Analysis Overview
Threat Level: Known bad
The file https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website was found to be: Known bad.
Malicious Activity Summary
Irata payload
Irata
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
NTFS ADS
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-18 17:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-18 17:05
Reported
2023-12-18 17:08
Platform
win7-20231215-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000da0555bca4ff97748d27c2d0ab45fbb760159bb5bc698a71257f8cca26daf664000000000e80000000020000200000002ec50f1a2df24e020ab4594b29be8f6fa95218a3cc322f21a90f5b95e4758e3090000000ebba0eaa2e1bb841c80d6ecfa4becc5c950fca427ca6ca98dcee14aa5b7028f955351d54b5f64921854e2e1cb9aef1becaa4c8ff473f16fbc1b6113cad608617fd345c1e48a8268a5cc915ea9a4ea0246e0bfe8d442f4acece943ae222b0a2308d08feade403d44f59a2af584696651eafd202a903bb56f53e6bb398179287fd618c96b0b76ae153b0fc07bbd58ed812400000002f8c3862affc78a54ab4d3ce12083e6e64571c326d4bcc790f2b104cf913c00868c164e8cf25c3ec564153c0c0132855fc36cc2437890ae3e5ae4a3f9987fde8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409081010" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000005f72ff4b89667289cadd4016832e168622d103da00dc26d65ba5b6e9bef592f6000000000e800000000200002000000034eda304de066c35dc07d4c21c11b2e00d18cac04c41f3e73763d6780f74535820000000d96409b6d1a7df5013cf6bd2225b8f3f0d954a2f13a015f22c0643bec2d5ba6640000000ce908d8bb192bafbd288b8e8547c47a824a69b6ca49b2bc6819f4f824c4d0865ed513b056424f47272ae40b81d23f2cbb13fa55a4c982d24743c435279692701 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a032d782d431da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADAE9A91-9DC7-11EE-8E99-56B3956C75C7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2452 wrote to memory of 2668 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2668 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2668 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2452 wrote to memory of 2668 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | updates.insomnia.rest | udp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2B77.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2C25.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9f2a19633157632c61e672eaa59ad66 |
| SHA1 | 2b661bc54375d6ef56bc77b71da96886616b56cf |
| SHA256 | 863c1ff5cf263b7011331c3cc5b7fe37a72b61adb03076ae8b67e1a2a64d95c4 |
| SHA512 | 951572f70f41dbb4b6a81e170d5a75c9ce3562ecef01e945b767f84ae14ed4f34a8f18f53e6e141cc1055fd5c083a99659b8417636bb744ddcb67a388c91291b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e5cd34988b54cc4addae0ae96cd0b42 |
| SHA1 | f4eda996f3f0e921368f5fbdb0b505bc0d7b405c |
| SHA256 | 697e01b277376cead0279ef01aef4656d006d955611922d5f32ddb437ea6b877 |
| SHA512 | 125cf73ed869baede27086428dafb6dc983f3aef09aa673d40c8e22fc218f54879da57e53fb40bfb0d0647459905aec8d5886901ba643e02076686b410557986 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68bb70fe69bec6eaf00d14b01725d0ea |
| SHA1 | 662767ecc2ef9253866e7aab7d5eaf085aa52d19 |
| SHA256 | 27654172df4c8c417335d44aeefb0c18b4ea51a910ae9206a1b85ef0fc4973ca |
| SHA512 | 0913e7a50d30e786f96f5a427fc3ced4bb57526501d0cad9497e2b3ce400143b777bcd19bb7491586ef66fb805869d75c3bb2a60049be495108306b7213e5794 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16115da7aaf0284e58f3df4ef03abf67 |
| SHA1 | ed84f5d719938c98c4968460fca9f55ce2d800d0 |
| SHA256 | 8b271f52d983cf93d3dec4739798d6f48a0df0843feeb2244cf41f3889edf510 |
| SHA512 | c59fc63fb9538e7ea668e93e161a9d0083e95b42bbc3d9284af36a4d1f6dc6096cc2c0e05f52c1abcbf415a82c8d5a12ac597d1fa053f3305e0c51afb6550a52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eb4c444f879aa4f2b097e8bb0f32cf2 |
| SHA1 | 69bccfa3e7e016b70e461a82caeb45ce65eb68d9 |
| SHA256 | 874b1e0622ca23663915790725bfc305f72ad378274fad1500a6e3a47b56ad10 |
| SHA512 | b73c88b380a1fc69039e46b6a23f359bf95d4ef7eb28443e0b62d0479fe8ad8c3e2802cc25714cf2d48e6ca674c2daee13dc05d54c625e5f4341061a487f08d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e4532744c8ffcf69df4d8a1bbb28db6 |
| SHA1 | 5100c10641f65da8b8cd37e616a850e7bc8942d6 |
| SHA256 | f683593783baa78956410801d2b0947974464f0c16d24e4a5a6215110577cf09 |
| SHA512 | 0bc5afba554f30da96b62896e5868c3955d573b4b1a528b0605251c01dbef5d3e08e02d082076f8df8f282324911aa5efe92d181d16b45569557c2313eff1239 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0db9ea84f3d1c9f60989638bee73b5d |
| SHA1 | d85f336e6eded91aeb3610c9676b126b706b3abb |
| SHA256 | 3e259b2bde2837f785a0097de2b7bdf3666d57b77389a51dfa978def7b01ece3 |
| SHA512 | 35dab2198aa49b0b29b25fee69f6618a846c532201ee62f2484e76a2ec3c49d71d46c0d4dfdd498e72714be4c59f92337e65fec395114fe8c27097042b9346b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20e53ca4873b18810cabd9f2f08d79ac |
| SHA1 | 8933bafe157c9a16697c0f01cb23c91cdcda9873 |
| SHA256 | f03de51669f8641b05aef770447de0c004b1b1d1fe7efe4d465569ba64ecc640 |
| SHA512 | 5537a3ee94e868362ed0be0b825cd6776ce7f28ecbfbc3f90bdcca787dbe10cb50a3d7d0335bed6293a04fa5a978aba70a8cc6b7bd551d082799049eea0c1548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bb60f1e4ecbb32ee4cff805bc61722b |
| SHA1 | d335be26156dfa8b6e5dac4ff81fcd0ad647fe92 |
| SHA256 | 1032ad3e0277d429ab071bd0f8cc634b09e1e3c079d1fd946ffd95becbc3e69f |
| SHA512 | de161974ef7bfdf48b97fa362bc8d5fe24e98cd6cffb3d85bc6a39211e15dc0aa4d99e6fc0223b79e54aada7021f312a516c332fd73228114a2635b4c4c68b47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9ecdbea42d94fea1998c1bd806bc3ef |
| SHA1 | 61bd29549ad42fab70acde8c3b0e181ad6244ab1 |
| SHA256 | 3ec2a285db908ca01429bf0d9de78a66d5cffb0e8992aceb415641f84c45e9b2 |
| SHA512 | 4171ffbf8f81ea3f0a49e6e2be0b3c5f756c249eaf25b1281cf7cccc473797d8af545811e2b342f73a4912668ef186a51aac2efd700694dbef8c34e9d38c5809 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49cd329595443faca4538c80a7f16cb4 |
| SHA1 | d88e458b7781b0da04ced8dcbdc25d2acb01c944 |
| SHA256 | a6ea2761c784e9c4dc4cb9b67e1812d056b245f608d69bea800205d4211bfca7 |
| SHA512 | 717389599e13b123a00421454f16356c2e846d15d8b9a54c71dd8d898eef6c44df0b8cf0be599a23669beaf49a06c267a991cf24c21c299415217f0678aa0dc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34ba0a3fe5528709c8615b7cc9aa40d7 |
| SHA1 | 4ad6b71275fd01d3b7ea8a9f4fbce33b83adfe88 |
| SHA256 | 08ffb4f298a08d61ad982215707852a5ad6d709616f05a695ec95bbca0d63151 |
| SHA512 | 6b969476989a8cb723c4c5ca1667892a5eac05e1254aa4498cf056ad3fc4ffc11cbc402d03bce9144261722652272b482e28f8a5eaed0e9118f0b77c9a989d28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50ac36a4b3c6a7f0adebfa7bd50e605c |
| SHA1 | 373f0d1ac9dc122a8d0ad3df0706a750d2eb36f3 |
| SHA256 | 24be83dcf30a450d3cd232f1ece42755b988a2d2512c8482f08d5f58f7600baf |
| SHA512 | 4432f01e64b8477a4e7549ac5a3d4dd9b8d4ce28dddb242f9d6f710192a5d53f0bd75f71301a863f16d9101a829fa87f43de49227fa1dd564a3f0682e6c033bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af62ce5cb0083d4b232ca077d39c5a3c |
| SHA1 | ad3f9fc8a1900cf79f5c27749e814630dedcadec |
| SHA256 | 6822e621fcd19752044b1cf63d182a26e5e081132c1163a78ec60e5a48d61d2c |
| SHA512 | 1ca902849a02d1bd30179ad827dc17c12bfb8233c2922f2a8deccba4fc4f3ccee157d9be34628adda7235236335d8cbc940c98dc2a4cc7abeec5532a5aa4e854 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6bd73a85cc5b811aa21c88ea0087a72 |
| SHA1 | b0405dd0113985418f984c6a2a56fde50e01a688 |
| SHA256 | 0286de3bcd306d1ec699d720920cc37d2bc6f2d33b059e71455c28da559e7f81 |
| SHA512 | 4ce16c1c03639e140189cc35695e94758a2c7a0a715de994dd6b56a240f08537386381ca1f0af81869fcf96fd21f7a2a824eb0a22a9fe880e6dfbf2f1e13a5e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3196425138ae985811d7dacac903052a |
| SHA1 | 104a0baa6f01ac0932479f8a7b5cfe86b3af9263 |
| SHA256 | fa651a8758c630e325f55606d0af21eafe93ad5fe010211755fd584f7a4dbfc6 |
| SHA512 | 91e463e19cfa557356fd31e00757f52ff34dd6b29876dff78c4248bf22ffdac9b94d99e328fd48382cbaa17f871754282d701a2beea80cd8bcccdc89be23fcad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdc6d77d6d48bdcd2057903eea010490 |
| SHA1 | d95ef0ae21656354cfe54361968fc48f5cbe1029 |
| SHA256 | 9e9ab2602843c419562f0673237ee2f128065aab84d64faf66893cb71fe640ac |
| SHA512 | 40ea646f2685f68ecb93cddd2ef710793194e9af62d60507bda9fbe3ca075f3eba276a7f8d3bb73dd5fba7659b64e8b501f214811672dfb24998332d9a149ffd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ef1ed20b358aafab4ccedf95fd9df57 |
| SHA1 | b018f60d3d21dd85ff73aa09cc1e55028f9d1f18 |
| SHA256 | ffb06846dfac16eb372d991014a6bb0b6a8c7470d2912657f013548dd6d3964d |
| SHA512 | 87310a40b389071047ac5da46b8634558b38193469e124890d51279a07c87ee850341920e29811274205634796fbcc21a8af261c915fa8be80f29b8bbf5bbc43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 488ad8affd2ae80fc7a1dfbdbee9f4e3 |
| SHA1 | d0025f6380ece7e8980fe4aecfc4f5cf620994b7 |
| SHA256 | ed4df978228384fea5eba06f80135475723bc80cfe042b9408f7e87327ae290b |
| SHA512 | 139cfea5877d2a6b8f57c175645e295bf29963d4e4f1660fed6e861f5fe547af64defe89802ff518bf87e0379ff0b2f6a716e244245358ddb4ac90264fb50abf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06b4d6d6894f313877fa7fea1c9d2dff |
| SHA1 | f74e0fcec3b0ac2f0ce566d0af49b9a173afd677 |
| SHA256 | c28cbf39f1e69596e8fead9aad6748545b9f4a7a722eb9ebbde2d2652bc06402 |
| SHA512 | cacf8977b354359050ba16ff877eef06c39bf2a4f0d5bccf2f3f919f57a3463a33a1343d9373601c6e4e3cbdce91980f6fdbe2e718eaa14a467761740852900d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f3ef060731a6ae1435b032ec8fa624d |
| SHA1 | 8bf65a3645a42870aaabb2958199190f29b1c90f |
| SHA256 | 6b4fb236c53931d8509bade8f7513977222a6d36f32fcd14757d45a9ea09894c |
| SHA512 | 63e943810f451add6cc7a79196cf1af767dabedce0bb8ab214f1cfa9e6667dad083c8859181fb3288cf600be804b1b3e0a53222b166bedd21f5ce2f7fd0222da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90672449b3e73c0daca1a4ba4e28ab31 |
| SHA1 | 40c1b9c4ae04999f2480e963702439bb59d54277 |
| SHA256 | c1475e5857491debd54096195b199df7a758d0ee34f8a274df66e23c9bf43ea1 |
| SHA512 | 353b02f0f7aa50d8eaccd3b8cc7f88106c7a7eb30bb1de5548830239d152803da3de63f2e19d2536b39721450064b95390c59d77a784bb1c94f35c0055a9013f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88db7405d1501ef0fcbe2fc90286df24 |
| SHA1 | f37a7897d7318e85106f0e629e9ac2baa828ceba |
| SHA256 | e9e03395756e5d288bd1cacc36d85115f9a46ad648ade34319291ed992089afc |
| SHA512 | 4a9245d2b30c810dfe570ec5ef43a102433b73df9c3db4bb359589471e775727bfc51678525cc9746a6dd37b4fc8af13941fcf7d0a60a061674fc750a5644157 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83d1d0a7db005a1a07959cfea48e3a67 |
| SHA1 | 5ee466353e59d078dab040e7290e8a141579b634 |
| SHA256 | 11226e91edd980e0972cefac2557c328560e8a7c5fc4861cf3777f9f84f6ca5d |
| SHA512 | 5d43320c7201acd76636804f113efeb96290e43824b4a81ba7921fce4bc9d7541ca105da13c7b30cee8dba4ead8ceb78a768cb3a177a95cbaf600c3755a6db05 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-18 17:05
Reported
2023-12-18 17:08
Platform
win10v2004-20231215-en
Max time kernel
146s
Max time network
153s
Command Line
Signatures
Irata
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\Update.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 516744.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://updates.insomnia.rest/downloads/windows/latest?app=com.insomnia.app&source=website
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff055046f8,0x7fff05504708,0x7fff05504718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe
"C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
"C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe" --squirrel-install 8.4.5
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Insomnia /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Insomnia\Crashpad --url=https://f.a.k/e --annotation=_productName=Insomnia --annotation=_version=8.4.5 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=27.0.3 --initial-client-data=0x540,0x544,0x548,0x414,0x54c,0x7ff6b17c79e0,0x7ff6b17c79f0,0x7ff6b17c7a00
C:\Users\Admin\AppData\Local\insomnia\Update.exe
C:\Users\Admin\AppData\Local\insomnia\Update.exe --createShortcut=Insomnia.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10874440426789011256,406759634513227160,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 2.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | updates.insomnia.rest | udp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 34.133.30.248:443 | updates.insomnia.rest | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.30.133.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crls.ssl.com | udp |
| DE | 52.85.92.99:80 | crls.ssl.com | tcp |
| US | 8.8.8.8:53 | 165.184.237.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7a5862a0ca86c0a4e8e0b30261858e1f |
| SHA1 | ee490d28e155806d255e0f17be72509be750bf97 |
| SHA256 | 92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b |
| SHA512 | 0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe |
\??\pipe\LOCAL\crashpad_4876_XCEEUOFJJVBHZLRQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6fda4b649ce8e9c5a98b219fe00c2c72 |
| SHA1 | 6de461b6393802014e8713a3b02a52a8aa4a1dcd |
| SHA256 | 46b0f53c8ff22bafbecd2e2ee920b4b8550731db932a06258eca5c01fc7fcea7 |
| SHA512 | de7212b2f3e6a17a947526ae33120b731a2a0edc04c1d97a842755bf96b9926d7baafd3ae5783eaa346e652d424e9a40436e970aa7352673a89036c1676a480f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dfddf661defecff9e2eb3be37dd32db4 |
| SHA1 | 08fd03bfe1a2e29a3472e5d27f7a8c1a2950e407 |
| SHA256 | 6b6a191fb9a309be1a3687add411893307e5554a95048624d7b0e40bb0a51949 |
| SHA512 | 0869f27e968e6d5401042ad64abce0dce40e9996fe778999e7d28011ad92d709dc3f0266fe20ed045d00fb7b94fdde37967cc0d21fb65361b992e94247933fe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4e94e589452d1b3171d22a679deee7d |
| SHA1 | 0af4a0ab586482f7c0b8fe3625bdb73840802a52 |
| SHA256 | 425536fe01c8807b4ec9cc361c53b515fd34dcf0bfbb414f2f08a957ce8228b7 |
| SHA512 | 6719a7fc632f7b75395533fe00f92d2830bdf975b1ea5cf99a2f646933fea5388cbb4ad0a9b9ff28610ca7bc4db31324f1a6d881ab2e48df05e9d51d8cbf3685 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 52826cef6409f67b78148b75e442b5ea |
| SHA1 | a675db110aae767f5910511751cc3992cddcc393 |
| SHA256 | 98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb |
| SHA512 | f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0c46814635a5f1080df1b7c015dc7393 |
| SHA1 | 1e5dc3d03568cb054d038066857797859e44a7c9 |
| SHA256 | 82cc144d46285aea1cf00eb5c969cd085276b8029f4137535dfd2c20ab554ec5 |
| SHA512 | 677c8d72f05adc459c5e5575e7402893970dc5b901ebc98b603e0b972412ac1d3a6e3742e2f1b18f6d15e07c5111dcaa68f9b81dfec20ecc71750fac3db3ad53 |
C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe
| MD5 | 8f524e7593a6606096de9250d28abb42 |
| SHA1 | 3bf5dec55fc6fb9b9020ed262c0fd270ed8c3720 |
| SHA256 | ef29509d49fef909e813cf7e982dbe56da9eb4273818dadb8a7e23e79915f9d5 |
| SHA512 | db7408ded1db2d0cc72817e51165a2cc759142913c2ed9fcca5ed0921e8145489888ef52bccdf89db69433c806d8175629adb95bcfc852736e2792020a231b27 |
C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe
| MD5 | 9f352d6bc32a13322480cdf84a76252c |
| SHA1 | 6cb35a275b2741d1bcb0e570fb482bde23503f45 |
| SHA256 | d0bd260ae7d549d1ce799667e657b8161eb0ee516b97931c6abb4c9422d6fd05 |
| SHA512 | 31b5bb3645e7c4db4b240bf8ec4075b0dd63b0b9ffe658b7d29a38b885db090311ffcb031c322633293f06fc9495093dfde514e602bb9652d9e745e33d200117 |
C:\Users\Admin\Downloads\Insomnia.Core-8.4.5.exe
| MD5 | 0616f175b52b38a1f58ccbe43cb71485 |
| SHA1 | 8dfcc64d87c589870dc782eeec77f1ef2d8ff16b |
| SHA256 | 3eeb73e5f5cfe2c934faa93b3049166d8e49b471930be3c626f363e714daeef7 |
| SHA512 | 1bbc59f22353e8339712c05483c15acc61ad265b813cd0996f99c0752ebb826bf41742adada6b8b45cb7e1f3abe4503bf2ea7007263e00b264351eff551f00c7 |
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | 6ce990889b25ca227e868bfba2ee09db |
| SHA1 | 511515c001db6d1de77dd5e7c3eee15f243338b7 |
| SHA256 | a8a207a654dd29bccd37e96cd1fca8e7bf1c0f638622873862d7a4b4ddb94acf |
| SHA512 | b5c0df9d4e877db268042eb690046b61240169a3ba434c69acfcfff8cc16913e51be79744d43b59a3416c2f6d0d11404d1994495a573ce00a1f320f980fd8b2d |
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | 619c515b8125603232af08f503ae8c1d |
| SHA1 | c4704c2d1ebfe220e085b75302df7ba162706d44 |
| SHA256 | fb5a0d79777e59024d13c20bb3f5c526f3287620c6f7f3e59d33ff004b847bdd |
| SHA512 | e7bbf38766bc234d373e7981e6d85cf3faab3096ad8329bb5a17860953821f0bf7d94c653e3b6867665c4a7b9860c48b59121d5a1072b236ab2cf3a7a36f87ed |
memory/2784-133-0x00000000002E0000-0x00000000004A4000-memory.dmp
memory/2784-134-0x0000000073A20000-0x00000000741D0000-memory.dmp
memory/2784-135-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | f458fc47d7f83c6498c7712cfc2a2564 |
| SHA1 | 168c4619b60e571aecfe4776b1bc7c061e708d7b |
| SHA256 | 3639150a76d9517309f8e71ce28f53dd0efdb04dc6745c9aff443faaa0f3394f |
| SHA512 | 6315468bcf332109fc1aa9d4a978da02145d3fe2c8cc970a871b0de4247b08d4806d8ee727ac2e6cd5a88b0750bd3daa5e2676468c48fbae6f4e30d039fe5b6f |
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif
| MD5 | 90c66f6333edc7f15aa2f183b2082f15 |
| SHA1 | 744d5df7023433c4074a2770f70a72d652f154b2 |
| SHA256 | 65583541ba1a320a783aef7798ddee7dda68385103f9c3b50da403003d2de138 |
| SHA512 | 3b15ca5ce87f0e05811938193aef797c9979ecebd7085510ad127a0a956c09c5eb862bc7aa5066403adcaf9b460096ec5f95ca961db585c562595212daf1be05 |
C:\Users\Admin\AppData\Local\SquirrelTemp\insomnia-8.4.5-full.nupkg
| MD5 | 384e03bb7c9eaf0c07a099d393ce6098 |
| SHA1 | 82c1805f02d8e86b9f0a1113a0201ee5505f183d |
| SHA256 | da79fd6181a514746786eb9e665b2e03869e5462a1c49aa0f3d5f8ed07e45a14 |
| SHA512 | 85ebea6b675f153dd056ae154c7a31c68ff8aa236bdeaa59d53ef2123b9390c1de35106db266b77c1cd49c4d2f6355a9178c5c3e9c0e71a5af87ebb694c7c47b |
memory/2784-141-0x00000000059B0000-0x00000000059E8000-memory.dmp
memory/2784-142-0x0000000005990000-0x000000000599E000-memory.dmp
memory/2784-143-0x0000000004FC0000-0x0000000004FD0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3c94c7b3bcc48feda104e6c62357a6a4 |
| SHA1 | 35167792cc4d6170b048810c091f30b594155fff |
| SHA256 | 46a8d84553581cf715d57c697aa3222cfa9b17be77c36ca08e28248b5e03d835 |
| SHA512 | 16fe942701ffad73ddab93211b38473e43260efabdfce6189aa7e10735c02327a8362874b16ab2e7358f211ef3576c654012cf81d13924e38718d82f7780f9ba |
C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.4.5-full.nupkg
| MD5 | 420540d4acaddc66e6f41d99b25b94cc |
| SHA1 | bfeabd86b5532e7281370883057be3b046125a18 |
| SHA256 | 834dd1e2801b399729eaf3c43dd1eff81c888ab97cac2d41affd4480ce6707e5 |
| SHA512 | a7c28004813972009a91cf95f5518f918d43acd362bed64f620157a8726691bdf1db2cf56e1c3b1c714997af2473a48e82ba00d775e64aa5f5bca13bf79d20b8 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Update.exe
| MD5 | 60d3be9197a8bc05e44abe2568324268 |
| SHA1 | aa5ff8a789cb4ea82245f1723d7b3eb0b443aa0a |
| SHA256 | af4a797ed3f3d100542334233863273c021c65d0bcd5bf96be92a57cf79414cd |
| SHA512 | 2877afd9b5c42fe83ea0f4b773ce9b62bd88d96e39b26aa488e1deabf575195fd517a80452090a927344302de1d10cc1cee2417ea2d6b150133abeb1acb0d4d9 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
| MD5 | 5702e605e421f9bf9a40abfd961861a5 |
| SHA1 | 77e66fe69354ad7688df3f92d9f07a0fd1483fd2 |
| SHA256 | 29d4704a24e9a55751c56f37a497befbc1eaf053630ad9820b858ad4b7bc945c |
| SHA512 | 48d2a3694c9e584815fb9bb1ad0546f90b710ca2b00bffc5edc0aa1b36a9e85ecd9352030ce124d1e1b7b30554b3f6794f4531fafda1f40d5a2bb4bcc8ec69e8 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
| MD5 | 942bd24f8deb30ca91632af90a5cf855 |
| SHA1 | cddd517a86966775be5b9cc47aae35664db9f986 |
| SHA256 | 79268809409ec5217f5a8fd283d6c824e336bf63f74b25f7011b4a705914ed10 |
| SHA512 | 243c5823788e124ea9a3e503d36ed91ba3f11e19a17997fe7fe8f717d68ddef80271e270adaba1480b0656be3a196ed2d11171f1344e83e52d65cacaf428fe72 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
| MD5 | 9d8c42da82bf14445579a5efc0a80864 |
| SHA1 | 14bd8ebe079b0b9172e094f7666a4b96da1534fa |
| SHA256 | 615ca828eb7b8cb23cd87dd0197254eaaf4ef8a1319c5948305bfbe37b7a9f96 |
| SHA512 | 754f8092192790ac57c639292d8938c47495a6b340a48b6952e2272fa60204dcc2ad3d604d03f4658fff3b1ca801a758400d34a42f7676362d06cad45aa1ca73 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll
| MD5 | e8b930768d6df966acc4617fce623ae4 |
| SHA1 | 3427fb5a3b92857701092b332e27697e326fc000 |
| SHA256 | 48b719fefa1b870b846268fbd5c696edfb41b5064b58420a13d79892e268f3b6 |
| SHA512 | 02a7208ec0a86561657e56cff932845bf8d28cdaf3c4a9bde6ee41023093740255920de370758874801f1e0450971b37b6f97c8f7e5d862876b46a0d2e5676e4 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll
| MD5 | d7fca6ea374c0bbf6386d28a49a54303 |
| SHA1 | 0e992a635074283fe4d186a564474d72870f66ca |
| SHA256 | a481c4f0aff71e865c31274c7d9588f2e58abd79407e528391516f196b9a468b |
| SHA512 | 6349eaa166d50c7a262c2a1c830e299f9810df83ebef3abf746ca86028a4f97e4115e6438e0d75c0d6187fad9a426c12a62bf870ba2d13a48a8a4d3ec5a9b08e |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\v8_context_snapshot.bin
| MD5 | b8d49757fda6976340be272b8bcf6310 |
| SHA1 | e559ae83752e85ed4181a7f591074ced72c1d6df |
| SHA256 | e67f083766ac1e6510bf5f6f85fe0fa2f9f09efeb3816507b918e3c980df56cc |
| SHA512 | a5c4ec6978b3c1c59bb37a128735bb57737c18fd6682e86e5e077c0b05d7dab4e3eab879bedb2e7bc984ed18c490b4e0ec6be1dccbc5f7599f51921860ba3de7 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\icudtl.dat
| MD5 | bcf90018b27e40f0f8dcd78553d3680e |
| SHA1 | 4a2ac832db3754cf33e3c1a8eb71b8fdbe4c41a0 |
| SHA256 | 542bc648a273f66126330453921cfc9e7109fa4502ffd2910e56f636001038bc |
| SHA512 | 7bd363233dc73778bf6a224980e53163ecfef55dce982deff921ccf12f863cd6502513d1a6c9a31871a08d758a8ea1b35645952553df5d5763b49591db891aeb |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\resources\app.asar
| MD5 | a77c612f38834aad9dbf15f1ad002b8a |
| SHA1 | d3ed90679c08406d3701fa10ec5bb5874d0dae84 |
| SHA256 | d485214cfe8d1fe8e7e90df5abfe6b01324c3f8f485cd6b0a62998afd2765079 |
| SHA512 | b310493596206110c7134e756269a7c6ee710e5aa7979bf8cb94c9a673c0de1ecdba1d3069d04428a7125ade5b488a2d980ad716ec933f4efd7ae6f56b9030a7 |
C:\Users\Admin\AppData\Local\insomnia\update.exe
| MD5 | 4a5dbd3d6263eca75561a21b98aa4353 |
| SHA1 | 9308061daf870e2c3b002c5b5ba81556c6e03873 |
| SHA256 | 19a9ed41a69c74f130f53572aa1b07b1fa35d93a408dcf9d3f16f0fd72dd1e69 |
| SHA512 | 1741d133badccedeedc68079e1f6dcaf116bad58b85292031da2759ca0648416054d5806edcbf0910a276a95a76c4b21d2465dd1d994a068a1db5ee47632bd11 |
C:\Users\Admin\AppData\Local\Temp\5fd1dcf0-869b-42bb-ae27-d2a294dac778.tmp.node
| MD5 | 88b4e61131f6eaa135e9ef8589271022 |
| SHA1 | 9f26755b5ea4f258c467bc9e4708cd04ec1c241a |
| SHA256 | 3c6cc743bdcd6910bff81718b788c711ac52018d3268a70fd7f3d46b9dff8967 |
| SHA512 | cba528e1c91bdef248bc7edc23ed880013bd7e8463556b2215b78e4ba06807ac8b4c796a997ce51cebc114b566bee2b564e9268df37725b94df4f1a9dbb1fa2c |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\ffmpeg.dll
| MD5 | 55bcf165abb5e477770c9fdd1581386b |
| SHA1 | d9deb6bf8307d09d102f9cad4a9d59d06cc8eade |
| SHA256 | d725631111f2765e201c386e7b529debef17abbc63658ea6bbbf25899c177d54 |
| SHA512 | 3ab50fefe40b4bface07383b76b6b4c0245a2413fa44c723d8d48f17418d233f25467c31c45a616ea51afaa8b36d7f72c1eafafdda39eae963ccaf2a8e491c00 |
C:\Users\Admin\AppData\Local\insomnia\app-8.4.5\Insomnia.exe
| MD5 | 56afaff5a7d2a200521da3b9e4c7333b |
| SHA1 | 0216accdcef63665a0481e18c8c46b60f38deaac |
| SHA256 | fbf62aea7b97dde05283dbcf1103efd05c99622322e1f9fea875321aa035616b |
| SHA512 | 7b0ec14a0037167cbfcbf1ec75a21f1bbf553c87941e24219f6aeefd2387f0a65c76e47714db701e7514d1468553d8437b34c528b83b4d475b19f07b64b644c7 |
C:\Users\Admin\AppData\Local\insomnia\Update.exe
| MD5 | c437b77af153a7a54da683b0138047cd |
| SHA1 | 77cf467a862903ec196b46d125f01e767bfd51b3 |
| SHA256 | cb43b75399daf2c12c492b0188055f510b1b64feb45807242e7408a54c877b30 |
| SHA512 | 38f2c8167e370c4a90dca7dbec23f038fdbc3cdeb25ee59e3d93c68d29db1ce5ff7a63b409fb5d07c108adea29e9e754b429b617959f16f7b4aab54b65af0e7b |
C:\Users\Admin\AppData\Local\insomnia\packages\RELEASES
| MD5 | da8bc3e11c604a3e8211dbafc1d42294 |
| SHA1 | 194e8f87f2cd34df489aa66a4363510595d969b5 |
| SHA256 | 1bdf7620a1c54409e1b86c560bc90a015dd3bee1097361d4ae2c07b1a190c6c8 |
| SHA512 | ae9dd958546450750410b5a4870c24016873b203cab68b159f4562af91cc40ccddf4abdfc09b764904273d1b9ff325d672bdcc4fb5e50c69275f0c05a66f82ff |
C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.4.5-full.nupkg
| MD5 | 2674e216f145fd87664c3554b377c3fe |
| SHA1 | d55f15b73836a2520c23dd0073684321f823868e |
| SHA256 | 5f5778d37ef2bf74757d6fcb7ed61b22ee847c8c27e892f8dbbee85919015783 |
| SHA512 | 3a9af04edb6e87a2f21d4e7810591230ef3fb38ef2fb10ebc8a003342bfa48d7a516210faa70bd98e1e22622f6766822c5f768e64530c875511d55a1d74f0e1b |
memory/2388-295-0x0000000005410000-0x0000000005420000-memory.dmp
memory/2388-293-0x0000000073A20000-0x00000000741D0000-memory.dmp
memory/2388-299-0x0000000002E10000-0x0000000002E30000-memory.dmp
C:\Users\Admin\AppData\Local\insomnia\Insomnia.exe
| MD5 | 588bb92da6030957741459902b00b94d |
| SHA1 | bce29ac64141461a535633bee83fe06aa926c76c |
| SHA256 | 102a34d39e77fc1c8f7723da06dd251e7cfae2447fb81cd6a33af4243bdc7e56 |
| SHA512 | 1ef0ea4daa2e2f2d61f8010eb34fbb02208fa6309eec9d784f642d87e1093da2558d6711d8d149320241383a08c48d71d00bd3e1f300a7b3b70490d68087e905 |
memory/2388-305-0x0000000073A20000-0x00000000741D0000-memory.dmp
memory/2784-306-0x0000000073A20000-0x00000000741D0000-memory.dmp
memory/2784-307-0x0000000004FC0000-0x0000000004FD0000-memory.dmp