Malware Analysis Report

2025-01-19 06:24

Sample ID 231218-vl491sddc2
Target https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website
Tags
irata infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website was found to be: Known bad.

Malicious Activity Summary

irata infostealer rat trojan

Irata payload

Irata

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

NTFS ADS

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-18 17:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-18 17:05

Reported

2023-12-18 17:08

Platform

win7-20231215-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000da0555bca4ff97748d27c2d0ab45fbb760159bb5bc698a71257f8cca26daf664000000000e80000000020000200000002ec50f1a2df24e020ab4594b29be8f6fa95218a3cc322f21a90f5b95e4758e3090000000ebba0eaa2e1bb841c80d6ecfa4becc5c950fca427ca6ca98dcee14aa5b7028f955351d54b5f64921854e2e1cb9aef1becaa4c8ff473f16fbc1b6113cad608617fd345c1e48a8268a5cc915ea9a4ea0246e0bfe8d442f4acece943ae222b0a2308d08feade403d44f59a2af584696651eafd202a903bb56f53e6bb398179287fd618c96b0b76ae153b0fc07bbd58ed812400000002f8c3862affc78a54ab4d3ce12083e6e64571c326d4bcc790f2b104cf913c00868c164e8cf25c3ec564153c0c0132855fc36cc2437890ae3e5ae4a3f9987fde8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409081010" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000005f72ff4b89667289cadd4016832e168622d103da00dc26d65ba5b6e9bef592f6000000000e800000000200002000000034eda304de066c35dc07d4c21c11b2e00d18cac04c41f3e73763d6780f74535820000000d96409b6d1a7df5013cf6bd2225b8f3f0d954a2f13a015f22c0643bec2d5ba6640000000ce908d8bb192bafbd288b8e8547c47a824a69b6ca49b2bc6819f4f824c4d0865ed513b056424f47272ae40b81d23f2cbb13fa55a4c982d24743c435279692701 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a032d782d431da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADAE9A91-9DC7-11EE-8E99-56B3956C75C7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 updates.insomnia.rest udp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2B77.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2C25.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9f2a19633157632c61e672eaa59ad66
SHA1 2b661bc54375d6ef56bc77b71da96886616b56cf
SHA256 863c1ff5cf263b7011331c3cc5b7fe37a72b61adb03076ae8b67e1a2a64d95c4
SHA512 951572f70f41dbb4b6a81e170d5a75c9ce3562ecef01e945b767f84ae14ed4f34a8f18f53e6e141cc1055fd5c083a99659b8417636bb744ddcb67a388c91291b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e5cd34988b54cc4addae0ae96cd0b42
SHA1 f4eda996f3f0e921368f5fbdb0b505bc0d7b405c
SHA256 697e01b277376cead0279ef01aef4656d006d955611922d5f32ddb437ea6b877
SHA512 125cf73ed869baede27086428dafb6dc983f3aef09aa673d40c8e22fc218f54879da57e53fb40bfb0d0647459905aec8d5886901ba643e02076686b410557986

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68bb70fe69bec6eaf00d14b01725d0ea
SHA1 662767ecc2ef9253866e7aab7d5eaf085aa52d19
SHA256 27654172df4c8c417335d44aeefb0c18b4ea51a910ae9206a1b85ef0fc4973ca
SHA512 0913e7a50d30e786f96f5a427fc3ced4bb57526501d0cad9497e2b3ce400143b777bcd19bb7491586ef66fb805869d75c3bb2a60049be495108306b7213e5794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16115da7aaf0284e58f3df4ef03abf67
SHA1 ed84f5d719938c98c4968460fca9f55ce2d800d0
SHA256 8b271f52d983cf93d3dec4739798d6f48a0df0843feeb2244cf41f3889edf510
SHA512 c59fc63fb9538e7ea668e93e161a9d0083e95b42bbc3d9284af36a4d1f6dc6096cc2c0e05f52c1abcbf415a82c8d5a12ac597d1fa053f3305e0c51afb6550a52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9eb4c444f879aa4f2b097e8bb0f32cf2
SHA1 69bccfa3e7e016b70e461a82caeb45ce65eb68d9
SHA256 874b1e0622ca23663915790725bfc305f72ad378274fad1500a6e3a47b56ad10
SHA512 b73c88b380a1fc69039e46b6a23f359bf95d4ef7eb28443e0b62d0479fe8ad8c3e2802cc25714cf2d48e6ca674c2daee13dc05d54c625e5f4341061a487f08d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e4532744c8ffcf69df4d8a1bbb28db6
SHA1 5100c10641f65da8b8cd37e616a850e7bc8942d6
SHA256 f683593783baa78956410801d2b0947974464f0c16d24e4a5a6215110577cf09
SHA512 0bc5afba554f30da96b62896e5868c3955d573b4b1a528b0605251c01dbef5d3e08e02d082076f8df8f282324911aa5efe92d181d16b45569557c2313eff1239

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0db9ea84f3d1c9f60989638bee73b5d
SHA1 d85f336e6eded91aeb3610c9676b126b706b3abb
SHA256 3e259b2bde2837f785a0097de2b7bdf3666d57b77389a51dfa978def7b01ece3
SHA512 35dab2198aa49b0b29b25fee69f6618a846c532201ee62f2484e76a2ec3c49d71d46c0d4dfdd498e72714be4c59f92337e65fec395114fe8c27097042b9346b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20e53ca4873b18810cabd9f2f08d79ac
SHA1 8933bafe157c9a16697c0f01cb23c91cdcda9873
SHA256 f03de51669f8641b05aef770447de0c004b1b1d1fe7efe4d465569ba64ecc640
SHA512 5537a3ee94e868362ed0be0b825cd6776ce7f28ecbfbc3f90bdcca787dbe10cb50a3d7d0335bed6293a04fa5a978aba70a8cc6b7bd551d082799049eea0c1548

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bb60f1e4ecbb32ee4cff805bc61722b
SHA1 d335be26156dfa8b6e5dac4ff81fcd0ad647fe92
SHA256 1032ad3e0277d429ab071bd0f8cc634b09e1e3c079d1fd946ffd95becbc3e69f
SHA512 de161974ef7bfdf48b97fa362bc8d5fe24e98cd6cffb3d85bc6a39211e15dc0aa4d99e6fc0223b79e54aada7021f312a516c332fd73228114a2635b4c4c68b47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9ecdbea42d94fea1998c1bd806bc3ef
SHA1 61bd29549ad42fab70acde8c3b0e181ad6244ab1
SHA256 3ec2a285db908ca01429bf0d9de78a66d5cffb0e8992aceb415641f84c45e9b2
SHA512 4171ffbf8f81ea3f0a49e6e2be0b3c5f756c249eaf25b1281cf7cccc473797d8af545811e2b342f73a4912668ef186a51aac2efd700694dbef8c34e9d38c5809

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49cd329595443faca4538c80a7f16cb4
SHA1 d88e458b7781b0da04ced8dcbdc25d2acb01c944
SHA256 a6ea2761c784e9c4dc4cb9b67e1812d056b245f608d69bea800205d4211bfca7
SHA512 717389599e13b123a00421454f16356c2e846d15d8b9a54c71dd8d898eef6c44df0b8cf0be599a23669beaf49a06c267a991cf24c21c299415217f0678aa0dc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34ba0a3fe5528709c8615b7cc9aa40d7
SHA1 4ad6b71275fd01d3b7ea8a9f4fbce33b83adfe88
SHA256 08ffb4f298a08d61ad982215707852a5ad6d709616f05a695ec95bbca0d63151
SHA512 6b969476989a8cb723c4c5ca1667892a5eac05e1254aa4498cf056ad3fc4ffc11cbc402d03bce9144261722652272b482e28f8a5eaed0e9118f0b77c9a989d28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50ac36a4b3c6a7f0adebfa7bd50e605c
SHA1 373f0d1ac9dc122a8d0ad3df0706a750d2eb36f3
SHA256 24be83dcf30a450d3cd232f1ece42755b988a2d2512c8482f08d5f58f7600baf
SHA512 4432f01e64b8477a4e7549ac5a3d4dd9b8d4ce28dddb242f9d6f710192a5d53f0bd75f71301a863f16d9101a829fa87f43de49227fa1dd564a3f0682e6c033bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af62ce5cb0083d4b232ca077d39c5a3c
SHA1 ad3f9fc8a1900cf79f5c27749e814630dedcadec
SHA256 6822e621fcd19752044b1cf63d182a26e5e081132c1163a78ec60e5a48d61d2c
SHA512 1ca902849a02d1bd30179ad827dc17c12bfb8233c2922f2a8deccba4fc4f3ccee157d9be34628adda7235236335d8cbc940c98dc2a4cc7abeec5532a5aa4e854

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6bd73a85cc5b811aa21c88ea0087a72
SHA1 b0405dd0113985418f984c6a2a56fde50e01a688
SHA256 0286de3bcd306d1ec699d720920cc37d2bc6f2d33b059e71455c28da559e7f81
SHA512 4ce16c1c03639e140189cc35695e94758a2c7a0a715de994dd6b56a240f08537386381ca1f0af81869fcf96fd21f7a2a824eb0a22a9fe880e6dfbf2f1e13a5e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3196425138ae985811d7dacac903052a
SHA1 104a0baa6f01ac0932479f8a7b5cfe86b3af9263
SHA256 fa651a8758c630e325f55606d0af21eafe93ad5fe010211755fd584f7a4dbfc6
SHA512 91e463e19cfa557356fd31e00757f52ff34dd6b29876dff78c4248bf22ffdac9b94d99e328fd48382cbaa17f871754282d701a2beea80cd8bcccdc89be23fcad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdc6d77d6d48bdcd2057903eea010490
SHA1 d95ef0ae21656354cfe54361968fc48f5cbe1029
SHA256 9e9ab2602843c419562f0673237ee2f128065aab84d64faf66893cb71fe640ac
SHA512 40ea646f2685f68ecb93cddd2ef710793194e9af62d60507bda9fbe3ca075f3eba276a7f8d3bb73dd5fba7659b64e8b501f214811672dfb24998332d9a149ffd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ef1ed20b358aafab4ccedf95fd9df57
SHA1 b018f60d3d21dd85ff73aa09cc1e55028f9d1f18
SHA256 ffb06846dfac16eb372d991014a6bb0b6a8c7470d2912657f013548dd6d3964d
SHA512 87310a40b389071047ac5da46b8634558b38193469e124890d51279a07c87ee850341920e29811274205634796fbcc21a8af261c915fa8be80f29b8bbf5bbc43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 488ad8affd2ae80fc7a1dfbdbee9f4e3
SHA1 d0025f6380ece7e8980fe4aecfc4f5cf620994b7
SHA256 ed4df978228384fea5eba06f80135475723bc80cfe042b9408f7e87327ae290b
SHA512 139cfea5877d2a6b8f57c175645e295bf29963d4e4f1660fed6e861f5fe547af64defe89802ff518bf87e0379ff0b2f6a716e244245358ddb4ac90264fb50abf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06b4d6d6894f313877fa7fea1c9d2dff
SHA1 f74e0fcec3b0ac2f0ce566d0af49b9a173afd677
SHA256 c28cbf39f1e69596e8fead9aad6748545b9f4a7a722eb9ebbde2d2652bc06402
SHA512 cacf8977b354359050ba16ff877eef06c39bf2a4f0d5bccf2f3f919f57a3463a33a1343d9373601c6e4e3cbdce91980f6fdbe2e718eaa14a467761740852900d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f3ef060731a6ae1435b032ec8fa624d
SHA1 8bf65a3645a42870aaabb2958199190f29b1c90f
SHA256 6b4fb236c53931d8509bade8f7513977222a6d36f32fcd14757d45a9ea09894c
SHA512 63e943810f451add6cc7a79196cf1af767dabedce0bb8ab214f1cfa9e6667dad083c8859181fb3288cf600be804b1b3e0a53222b166bedd21f5ce2f7fd0222da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90672449b3e73c0daca1a4ba4e28ab31
SHA1 40c1b9c4ae04999f2480e963702439bb59d54277
SHA256 c1475e5857491debd54096195b199df7a758d0ee34f8a274df66e23c9bf43ea1
SHA512 353b02f0f7aa50d8eaccd3b8cc7f88106c7a7eb30bb1de5548830239d152803da3de63f2e19d2536b39721450064b95390c59d77a784bb1c94f35c0055a9013f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88db7405d1501ef0fcbe2fc90286df24
SHA1 f37a7897d7318e85106f0e629e9ac2baa828ceba
SHA256 e9e03395756e5d288bd1cacc36d85115f9a46ad648ade34319291ed992089afc
SHA512 4a9245d2b30c810dfe570ec5ef43a102433b73df9c3db4bb359589471e775727bfc51678525cc9746a6dd37b4fc8af13941fcf7d0a60a061674fc750a5644157

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83d1d0a7db005a1a07959cfea48e3a67
SHA1 5ee466353e59d078dab040e7290e8a141579b634
SHA256 11226e91edd980e0972cefac2557c328560e8a7c5fc4861cf3777f9f84f6ca5d
SHA512 5d43320c7201acd76636804f113efeb96290e43824b4a81ba7921fce4bc9d7541ca105da13c7b30cee8dba4ead8ceb78a768cb3a177a95cbaf600c3755a6db05

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-18 17:05

Reported

2023-12-18 17:08

Platform

win10v2004-20231215-en

Max time kernel

146s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 516744.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4876 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 4724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff055046f8,0x7fff05504708,0x7fff05504718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8

C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe

"C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe

"C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe" --squirrel-install 8.4.5

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Insomnia /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Insomnia\Crashpad --url=https://f.a.k/e --annotation=_productName=Insomnia --annotation=_version=8.4.5 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=27.0.3 --initial-client-data=0x540,0x544,0x548,0x414,0x54c,0x7ff6b17c79e0,0x7ff6b17c79f0,0x7ff6b17c7a00

C:\Users\Admin\AppData\Local\insomnia\Update.exe

C:\Users\Admin\AppData\Local\insomnia\Update.exe --createShortcut=Insomnia.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 /prefetch:2

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 2.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 updates.insomnia.rest udp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 34.133.30.248:443 updates.insomnia.rest tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 248.30.133.34.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 crls.ssl.com udp
DE 52.85.92.99:80 crls.ssl.com tcp
US 8.8.8.8:53 165.184.237.34.in-addr.arpa udp
US 8.8.8.8:53 99.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7a5862a0ca86c0a4e8e0b30261858e1f
SHA1 ee490d28e155806d255e0f17be72509be750bf97
SHA256 92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b
SHA512 0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

\??\pipe\LOCAL\crashpad_4876_XCEEUOFJJVBHZLRQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6fda4b649ce8e9c5a98b219fe00c2c72
SHA1 6de461b6393802014e8713a3b02a52a8aa4a1dcd
SHA256 46b0f53c8ff22bafbecd2e2ee920b4b8550731db932a06258eca5c01fc7fcea7
SHA512 de7212b2f3e6a17a947526ae33120b731a2a0edc04c1d97a842755bf96b9926d7baafd3ae5783eaa346e652d424e9a40436e970aa7352673a89036c1676a480f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dfddf661defecff9e2eb3be37dd32db4
SHA1 08fd03bfe1a2e29a3472e5d27f7a8c1a2950e407
SHA256 6b6a191fb9a309be1a3687add411893307e5554a95048624d7b0e40bb0a51949
SHA512 0869f27e968e6d5401042ad64abce0dce40e9996fe778999e7d28011ad92d709dc3f0266fe20ed045d00fb7b94fdde37967cc0d21fb65361b992e94247933fe2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b4e94e589452d1b3171d22a679deee7d
SHA1 0af4a0ab586482f7c0b8fe3625bdb73840802a52
SHA256 425536fe01c8807b4ec9cc361c53b515fd34dcf0bfbb414f2f08a957ce8228b7
SHA512 6719a7fc632f7b75395533fe00f92d2830bdf975b1ea5cf99a2f646933fea5388cbb4ad0a9b9ff28610ca7bc4db31324f1a6d881ab2e48df05e9d51d8cbf3685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 52826cef6409f67b78148b75e442b5ea
SHA1 a675db110aae767f5910511751cc3992cddcc393
SHA256 98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb
SHA512 f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0c46814635a5f1080df1b7c015dc7393
SHA1 1e5dc3d03568cb054d038066857797859e44a7c9
SHA256 82cc144d46285aea1cf00eb5c969cd085276b8029f4137535dfd2c20ab554ec5
SHA512 677c8d72f05adc459c5e5575e7402893970dc5b901ebc98b603e0b972412ac1d3a6e3742e2f1b18f6d15e07c5111dcaa68f9b81dfec20ecc71750fac3db3ad53

C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe

MD5 8f524e7593a6606096de9250d28abb42
SHA1 3bf5dec55fc6fb9b9020ed262c0fd270ed8c3720
SHA256 ef29509d49fef909e813cf7e982dbe56da9eb4273818dadb8a7e23e79915f9d5
SHA512 db7408ded1db2d0cc72817e51165a2cc759142913c2ed9fcca5ed0921e8145489888ef52bccdf89db69433c806d8175629adb95bcfc852736e2792020a231b27

C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe

MD5 9f352d6bc32a13322480cdf84a76252c
SHA1 6cb35a275b2741d1bcb0e570fb482bde23503f45
SHA256 d0bd260ae7d549d1ce799667e657b8161eb0ee516b97931c6abb4c9422d6fd05
SHA512 31b5bb3645e7c4db4b240bf8ec4075b0dd63b0b9ffe658b7d29a38b885db090311ffcb031c322633293f06fc9495093dfde514e602bb9652d9e745e33d200117

C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe

MD5 0616f175b52b38a1f58ccbe43cb71485
SHA1 8dfcc64d87c589870dc782eeec77f1ef2d8ff16b
SHA256 3eeb73e5f5cfe2c934faa93b3049166d8e49b471930be3c626f363e714daeef7
SHA512 1bbc59f22353e8339712c05483c15acc61ad265b813cd0996f99c0752ebb826bf41742adada6b8b45cb7e1f3abe4503bf2ea7007263e00b264351eff551f00c7

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 6ce990889b25ca227e868bfba2ee09db
SHA1 511515c001db6d1de77dd5e7c3eee15f243338b7
SHA256 a8a207a654dd29bccd37e96cd1fca8e7bf1c0f638622873862d7a4b4ddb94acf
SHA512 b5c0df9d4e877db268042eb690046b61240169a3ba434c69acfcfff8cc16913e51be79744d43b59a3416c2f6d0d11404d1994495a573ce00a1f320f980fd8b2d

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 619c515b8125603232af08f503ae8c1d
SHA1 c4704c2d1ebfe220e085b75302df7ba162706d44
SHA256 fb5a0d79777e59024d13c20bb3f5c526f3287620c6f7f3e59d33ff004b847bdd
SHA512 e7bbf38766bc234d373e7981e6d85cf3faab3096ad8329bb5a17860953821f0bf7d94c653e3b6867665c4a7b9860c48b59121d5a1072b236ab2cf3a7a36f87ed

memory/2784-133-0x00000000002E0000-0x00000000004A4000-memory.dmp

memory/2784-134-0x0000000073A20000-0x00000000741D0000-memory.dmp

memory/2784-135-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 f458fc47d7f83c6498c7712cfc2a2564
SHA1 168c4619b60e571aecfe4776b1bc7c061e708d7b
SHA256 3639150a76d9517309f8e71ce28f53dd0efdb04dc6745c9aff443faaa0f3394f
SHA512 6315468bcf332109fc1aa9d4a978da02145d3fe2c8cc970a871b0de4247b08d4806d8ee727ac2e6cd5a88b0750bd3daa5e2676468c48fbae6f4e30d039fe5b6f

C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

MD5 90c66f6333edc7f15aa2f183b2082f15
SHA1 744d5df7023433c4074a2770f70a72d652f154b2
SHA256 65583541ba1a320a783aef7798ddee7dda68385103f9c3b50da403003d2de138
SHA512 3b15ca5ce87f0e05811938193aef797c9979ecebd7085510ad127a0a956c09c5eb862bc7aa5066403adcaf9b460096ec5f95ca961db585c562595212daf1be05

C:\Users\Admin\AppData\Local\SquirrelTemp\insomnia-8.4.5-full.nupkg

MD5 384e03bb7c9eaf0c07a099d393ce6098
SHA1 82c1805f02d8e86b9f0a1113a0201ee5505f183d
SHA256 da79fd6181a514746786eb9e665b2e03869e5462a1c49aa0f3d5f8ed07e45a14
SHA512 85ebea6b675f153dd056ae154c7a31c68ff8aa236bdeaa59d53ef2123b9390c1de35106db266b77c1cd49c4d2f6355a9178c5c3e9c0e71a5af87ebb694c7c47b

memory/2784-141-0x00000000059B0000-0x00000000059E8000-memory.dmp

memory/2784-142-0x0000000005990000-0x000000000599E000-memory.dmp

memory/2784-143-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3c94c7b3bcc48feda104e6c62357a6a4
SHA1 35167792cc4d6170b048810c091f30b594155fff
SHA256 46a8d84553581cf715d57c697aa3222cfa9b17be77c36ca08e28248b5e03d835
SHA512 16fe942701ffad73ddab93211b38473e43260efabdfce6189aa7e10735c02327a8362874b16ab2e7358f211ef3576c654012cf81d13924e38718d82f7780f9ba

C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.4.5-full.nupkg

MD5 420540d4acaddc66e6f41d99b25b94cc
SHA1 bfeabd86b5532e7281370883057be3b046125a18
SHA256 834dd1e2801b399729eaf3c43dd1eff81c888ab97cac2d41affd4480ce6707e5
SHA512 a7c28004813972009a91cf95f5518f918d43acd362bed64f620157a8726691bdf1db2cf56e1c3b1c714997af2473a48e82ba00d775e64aa5f5bca13bf79d20b8

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Update.exe

MD5 60d3be9197a8bc05e44abe2568324268
SHA1 aa5ff8a789cb4ea82245f1723d7b3eb0b443aa0a
SHA256 af4a797ed3f3d100542334233863273c021c65d0bcd5bf96be92a57cf79414cd
SHA512 2877afd9b5c42fe83ea0f4b773ce9b62bd88d96e39b26aa488e1deabf575195fd517a80452090a927344302de1d10cc1cee2417ea2d6b150133abeb1acb0d4d9

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe

MD5 5702e605e421f9bf9a40abfd961861a5
SHA1 77e66fe69354ad7688df3f92d9f07a0fd1483fd2
SHA256 29d4704a24e9a55751c56f37a497befbc1eaf053630ad9820b858ad4b7bc945c
SHA512 48d2a3694c9e584815fb9bb1ad0546f90b710ca2b00bffc5edc0aa1b36a9e85ecd9352030ce124d1e1b7b30554b3f6794f4531fafda1f40d5a2bb4bcc8ec69e8

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe

MD5 942bd24f8deb30ca91632af90a5cf855
SHA1 cddd517a86966775be5b9cc47aae35664db9f986
SHA256 79268809409ec5217f5a8fd283d6c824e336bf63f74b25f7011b4a705914ed10
SHA512 243c5823788e124ea9a3e503d36ed91ba3f11e19a17997fe7fe8f717d68ddef80271e270adaba1480b0656be3a196ed2d11171f1344e83e52d65cacaf428fe72

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe

MD5 9d8c42da82bf14445579a5efc0a80864
SHA1 14bd8ebe079b0b9172e094f7666a4b96da1534fa
SHA256 615ca828eb7b8cb23cd87dd0197254eaaf4ef8a1319c5948305bfbe37b7a9f96
SHA512 754f8092192790ac57c639292d8938c47495a6b340a48b6952e2272fa60204dcc2ad3d604d03f4658fff3b1ca801a758400d34a42f7676362d06cad45aa1ca73

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll

MD5 e8b930768d6df966acc4617fce623ae4
SHA1 3427fb5a3b92857701092b332e27697e326fc000
SHA256 48b719fefa1b870b846268fbd5c696edfb41b5064b58420a13d79892e268f3b6
SHA512 02a7208ec0a86561657e56cff932845bf8d28cdaf3c4a9bde6ee41023093740255920de370758874801f1e0450971b37b6f97c8f7e5d862876b46a0d2e5676e4

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll

MD5 d7fca6ea374c0bbf6386d28a49a54303
SHA1 0e992a635074283fe4d186a564474d72870f66ca
SHA256 a481c4f0aff71e865c31274c7d9588f2e58abd79407e528391516f196b9a468b
SHA512 6349eaa166d50c7a262c2a1c830e299f9810df83ebef3abf746ca86028a4f97e4115e6438e0d75c0d6187fad9a426c12a62bf870ba2d13a48a8a4d3ec5a9b08e

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\v8_context_snapshot.bin

MD5 b8d49757fda6976340be272b8bcf6310
SHA1 e559ae83752e85ed4181a7f591074ced72c1d6df
SHA256 e67f083766ac1e6510bf5f6f85fe0fa2f9f09efeb3816507b918e3c980df56cc
SHA512 a5c4ec6978b3c1c59bb37a128735bb57737c18fd6682e86e5e077c0b05d7dab4e3eab879bedb2e7bc984ed18c490b4e0ec6be1dccbc5f7599f51921860ba3de7

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\icudtl.dat

MD5 bcf90018b27e40f0f8dcd78553d3680e
SHA1 4a2ac832db3754cf33e3c1a8eb71b8fdbe4c41a0
SHA256 542bc648a273f66126330453921cfc9e7109fa4502ffd2910e56f636001038bc
SHA512 7bd363233dc73778bf6a224980e53163ecfef55dce982deff921ccf12f863cd6502513d1a6c9a31871a08d758a8ea1b35645952553df5d5763b49591db891aeb

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\resources\app.asar

MD5 a77c612f38834aad9dbf15f1ad002b8a
SHA1 d3ed90679c08406d3701fa10ec5bb5874d0dae84
SHA256 d485214cfe8d1fe8e7e90df5abfe6b01324c3f8f485cd6b0a62998afd2765079
SHA512 b310493596206110c7134e756269a7c6ee710e5aa7979bf8cb94c9a673c0de1ecdba1d3069d04428a7125ade5b488a2d980ad716ec933f4efd7ae6f56b9030a7

C:\Users\Admin\AppData\Local\insomnia\update.exe

MD5 4a5dbd3d6263eca75561a21b98aa4353
SHA1 9308061daf870e2c3b002c5b5ba81556c6e03873
SHA256 19a9ed41a69c74f130f53572aa1b07b1fa35d93a408dcf9d3f16f0fd72dd1e69
SHA512 1741d133badccedeedc68079e1f6dcaf116bad58b85292031da2759ca0648416054d5806edcbf0910a276a95a76c4b21d2465dd1d994a068a1db5ee47632bd11

C:\Users\Admin\AppData\Local\Temp\5fd1dcf0-869b-42bb-ae27-d2a294dac778.tmp.node

MD5 88b4e61131f6eaa135e9ef8589271022
SHA1 9f26755b5ea4f258c467bc9e4708cd04ec1c241a
SHA256 3c6cc743bdcd6910bff81718b788c711ac52018d3268a70fd7f3d46b9dff8967
SHA512 cba528e1c91bdef248bc7edc23ed880013bd7e8463556b2215b78e4ba06807ac8b4c796a997ce51cebc114b566bee2b564e9268df37725b94df4f1a9dbb1fa2c

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll

MD5 55bcf165abb5e477770c9fdd1581386b
SHA1 d9deb6bf8307d09d102f9cad4a9d59d06cc8eade
SHA256 d725631111f2765e201c386e7b529debef17abbc63658ea6bbbf25899c177d54
SHA512 3ab50fefe40b4bface07383b76b6b4c0245a2413fa44c723d8d48f17418d233f25467c31c45a616ea51afaa8b36d7f72c1eafafdda39eae963ccaf2a8e491c00

C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe

MD5 56afaff5a7d2a200521da3b9e4c7333b
SHA1 0216accdcef63665a0481e18c8c46b60f38deaac
SHA256 fbf62aea7b97dde05283dbcf1103efd05c99622322e1f9fea875321aa035616b
SHA512 7b0ec14a0037167cbfcbf1ec75a21f1bbf553c87941e24219f6aeefd2387f0a65c76e47714db701e7514d1468553d8437b34c528b83b4d475b19f07b64b644c7

C:\Users\Admin\AppData\Local\insomnia\Update.exe

MD5 c437b77af153a7a54da683b0138047cd
SHA1 77cf467a862903ec196b46d125f01e767bfd51b3
SHA256 cb43b75399daf2c12c492b0188055f510b1b64feb45807242e7408a54c877b30
SHA512 38f2c8167e370c4a90dca7dbec23f038fdbc3cdeb25ee59e3d93c68d29db1ce5ff7a63b409fb5d07c108adea29e9e754b429b617959f16f7b4aab54b65af0e7b

C:\Users\Admin\AppData\Local\insomnia\packages\RELEASES

MD5 da8bc3e11c604a3e8211dbafc1d42294
SHA1 194e8f87f2cd34df489aa66a4363510595d969b5
SHA256 1bdf7620a1c54409e1b86c560bc90a015dd3bee1097361d4ae2c07b1a190c6c8
SHA512 ae9dd958546450750410b5a4870c24016873b203cab68b159f4562af91cc40ccddf4abdfc09b764904273d1b9ff325d672bdcc4fb5e50c69275f0c05a66f82ff

C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.4.5-full.nupkg

MD5 2674e216f145fd87664c3554b377c3fe
SHA1 d55f15b73836a2520c23dd0073684321f823868e
SHA256 5f5778d37ef2bf74757d6fcb7ed61b22ee847c8c27e892f8dbbee85919015783
SHA512 3a9af04edb6e87a2f21d4e7810591230ef3fb38ef2fb10ebc8a003342bfa48d7a516210faa70bd98e1e22622f6766822c5f768e64530c875511d55a1d74f0e1b

memory/2388-295-0x0000000005410000-0x0000000005420000-memory.dmp

memory/2388-293-0x0000000073A20000-0x00000000741D0000-memory.dmp

memory/2388-299-0x0000000002E10000-0x0000000002E30000-memory.dmp

C:\Users\Admin\AppData\Local\insomnia\Insomnia.exe

MD5 588bb92da6030957741459902b00b94d
SHA1 bce29ac64141461a535633bee83fe06aa926c76c
SHA256 102a34d39e77fc1c8f7723da06dd251e7cfae2447fb81cd6a33af4243bdc7e56
SHA512 1ef0ea4daa2e2f2d61f8010eb34fbb02208fa6309eec9d784f642d87e1093da2558d6711d8d149320241383a08c48d71d00bd3e1f300a7b3b70490d68087e905

memory/2388-305-0x0000000073A20000-0x00000000741D0000-memory.dmp

memory/2784-306-0x0000000073A20000-0x00000000741D0000-memory.dmp

memory/2784-307-0x0000000004FC0000-0x0000000004FD0000-memory.dmp