Analysis

  • max time kernel
    115s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-12-2023 17:21

General

  • Target

    Insomnia.Core-8.5.0.exe

  • Size

    142.2MB

  • MD5

    0f26867f77167c51905f3e068fb73938

  • SHA1

    31ad4addf24ab4dfdd29154a6fdfd59f14c067d8

  • SHA256

    97ac08c87609455cba421ccd416dc4601d88853ac41aeed59d86bafc73e24999

  • SHA512

    a17255d4fac7e9e4ba846206d4e3d34b473cbddbcb17ec38dac20a0637aedf906b5b946f43fc619068ff4a40ca0acef4d321a1b009092dc9bb3cf04597c40e4e

  • SSDEEP

    3145728:X+IF4fL8YZQ6Fu9gro6nh6sqSha+7GkUqAaSvP3ZKcuLVZoq2uP1chFAW:XTcLNQkCgkmqShb7PNAPXJKx51chX

Malware Config

Signatures

  • Irata

    Irata is an Iranian remote access trojan Android malware first seen in August 2022.

  • Irata payload 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
        "C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --squirrel-install 8.5.0
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2492
      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
        "C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --squirrel-firstrun
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2152
        • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
          C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Insomnia /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Insomnia\Crashpad --url=https://f.a.k/e --annotation=_productName=Insomnia --annotation=_version=8.5.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=27.0.3 --initial-client-data=0x518,0x51c,0x520,0x478,0x524,0x7ff66fc979e0,0x7ff66fc979f0,0x7ff66fc97a00
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1384
        • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
          "C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Insomnia" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1888 --field-trial-handle=1892,i,11388817751385427940,2564333970498274298,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
          4⤵
            PID:1684
          • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
            "C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Insomnia" --standard-schemes=insomnia-event-source --secure-schemes=insomnia-event-source --bypasscsp-schemes --cors-schemes --fetch-schemes=insomnia-event-source --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1936 --field-trial-handle=1892,i,11388817751385427940,2564333970498274298,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
            4⤵
              PID:4476

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

        Filesize

        76B

        MD5

        088ef15f8e618e55fc5b65cb4f17f8f5

        SHA1

        42434617ab13aae0a9df9e3821badc2b4beef880

        SHA256

        455b6500fc5dca4037d6591d73756c6986b74f6fd95ed425d297b2f83ffd81e6

        SHA512

        b7b6c898c49cdafe189af939a421a5c8926983248ac1173d37622d81469c89a44262fa66d2603f12ec73f8b546a5cef7551b81ad575ccc9c04437953d1971e87

      • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

        Filesize

        1.7MB

        MD5

        4a5dbd3d6263eca75561a21b98aa4353

        SHA1

        9308061daf870e2c3b002c5b5ba81556c6e03873

        SHA256

        19a9ed41a69c74f130f53572aa1b07b1fa35d93a408dcf9d3f16f0fd72dd1e69

        SHA512

        1741d133badccedeedc68079e1f6dcaf116bad58b85292031da2759ca0648416054d5806edcbf0910a276a95a76c4b21d2465dd1d994a068a1db5ee47632bd11

      • C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

        Filesize

        8KB

        MD5

        90c66f6333edc7f15aa2f183b2082f15

        SHA1

        744d5df7023433c4074a2770f70a72d652f154b2

        SHA256

        65583541ba1a320a783aef7798ddee7dda68385103f9c3b50da403003d2de138

        SHA512

        3b15ca5ce87f0e05811938193aef797c9979ecebd7085510ad127a0a956c09c5eb862bc7aa5066403adcaf9b460096ec5f95ca961db585c562595212daf1be05

      • C:\Users\Admin\AppData\Local\SquirrelTemp\insomnia-8.5.0-full.nupkg

        Filesize

        32.5MB

        MD5

        f9344215f83c5adfae76973b6eeb375e

        SHA1

        f609d81b83a3f76c9edbe50afca46bdf7585b1fb

        SHA256

        fc0ad0cfc80e33b55b9770aaf1df16cbb1c9ae0b187b02ed8fb982e0dcf1a018

        SHA512

        814a472fdd481126489fdd95be435148a5c9b066bae6f2f8ee710de4259529ebe59d613ac025ac8fcfc2139fe81d086f760d56514c794d2a12d64ed53c9de873

      • C:\Users\Admin\AppData\Local\Temp\6c64ab66-d855-40b5-9e30-bc59c2aa6203.tmp.node

        Filesize

        5.5MB

        MD5

        46b210497a6e1fed43d2ecb8db02b894

        SHA1

        45fd5b9c3d20f21ab22ca88dc4c26821d8d8ef4f

        SHA256

        43c25515eddc2ecc402dc2d339cc5a338b679221da043a4c51abc71e3b7b6a9e

        SHA512

        cf284d737f5e3dd4e76106c295a6d2f61c81959b46c68f8986f3e7e0c104c579046c3773107d62890c3764034dc1c9bba9952445d149dfe67d835e0ce788a655

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\D3DCompiler_47.dll

        Filesize

        2.7MB

        MD5

        ba3bee1d65e422f3ae8955b82b4c067a

        SHA1

        76d47212f27d770b85cc2dc8935b1af492adb457

        SHA256

        190a37a194a084c334f74e377e5e5773eefa4b19e07026cf5b658b92cb57cbbf

        SHA512

        5bab3350988863527e0d4898bf0f2f5716c7f9862d0e20db102edb03b9f942b0e3587ee5078d6206626e119fe5aa9c5779e38e069490ac25313cebd4d77d0f4b

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

        Filesize

        7.9MB

        MD5

        a824d7f4622578631021151f9d555a1b

        SHA1

        d25b6bb23c40315c3e511632a2323b1ab28578b3

        SHA256

        b7701bcca15c44c03854a4cacfa968d0e1d97d295de32bd132d527a205d7f2bc

        SHA512

        fb6e36abaf166c60d2fd5998c33904104a8b4825f4a4fd6a5862308da926c9e1c2758f3a7541886a2c23419d6fe1506db5d801a0e1ff525ad252075c8014f9ad

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

        Filesize

        10.6MB

        MD5

        172d58e4fbede7cac5ab575a4ba92dc6

        SHA1

        c553692fa228d129c0bd675d3b4e3bdbbdc6291d

        SHA256

        b7e26586fa6a6844b4cf5fe8c2faae00e657bf0534648832e09c318e12e87bfb

        SHA512

        883e003dd342c19c52c12c20c4207f66e9623a62c6eb0128e1047d408f7d0b0de7f9e736e893e9fda209c3b63e994038322db151ef89cd8f57b3f89e715c8798

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

        Filesize

        4.2MB

        MD5

        6b6c6f6c79e0b39e90f944a78eb19d65

        SHA1

        db762bb5e31a78dea2602d3d08950c19c791cddf

        SHA256

        6a36f58e4b558d7b2865aa430aace9c7934d153c7075efd0edb1943ae0669c62

        SHA512

        5ea5b942242135bd493aa08ee2a69ae7e73cfe68e836aaf9a31393db9f399ebbd333ec32a608b9a3a46820acedc01068dfbf9e7bfeb27014136e9870bd6aaccc

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

        Filesize

        16.8MB

        MD5

        1ed20b40d365abbcd350c5d0eaa637b2

        SHA1

        3fcad45c386f1611f5868c34393b2d7e1df37b97

        SHA256

        2d69c7fe09463525843900087f5c36b2a0a4040f266a18c080ba4d841e2e46e7

        SHA512

        190ff1abdd6cc39c1bdf8e3cab19d68fb43b9f783a35bf5e51b9335f3437b1d470a29af388b8d76a4ea84be853249d264ccbef8077a7fd8a8a697d7b474b42af

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

        Filesize

        3.2MB

        MD5

        9588ee74ea4f8626cb51374907046c1a

        SHA1

        2ecb17ab71c4f0bb916f382b35c2b0b6accb5f65

        SHA256

        0cd636c61dc2f70e4c9959251e4fdf37c175363a673a2213909104c7a32bd467

        SHA512

        baa87d9709243585d1897c35f537204c6ae420a9fac34b10f287efc738e2a7ead50aadca8f7f130dcfc3d59ebe4fe82338afb50e916c458bbf2a275493938373

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

        Filesize

        320KB

        MD5

        24a9868bdf8dee97e6a2a82a7b03e25f

        SHA1

        51e53ed7c1d89786a6c1c6aa214e273e78c9db57

        SHA256

        273b8524f0107ea817c73fffe9d5f37343a9f78f2a07d01ac42c5f2dec59b139

        SHA512

        6ad6a9fc126cc887fba47860a0f5808c9b4ef38717d4e00d286b07ce4c1b6fbcb97ba4d42c8238e333b4fbc493f0b17fac1d9986b8dba952482f1b317c6e545d

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

        Filesize

        2.9MB

        MD5

        8ea13d2ebe1ce8691a00de0b0cd84ead

        SHA1

        66ff50e73112881e62a2c269a2c371d9a65819f4

        SHA256

        6f2eb87a80c657c330f2d879e477aea7697883ff8bb46f91c5da53f028bc42b8

        SHA512

        37cefad4cef1449b7a59196714d592624d536f79fe517c8f1ff92c001e46656ed5fa1cb893250d9b46c7e540e0f0b8428bdb54b40f0cb42019e5df319ea45472

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Update.exe

        Filesize

        704KB

        MD5

        c1bc7f36e8cc10500c8af115cef3215c

        SHA1

        f68cf59ba913f4954b7681c63c4e236f7a553fc9

        SHA256

        549593b8c5d7dbaf63ef830de63b51b01d773b9e9f99103ac6eadfad22c60a92

        SHA512

        56952f6c8b16af024c1b93851146797cc0443b74a5f0a7e28edf066ffee90e6c01e52e8a0d15fd9083840eba73076fc527b6c32b1a3f220ee88a2465c8840b15

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\chrome_100_percent.pak

        Filesize

        132KB

        MD5

        a0e681fdd4613e0fff6fb8bf33a00ef1

        SHA1

        6789bacfe0b244ab6872bd3acc1e92030276011e

        SHA256

        86f6b8ffa8788603a433d425a4bc3c4031e5d394762fd53257b0d4b1cfb2ffa2

        SHA512

        6f6a1a8bfe3d33f3fa5f6134dac7cd8c017e38e5e2a75a93a958addbb17a601c5707d99a2af67e52c0a3d5206142209703701cd3fab44e0323a4553caee86196

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\chrome_200_percent.pak

        Filesize

        190KB

        MD5

        c37bd7a6b677a37313b7ecc4ff01b6f5

        SHA1

        79db970c44347bd3566cefb6cabd1995e8e173df

        SHA256

        8c1ae81d19fd6323a02eb460e075e2f25aba322bc7d46f2e6edb1c4600e6537a

        SHA512

        a7b07133fa05593b102a0e5e5788b29488cb74656c5ee25de897c2ba2b2a7b05c0663ade74a003f7d6df2134d0b75f0ad25e15e9c9e0969e9453b7fc40b9f8bb

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\d3dcompiler_47.dll

        Filesize

        2.5MB

        MD5

        53b6b68c3aa0b2cb48b7f3e363a35526

        SHA1

        ee16092bfed51765aa4a2034d522c3d32badaf1b

        SHA256

        ba87b7945abb6fe7cdce866e5f9f1ac97cf08e650354651dd1e2c2e28efbe2e8

        SHA512

        39d421ad893f06bc188520ae36af86abb851385e7cb8601b7e87fdfa1f19712bc6a84945cdb5fe4c8b38c9799ccc7025bf936a206758817d2bda8d206374969e

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

        Filesize

        2.8MB

        MD5

        b3ccc7615c5022ce82df8e884c4ef8a3

        SHA1

        b86f62b276ea3a0dab81a5b5efb29fdaf12e66e5

        SHA256

        ced673a55f941810d0183cf56020e33989095e2b39e37934addf796d6deb0fee

        SHA512

        100891e2c7ee88c2bb9f09e53506959d5e118ad4ba886b8b0afdca865e416b75ab68c859894da90dae682a345068772c0f6d412b5755c277c0e0adf88b527bdd

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

        Filesize

        384KB

        MD5

        cc17d72b9f24329e036dcea0de135381

        SHA1

        bdd1be21e3f502a256813bfaf1a9af1dce1523e0

        SHA256

        67a4f15434ddc74d96ea07b4621b56b20883976331c3384aa76ae18f77b5e16b

        SHA512

        7a89f3658093e5234814a6c61153a7cdc72c8ace9265c44972e5274d03f654d6006115b02ec309de09fc529e2067978ba4d064c35a6dc86c8f8ed8e9ddf4c91e

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

        Filesize

        448KB

        MD5

        7fb94b44f009100c6fa774e4986d1ded

        SHA1

        99d751e3c52870c1ff412cbf956d47b5ab6c30b2

        SHA256

        5d4167dd70bc7d2d2087650a9651fa208a34a41c086e6fcc926788f264412095

        SHA512

        1dd7cd1e7f7bcb8ad9e84d9b71cfaf3b6945db793b6e77f66d6653924358800b4d8221e7144b5a177be47c50743a7bf295112d0993714237d95154471ab37703

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\icudtl.dat

        Filesize

        6.2MB

        MD5

        d66638f15ab10d9532048017ddf2bd04

        SHA1

        7ac29cfd4db860cc0b7ee5f046b6de8d1d5b9917

        SHA256

        a3009c4bde39c9712f33317dc568f229fa50184d277bb47be11fe45465fd6dbb

        SHA512

        dae84617909ac6488cb08abb46daef435debb4688118925e550fed6f6edfc5d302dcf412a8069c49703b67119bf0a24dd743440c9248c7b71471e459a170578f

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\libEGL.dll

        Filesize

        192KB

        MD5

        d61e8252025a7d9e88d20d4debc7f2e8

        SHA1

        a6fbff5ed226b993037b4ebdb8c1aae2456d0c86

        SHA256

        84b529e5953422ff3c060182dbe4f326d146f2f760619844b9f958ae0210fc56

        SHA512

        034edce2249417999cf410c2dbac683c4713bcc5ec3f7126f8dc2f2ec75c6957683ee20920493dd396271f8cda3e87c4f87ced536daad7173bda40f06f5752b3

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\libGLESv2.dll

        Filesize

        192KB

        MD5

        3a8703526c77f59d18eddae2769b3a07

        SHA1

        6313b3b5c7f930109c7b791b9f71fdce64ec5a0a

        SHA256

        4bcc824de28ac52887caef122df42538bee2ac360fded935efcc3fdf5bb7a145

        SHA512

        9cc047e9179a5fea5dd8a150baf3f97bbe6d14a8c5a58e444e95de85c11baa8f45cd6242d0b9218ee4e0304c19ebf20192cfea477ead7d77b5b91bee8bc465ab

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\libglesv2.dll

        Filesize

        2.2MB

        MD5

        35262b7256093c89de1688607596c977

        SHA1

        89f2fd7dad720cd1621cfb04c73c26f53f413521

        SHA256

        eb853fadfb507f8cee1e6ab522dfe07c9837855a55764e7a88bd6154d1c8de36

        SHA512

        b4ed3ca0d54ea1fcdffb8dea94750b7c4de97256aff7f772119c9b2e6282eb0e935ac4979bdf4ffd11337ce029fc8ae559d4e4fda85a5782f8a177ac39ec721a

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\locales\en-US.pak

        Filesize

        411KB

        MD5

        626f30cfd9ad7b7c628c6a859e4013bd

        SHA1

        02e9a759c745a984b5f39223fab5be9b5ec3d5a7

        SHA256

        0fd74bb69ad35b3f9391fa760bf0eb0ee73d2bea0066244577ef2abd269513de

        SHA512

        9ce902f21fef70c5b5af444b532b36c9a00d896878cb4021c9b1dc07aa3277d956bca65ee0adb68467eec113e535b60a8a5fb5414c7d0ca761ceae5c43b7d9a9

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\resources.pak

        Filesize

        5.2MB

        MD5

        568bb85e885d59d00180c93269cb65a3

        SHA1

        4e3cea77939802ba6c2442fddfecc2c456d0ce52

        SHA256

        76bf235d319c9c7e2b559631e9e3eb68d808e21184e29f4e82b7f27a6cf3c9df

        SHA512

        14b9d4bdf5d7e53f7b7ac2aa1b9c924bfc9e59137049797afc2f0c3aa78b1c5ade9e407447df5179b90641cbb62981e914e3373b85f218749031fd47837c8142

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\resources\app.asar

        Filesize

        7.2MB

        MD5

        106fddc2b753834d6b9dc7e251ffdb18

        SHA1

        29f80de9959da1c182ddbacea9d99ec2a8a50b6a

        SHA256

        78c8d465bca526ca4ba70959e7b64daebd940b7ef446f299311928e3fd94c891

        SHA512

        1c9436a68ac2f1a9324d2f09d482916c6cec59136c53c2e91749217ecbe430dfeabb1d3e99229433e14f9359292d31d344c745cb53f78a5004430d17c5d3732a

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\v8_context_snapshot.bin

        Filesize

        611KB

        MD5

        60eb166778169f8ad72ebc8023212403

        SHA1

        e0f23610fa2274a6b4ca79ee0b17b094b62d4103

        SHA256

        ffb23f669e2fee9b45c0180ccf7bca07315613bc78c53b264fcfc069de078972

        SHA512

        cccf3a5d8e24f2250ff87d173eee32743cae212c5baa8ad526bb0f02bfa382bb017dd8e01242a2d6d5c1d27048900eb7e897daa7349826297acde435870775d1

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\vk_swiftshader.dll

        Filesize

        190KB

        MD5

        f2d4ae4718e054ed1ac3ab41b5652096

        SHA1

        99e62a95d09e27a179d0f6e87747b1641ea80484

        SHA256

        33a72b02c4c34b314231cd3f338e6828273d3505fe7a2e6fcf72bada66ffe40a

        SHA512

        8067cbbdc8f41dccb9618b4714c63ce874d93e1004444b2d642689f62f59f3642ecb23d9653f713f280eea8f21cf20015ba90de9158575ce7767a02e777eb10c

      • C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\vk_swiftshader.dll

        Filesize

        128KB

        MD5

        1634ae1072ebb76d0635969ee15637be

        SHA1

        464c1a8911f6670d5defca13c82bcd89efa2e00d

        SHA256

        e860825c0a20ceecd6f682caa0579854e679ea0a5960ee32d6d88961e28f2025

        SHA512

        ad25b426ae19e50a85c36499190f05eec69f4e942f8dba9655b47ac114c8a696694e984cf7eaee64731a0100e3329672aa73155a1990394b915f5a86762fcafe

      • C:\Users\Admin\AppData\Local\insomnia\packages\RELEASES

        Filesize

        79B

        MD5

        117fa287404e6b37e7da08bdf50427ec

        SHA1

        2cb6d3d247e1d59e3ef7c7e667d84a912418938e

        SHA256

        eafb305864851a8fbc2ca209b0cb63df17cda76db259152586da22f7683b6f84

        SHA512

        1eb6697d6e4e08d3d4c76c799bdab8084d6aba004bc4a5c71ad7fa70b4db4a639e1c14e8845d58beb9b8236eff90ccf45d359d3f6210f4f81a16b2e790b13926

      • C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.5.0-full.nupkg

        Filesize

        4.5MB

        MD5

        2e81f31bb671497919325755f1ecdffd

        SHA1

        d43df3c9555a82827863d669f7c78bfad6fcc803

        SHA256

        1acf03576fba39626ed9c1a24f6d95cadb015aa9f10e5303567eb723e51e1367

        SHA512

        e257302632766c3b532db8a662c35cd95d643d9e3c45937cdb5ca39845b747d7e3ae74cf7ec96eaaf4351dad2d8feeb0b6eead1614abff647d911067e93660d5

      • C:\Users\Admin\AppData\Roaming\Insomnia\sentry\queue\9226c3f4fd4545448fcf6647ef38627f

        Filesize

        360B

        MD5

        90cd69d878ea1a347a6d2dbc66058533

        SHA1

        aeb622781dbc7ae09c8b0f80d0d60ffe95421f1b

        SHA256

        9522b86d2e96d435f60ea05f06fce6db884e376940cd87e6ff9167f5b8f63e78

        SHA512

        3ba152121f23901bd205ded9da6a927f73a1bc93bf571a3ada8dda7e48f600d27e69e82228aaa60cadf3a99ca01b04061f9b7e1324d1ea451a75003fa4123009

      • memory/2632-19-0x0000000005560000-0x0000000005570000-memory.dmp

        Filesize

        64KB

      • memory/2632-115-0x0000000005560000-0x0000000005570000-memory.dmp

        Filesize

        64KB

      • memory/2632-37-0x00000000745C0000-0x0000000074D70000-memory.dmp

        Filesize

        7.7MB

      • memory/2632-143-0x00000000745C0000-0x0000000074D70000-memory.dmp

        Filesize

        7.7MB

      • memory/2632-130-0x000000000AE60000-0x000000000AEF2000-memory.dmp

        Filesize

        584KB

      • memory/2632-18-0x000000000A6C0000-0x000000000A6CE000-memory.dmp

        Filesize

        56KB

      • memory/2632-17-0x000000000A700000-0x000000000A738000-memory.dmp

        Filesize

        224KB

      • memory/2632-9-0x0000000005560000-0x0000000005570000-memory.dmp

        Filesize

        64KB

      • memory/2632-8-0x0000000000A60000-0x0000000000C24000-memory.dmp

        Filesize

        1.8MB

      • memory/2632-7-0x00000000745C0000-0x0000000074D70000-memory.dmp

        Filesize

        7.7MB

      • memory/2632-132-0x0000000005BB0000-0x0000000005BD0000-memory.dmp

        Filesize

        128KB