823 |
| SHA256 | 48a9c8c332fde541b571d9d522d0e37834b452f55af8cbdc341b12222e78fb5b |
| SHA512 | 661b5219c74dd6e3a8e899a1b1a3002689d148e337d7323a174519366c9548c284ee76e2faa2f9600cd483db21093ee62399f0d7403c39523c654266760191c2 |
C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\ISSKINU.DLL
| MD5 | f30afccd6fafc1cad4567ada824c9358 |
| SHA1 | 60a65b72f208563f90fba0da6af013a36707caa9 |
| SHA256 | e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d |
| SHA512 | 59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c |
memory/4984-14-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-20-0x0000000076AB0000-0x0000000076B2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\SKIN.CJSTYLES
| MD5 | 5f87caf3f7cf63dde8e6af53bdf31289 |
| SHA1 | a2c3cc3d9d831acd797155b667db59a32000d7a8 |
| SHA256 | 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940 |
| SHA512 | 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d |
memory/4984-21-0x0000000010000000-0x0000000010061000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-RD8JU.tmp\SKIN.CJSTYLES
| MD5 | 5f87caf3f7cf63dde8e6af53bdf31289 |
| SHA1 | a2c3cc3d9d831acd797155b667db59a32000d7a8 |
| SHA256 | 4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940 |
| SHA512 | 4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d |
memory/4984-22-0x0000000076AB0000-0x0000000076B2A000-memory.dmp
memory/4984-23-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-24-0x0000000076AB0000-0x0000000076B2A000-memory.dmp
memory/4984-25-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-26-0x0000000076AB0000-0x0000000076B2A000-memory.dmp
memory/4984-27-0x0000000077750000-0x0000000077775000-memory.dmp
memory/4984-28-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-29-0x0000000076AB0000-0x0000000076B2A000-memory.dmp
memory/4984-30-0x0000000077750000-0x0000000077775000-memory.dmp
memory/4984-31-0x0000000074740000-0x0000000074770000-memory.dmp
memory/4984-32-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-33-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-34-0x0000000077750000-0x0000000077775000-memory.dmp
memory/4984-35-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-36-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-37-0x0000000076D00000-0x0000000076DE3000-memory.dmp
memory/4984-38-0x0000000075660000-0x0000000075C13000-memory.dmp
memory/4984-39-0x0000000076A00000-0x0000000076AAF000-memory.dmp
memory/4984-40-0x0000000075440000-0x0000000075650000-memory.dmp
memory/4984-41-0x0000000074570000-0x0000000074692000-memory.dmp
memory/4984-42-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-43-0x0000000075F40000-0x000000007601C000-memory.dmp
memory/4984-44-0x0000000076D00000-0x0000000076DE3000-memory.dmp
memory/4984-45-0x0000000075660000-0x0000000075C13000-memory.dmp
memory/4984-46-0x0000000076A00000-0x0000000076AAF000-memory.dmp
memory/4984-47-0x0000000075440000-0x0000000075650000-memory.dmp
memory/4984-48-0x00000000753C0000-0x0000000075434000-memory.dmp
memory/4984-49-0x0000000074570000-0x0000000074692000-memory.dmp
memory/4984-50-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-51-0x0000000075660000-0x0000000075C13000-memory.dmp
memory/4984-52-0x0000000076A00000-0x0000000076AAF000-memory.dmp
memory/4984-53-0x0000000075440000-0x0000000075650000-memory.dmp
memory/4984-54-0x00000000753C0000-0x0000000075434000-memory.dmp
memory/4984-56-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-55-0x0000000074570000-0x0000000074692000-memory.dmp
memory/4984-57-0x0000000075660000-0x0000000075C13000-memory.dmp
memory/4984-58-0x0000000076A00000-0x0000000076AAF000-memory.dmp
memory/4984-59-0x0000000075440000-0x0000000075650000-memory.dmp
memory/4984-60-0x0000000077750000-0x0000000077775000-memory.dmp
memory/4984-61-0x00000000753C0000-0x0000000075434000-memory.dmp
memory/4984-62-0x0000000074570000-0x0000000074692000-memory.dmp
memory/4984-63-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-64-0x0000000075660000-0x0000000075C13000-memory.dmp
memory/4984-65-0x0000000076A00000-0x0000000076AAF000-memory.dmp
memory/4984-66-0x0000000075440000-0x0000000075650000-memory.dmp
memory/4984-67-0x00000000753C0000-0x0000000075434000-memory.dmp
memory/4984-68-0x0000000074570000-0x0000000074692000-memory.dmp
memory/4984-69-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-70-0x0000000075F40000-0x000000007601C000-memory.dmp
memory/4984-71-0x0000000076D00000-0x0000000076DE3000-memory.dmp
memory/4984-72-0x0000000075660000-0x0000000075C13000-memory.dmp
memory/4984-73-0x0000000076A00000-0x0000000076AAF000-memory.dmp
memory/4984-74-0x0000000075440000-0x0000000075650000-memory.dmp
memory/4984-75-0x00000000753C0000-0x0000000075434000-memory.dmp
memory/4984-78-0x0000000075660000-0x0000000075C13000-memory.dmp
memory/4984-77-0x0000000010000000-0x0000000010061000-memory.dmp
memory/4984-76-0x0000000074570000-0x0000000074692000-memory.dmp
memory/4984-79-0x0000000075440000-0x0000000075650000-memory.dmp
memory/4984-80-0x0000000010000000-0x0000000010061000-memory.dmp
memory/3932-160-0x0000000000400000-0x0000000000428000-memory.dmp
memory/4984-162-0x0000000000710000-0x0000000000711000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-LEVKT.tmp\Setup Audiolens v1.2.0.tmp
| MD5 | 34acc2bdb45a9c436181426828c4cb49 |
| SHA1 | 5adaa1ac822e6128b8d4b59a54d19901880452ae |
| SHA256 | 9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07 |
| SHA512 | 134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb |
C:\Program Files\iZotope\Audiolens\win64\iZotope Audiolens.exe
| MD5 | cf64f4aebc961afb56aa65d01efe9d54 |
| SHA1 | cc404ca892b8d3ad65f54c8714312a5a5aaeec9b |
| SHA256 | 8115e031da7200bc9f5d8f2ca1e35970d2ea67e417a04405e7ead6ca83dff168 |
| SHA512 | bd3d4c55bf7cb7cde529187a2f8ff24b3c6bf0e500b469f68fd80854058fcf72014a23db63fbf4c928f38d0954a870c4fc8fc10321e9ed6b51c58738320e0703 |
memory/3932-339-0x0000000000400000-0x0000000000428000-memory.dmp