Malware Analysis Report

2025-01-19 06:24

Sample ID 231220-vxg9maebhr
Target Insomnia.Core-8.5.0.exe
SHA256 97ac08c87609455cba421ccd416dc4601d88853ac41aeed59d86bafc73e24999
Tags
discovery irata infostealer rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

97ac08c87609455cba421ccd416dc4601d88853ac41aeed59d86bafc73e24999

Threat Level: Known bad

The file Insomnia.Core-8.5.0.exe was found to be: Known bad.

Malicious Activity Summary

discovery irata infostealer rat trojan

Irata payload

Irata

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-20 17:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 17:21

Reported

2023-12-20 17:26

Platform

win7-20231215-en

Max time kernel

120s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe"

Signatures

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2164 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 2164 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 2164 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 2164 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 2164 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 2164 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 2164 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 1756 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
PID 1756 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
PID 1756 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
PID 1756 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
PID 1756 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
PID 1756 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
PID 1756 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe
PID 1756 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe

"C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

"C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --squirrel-install 8.5.0

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

"C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --squirrel-firstrun

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp

Files

\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 4a5dbd3d6263eca75561a21b98aa4353
SHA1 9308061daf870e2c3b002c5b5ba81556c6e03873
SHA256 19a9ed41a69c74f130f53572aa1b07b1fa35d93a408dcf9d3f16f0fd72dd1e69
SHA512 1741d133badccedeedc68079e1f6dcaf116bad58b85292031da2759ca0648416054d5806edcbf0910a276a95a76c4b21d2465dd1d994a068a1db5ee47632bd11

memory/1756-10-0x0000000074300000-0x00000000749EE000-memory.dmp

memory/1756-9-0x0000000000D60000-0x0000000000F24000-memory.dmp

memory/1756-11-0x0000000000A90000-0x0000000000AD0000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 088ef15f8e618e55fc5b65cb4f17f8f5
SHA1 42434617ab13aae0a9df9e3821badc2b4beef880
SHA256 455b6500fc5dca4037d6591d73756c6986b74f6fd95ed425d297b2f83ffd81e6
SHA512 b7b6c898c49cdafe189af939a421a5c8926983248ac1173d37622d81469c89a44262fa66d2603f12ec73f8b546a5cef7551b81ad575ccc9c04437953d1971e87

C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

MD5 90c66f6333edc7f15aa2f183b2082f15
SHA1 744d5df7023433c4074a2770f70a72d652f154b2
SHA256 65583541ba1a320a783aef7798ddee7dda68385103f9c3b50da403003d2de138
SHA512 3b15ca5ce87f0e05811938193aef797c9979ecebd7085510ad127a0a956c09c5eb862bc7aa5066403adcaf9b460096ec5f95ca961db585c562595212daf1be05

C:\Users\Admin\AppData\Local\SquirrelTemp\insomnia-8.5.0-full.nupkg

MD5 20ac5696ce8f82948594580529edaed5
SHA1 1a89f3c44393323a1a270330982104ba99627938
SHA256 11856dfa26c2d3cbe3eb82a658af5c4f3791c88d579ee2905b20f51bb086ad24
SHA512 2da7c46a9bfdc9283e924876b2a8e2cc4a9e6acae1bfa2a6a790f3a32be0748a9ae2eff6f1a3b96240b9d596ca82111117a0a666a8ab7c5d1a470c2e8bfc0138

memory/1756-19-0x0000000000A60000-0x0000000000A6A000-memory.dmp

memory/1756-20-0x0000000000A60000-0x0000000000A6A000-memory.dmp

C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.5.0-full.nupkg

MD5 0368d84f38c98b09864a2b7ae882f0bf
SHA1 bda3eaedc3f863b54922a864c69ced4690c66bc6
SHA256 e1533aa0a8c1dd1af4f262b2f79a1909ed1bef10bd0353d875301961f45d6609
SHA512 bd988c4d0b1d2d412782b9f397d4b6e4a4e2c05a6eff7b7765d4155fbb7bc77a23d1cb482e03d34951c88e9e6e46b67bdca17dc2e69f94f107f122c0e5b67212

\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 d963541773c199cedb0351614041d9a3
SHA1 23326d24d59abc5b9f136894bbfa90623524a30f
SHA256 63ed380c367b310adb7bf2eadecf5a187ea46b3f4a7cce48a493d9c1ffbc38c5
SHA512 dc85c7c8d3ff0efff37cd46c567da6370d588668c5669e6708f24606920d505478d46c2a09b42183fd2b2a9a484b41a9fdf5ed831551a22fde216c04dded0940

\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 c572f3567ed9a32edfa369b2284f7fc8
SHA1 a3deb1962cc736ddd33e54ca87fc0c57cb82780a
SHA256 a8c55537d797e6441ddbeccc69b05ea0349b9948bfecb671eb7fd83afef7f521
SHA512 3b45a1e2ace94191014ad9675204eb223a57ad4f3bc42fab1f749860d65ad4c24f2b8be5d0eb8db17d735e4d9f9755055d507453abbe66704b49a6ac8f2c4195

\Users\Admin\AppData\Local\insomnia\app-8.5.0\Update.exe

MD5 26731d4a6e8d0fd5bc6a0c4155465534
SHA1 f52746e3ae1f8941bd980b947e3f784d58ef9fa8
SHA256 e186bc35fb53dfacc1d3b30ce7a3f4ae935fb89f16a4a9111844b349dd6d2850
SHA512 884c376caae57914d4be72036c866464b2ad1e7623bdf5843971fc6ebd2d317c5bc131f994c131b90d9e129a05f28fc952cf9f779e550984f0d44cd333d68b4a

\Users\Admin\AppData\Local\insomnia\app-8.5.0\Update.exe

MD5 55c793205902198fca35ff82a3caa7dc
SHA1 f100a5dc2bfa6133e2b173a5be31e1d4ca19a8c0
SHA256 11e21af3f32502ed7d2467caf93fce0d7febfee465004c4dea54ca288726e2d5
SHA512 4c9b99a9873a92d39fa7479ee3144cbc21344d29b337f12210d921d89c17b0f607d55b7700dacd702fd39385d0ca92189f93b514be523739ec45ea4e4aabb534

\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

MD5 d1e3a71f8c7aa3d84f52e1591d66ca97
SHA1 c9768e965b0ed61eb219e80199ab7dcc8b38dbef
SHA256 f1d4c0a1ed9e34828f4d95788802c281ab3c6787659bc95edc8ce7bd5f176472
SHA512 051b2b1322fe53279adfa196421f7516754f9c803c864990fc6ca7c0624d6866b1642c7cb9ccb151efba6e990506d1881d0bad1bf9e690b1d97e66e0da8de353

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

MD5 e853d05094ebaf2ae5cbbe3af547517a
SHA1 f2b927d8ffe5fc4e0b885869f55b3d004dd3c93d
SHA256 724ca6b2cc3013ed9d0ac4a60495b17a12394702e0ee145e687724e4571405d7
SHA512 b1f6fc0dee492eec7e9ba9b909da759d7e8ff1ae1f7d4efa60589e5cd72473a729f1800de84e97ffaa1dbda7c111af18c96891e85ce89a9b784c3b243c06de30

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 8fdb7ae885c82ccc842a86a466a66569
SHA1 a7c390440d992a429c6a592a7408a4f6c3773ee9
SHA256 94206ca89eb59f2987efec2f2098d04f94a44faadc4bbf7a47dcfd1d5356bcbf
SHA512 09218819dafef68de0e2558bbf6cede152f545e1d96ae637e7611ce6594998c6708b53dd0a19fe3dc42e9bc4c6f7c183712bc90ccd48d88b5d9077950f6a3038

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 9ff50b619fe4b7ed917c62cb03270cf1
SHA1 168455f3d4e47e4237be44928de77c568072162a
SHA256 35f0b2c373deba6ba363a78d321dfdf5a0c5ea46ee81743c77eaf01b82095361
SHA512 a33e5686c8e3f8ed2901cf668a30c1a25bb3289d3f3089a339b84877cf9c82ea42e04a805eb1198f598458e31f7e1610674247943bdeb0be78fe7f644bede12a

\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

MD5 ca1bb9a041f5daaf5dad9c8939b8f889
SHA1 d667e9dfa75d8851ded06197060f0194282fd18b
SHA256 de8ddd2591915cb2107b57ee44098b641ea28997ada27937bb647973792226e9
SHA512 37a6a662e14eef957da1a796613a3bf0d39bb6d43246891db01d85dde5b5b4d5c7873458c36715250e04deacf23a7febd1ef3b6cf17862c52050471470a4bbeb

C:\Users\Admin\AppData\Local\insomnia\packages\RELEASES

MD5 117fa287404e6b37e7da08bdf50427ec
SHA1 2cb6d3d247e1d59e3ef7c7e667d84a912418938e
SHA256 eafb305864851a8fbc2ca209b0cb63df17cda76db259152586da22f7683b6f84
SHA512 1eb6697d6e4e08d3d4c76c799bdab8084d6aba004bc4a5c71ad7fa70b4db4a639e1c14e8845d58beb9b8236eff90ccf45d359d3f6210f4f81a16b2e790b13926

memory/1756-131-0x0000000074300000-0x00000000749EE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 17:21

Reported

2023-12-20 17:26

Platform

win10v2004-20231215-en

Max time kernel

115s

Max time network

176s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe"

Signatures

Irata

trojan infostealer rat irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\insomnia\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\insomnia\\app-8.5.0\\Insomnia.exe\" \"%1\"" C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\insomnia C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\insomnia\URL Protocol C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\insomnia\ = "URL:insomnia" C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\insomnia\shell\open\command C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\insomnia\shell C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\insomnia\shell\open C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe

"C:\Users\Admin\AppData\Local\Temp\Insomnia.Core-8.5.0.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

"C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --squirrel-install 8.5.0

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

"C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --squirrel-firstrun

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Insomnia /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Insomnia\Crashpad --url=https://f.a.k/e --annotation=_productName=Insomnia --annotation=_version=8.5.0 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=27.0.3 --initial-client-data=0x518,0x51c,0x520,0x478,0x524,0x7ff66fc979e0,0x7ff66fc979f0,0x7ff66fc97a00

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

"C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Insomnia" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1888 --field-trial-handle=1892,i,11388817751385427940,2564333970498274298,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

"C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Insomnia" --standard-schemes=insomnia-event-source --secure-schemes=insomnia-event-source --bypasscsp-schemes --cors-schemes --fetch-schemes=insomnia-event-source --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1936 --field-trial-handle=1892,i,11388817751385427940,2564333970498274298,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 193.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 4a5dbd3d6263eca75561a21b98aa4353
SHA1 9308061daf870e2c3b002c5b5ba81556c6e03873
SHA256 19a9ed41a69c74f130f53572aa1b07b1fa35d93a408dcf9d3f16f0fd72dd1e69
SHA512 1741d133badccedeedc68079e1f6dcaf116bad58b85292031da2759ca0648416054d5806edcbf0910a276a95a76c4b21d2465dd1d994a068a1db5ee47632bd11

memory/2632-7-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/2632-8-0x0000000000A60000-0x0000000000C24000-memory.dmp

memory/2632-9-0x0000000005560000-0x0000000005570000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 088ef15f8e618e55fc5b65cb4f17f8f5
SHA1 42434617ab13aae0a9df9e3821badc2b4beef880
SHA256 455b6500fc5dca4037d6591d73756c6986b74f6fd95ed425d297b2f83ffd81e6
SHA512 b7b6c898c49cdafe189af939a421a5c8926983248ac1173d37622d81469c89a44262fa66d2603f12ec73f8b546a5cef7551b81ad575ccc9c04437953d1971e87

C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

MD5 90c66f6333edc7f15aa2f183b2082f15
SHA1 744d5df7023433c4074a2770f70a72d652f154b2
SHA256 65583541ba1a320a783aef7798ddee7dda68385103f9c3b50da403003d2de138
SHA512 3b15ca5ce87f0e05811938193aef797c9979ecebd7085510ad127a0a956c09c5eb862bc7aa5066403adcaf9b460096ec5f95ca961db585c562595212daf1be05

C:\Users\Admin\AppData\Local\SquirrelTemp\insomnia-8.5.0-full.nupkg

MD5 f9344215f83c5adfae76973b6eeb375e
SHA1 f609d81b83a3f76c9edbe50afca46bdf7585b1fb
SHA256 fc0ad0cfc80e33b55b9770aaf1df16cbb1c9ae0b187b02ed8fb982e0dcf1a018
SHA512 814a472fdd481126489fdd95be435148a5c9b066bae6f2f8ee710de4259529ebe59d613ac025ac8fcfc2139fe81d086f760d56514c794d2a12d64ed53c9de873

memory/2632-17-0x000000000A700000-0x000000000A738000-memory.dmp

memory/2632-18-0x000000000A6C0000-0x000000000A6CE000-memory.dmp

memory/2632-19-0x0000000005560000-0x0000000005570000-memory.dmp

memory/2632-37-0x00000000745C0000-0x0000000074D70000-memory.dmp

C:\Users\Admin\AppData\Local\insomnia\packages\insomnia-8.5.0-full.nupkg

MD5 2e81f31bb671497919325755f1ecdffd
SHA1 d43df3c9555a82827863d669f7c78bfad6fcc803
SHA256 1acf03576fba39626ed9c1a24f6d95cadb015aa9f10e5303567eb723e51e1367
SHA512 e257302632766c3b532db8a662c35cd95d643d9e3c45937cdb5ca39845b747d7e3ae74cf7ec96eaaf4351dad2d8feeb0b6eead1614abff647d911067e93660d5

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Update.exe

MD5 c1bc7f36e8cc10500c8af115cef3215c
SHA1 f68cf59ba913f4954b7681c63c4e236f7a553fc9
SHA256 549593b8c5d7dbaf63ef830de63b51b01d773b9e9f99103ac6eadfad22c60a92
SHA512 56952f6c8b16af024c1b93851146797cc0443b74a5f0a7e28edf066ffee90e6c01e52e8a0d15fd9083840eba73076fc527b6c32b1a3f220ee88a2465c8840b15

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 a824d7f4622578631021151f9d555a1b
SHA1 d25b6bb23c40315c3e511632a2323b1ab28578b3
SHA256 b7701bcca15c44c03854a4cacfa968d0e1d97d295de32bd132d527a205d7f2bc
SHA512 fb6e36abaf166c60d2fd5998c33904104a8b4825f4a4fd6a5862308da926c9e1c2758f3a7541886a2c23419d6fe1506db5d801a0e1ff525ad252075c8014f9ad

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 172d58e4fbede7cac5ab575a4ba92dc6
SHA1 c553692fa228d129c0bd675d3b4e3bdbbdc6291d
SHA256 b7e26586fa6a6844b4cf5fe8c2faae00e657bf0534648832e09c318e12e87bfb
SHA512 883e003dd342c19c52c12c20c4207f66e9623a62c6eb0128e1047d408f7d0b0de7f9e736e893e9fda209c3b63e994038322db151ef89cd8f57b3f89e715c8798

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

MD5 b3ccc7615c5022ce82df8e884c4ef8a3
SHA1 b86f62b276ea3a0dab81a5b5efb29fdaf12e66e5
SHA256 ced673a55f941810d0183cf56020e33989095e2b39e37934addf796d6deb0fee
SHA512 100891e2c7ee88c2bb9f09e53506959d5e118ad4ba886b8b0afdca865e416b75ab68c859894da90dae682a345068772c0f6d412b5755c277c0e0adf88b527bdd

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\icudtl.dat

MD5 d66638f15ab10d9532048017ddf2bd04
SHA1 7ac29cfd4db860cc0b7ee5f046b6de8d1d5b9917
SHA256 a3009c4bde39c9712f33317dc568f229fa50184d277bb47be11fe45465fd6dbb
SHA512 dae84617909ac6488cb08abb46daef435debb4688118925e550fed6f6edfc5d302dcf412a8069c49703b67119bf0a24dd743440c9248c7b71471e459a170578f

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\v8_context_snapshot.bin

MD5 60eb166778169f8ad72ebc8023212403
SHA1 e0f23610fa2274a6b4ca79ee0b17b094b62d4103
SHA256 ffb23f669e2fee9b45c0180ccf7bca07315613bc78c53b264fcfc069de078972
SHA512 cccf3a5d8e24f2250ff87d173eee32743cae212c5baa8ad526bb0f02bfa382bb017dd8e01242a2d6d5c1d27048900eb7e897daa7349826297acde435870775d1

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\resources\app.asar

MD5 106fddc2b753834d6b9dc7e251ffdb18
SHA1 29f80de9959da1c182ddbacea9d99ec2a8a50b6a
SHA256 78c8d465bca526ca4ba70959e7b64daebd940b7ef446f299311928e3fd94c891
SHA512 1c9436a68ac2f1a9324d2f09d482916c6cec59136c53c2e91749217ecbe430dfeabb1d3e99229433e14f9359292d31d344c745cb53f78a5004430d17c5d3732a

memory/2632-115-0x0000000005560000-0x0000000005570000-memory.dmp

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 6b6c6f6c79e0b39e90f944a78eb19d65
SHA1 db762bb5e31a78dea2602d3d08950c19c791cddf
SHA256 6a36f58e4b558d7b2865aa430aace9c7934d153c7075efd0edb1943ae0669c62
SHA512 5ea5b942242135bd493aa08ee2a69ae7e73cfe68e836aaf9a31393db9f399ebbd333ec32a608b9a3a46820acedc01068dfbf9e7bfeb27014136e9870bd6aaccc

memory/2632-130-0x000000000AE60000-0x000000000AEF2000-memory.dmp

C:\Users\Admin\AppData\Local\insomnia\packages\RELEASES

MD5 117fa287404e6b37e7da08bdf50427ec
SHA1 2cb6d3d247e1d59e3ef7c7e667d84a912418938e
SHA256 eafb305864851a8fbc2ca209b0cb63df17cda76db259152586da22f7683b6f84
SHA512 1eb6697d6e4e08d3d4c76c799bdab8084d6aba004bc4a5c71ad7fa70b4db4a639e1c14e8845d58beb9b8236eff90ccf45d359d3f6210f4f81a16b2e790b13926

memory/2632-132-0x0000000005BB0000-0x0000000005BD0000-memory.dmp

memory/2632-143-0x00000000745C0000-0x0000000074D70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6c64ab66-d855-40b5-9e30-bc59c2aa6203.tmp.node

MD5 46b210497a6e1fed43d2ecb8db02b894
SHA1 45fd5b9c3d20f21ab22ca88dc4c26821d8d8ef4f
SHA256 43c25515eddc2ecc402dc2d339cc5a338b679221da043a4c51abc71e3b7b6a9e
SHA512 cf284d737f5e3dd4e76106c295a6d2f61c81959b46c68f8986f3e7e0c104c579046c3773107d62890c3764034dc1c9bba9952445d149dfe67d835e0ce788a655

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 1ed20b40d365abbcd350c5d0eaa637b2
SHA1 3fcad45c386f1611f5868c34393b2d7e1df37b97
SHA256 2d69c7fe09463525843900087f5c36b2a0a4040f266a18c080ba4d841e2e46e7
SHA512 190ff1abdd6cc39c1bdf8e3cab19d68fb43b9f783a35bf5e51b9335f3437b1d470a29af388b8d76a4ea84be853249d264ccbef8077a7fd8a8a697d7b474b42af

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\chrome_200_percent.pak

MD5 c37bd7a6b677a37313b7ecc4ff01b6f5
SHA1 79db970c44347bd3566cefb6cabd1995e8e173df
SHA256 8c1ae81d19fd6323a02eb460e075e2f25aba322bc7d46f2e6edb1c4600e6537a
SHA512 a7b07133fa05593b102a0e5e5788b29488cb74656c5ee25de897c2ba2b2a7b05c0663ade74a003f7d6df2134d0b75f0ad25e15e9c9e0969e9453b7fc40b9f8bb

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\chrome_100_percent.pak

MD5 a0e681fdd4613e0fff6fb8bf33a00ef1
SHA1 6789bacfe0b244ab6872bd3acc1e92030276011e
SHA256 86f6b8ffa8788603a433d425a4bc3c4031e5d394762fd53257b0d4b1cfb2ffa2
SHA512 6f6a1a8bfe3d33f3fa5f6134dac7cd8c017e38e5e2a75a93a958addbb17a601c5707d99a2af67e52c0a3d5206142209703701cd3fab44e0323a4553caee86196

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\resources.pak

MD5 568bb85e885d59d00180c93269cb65a3
SHA1 4e3cea77939802ba6c2442fddfecc2c456d0ce52
SHA256 76bf235d319c9c7e2b559631e9e3eb68d808e21184e29f4e82b7f27a6cf3c9df
SHA512 14b9d4bdf5d7e53f7b7ac2aa1b9c924bfc9e59137049797afc2f0c3aa78b1c5ade9e407447df5179b90641cbb62981e914e3373b85f218749031fd47837c8142

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\locales\en-US.pak

MD5 626f30cfd9ad7b7c628c6a859e4013bd
SHA1 02e9a759c745a984b5f39223fab5be9b5ec3d5a7
SHA256 0fd74bb69ad35b3f9391fa760bf0eb0ee73d2bea0066244577ef2abd269513de
SHA512 9ce902f21fef70c5b5af444b532b36c9a00d896878cb4021c9b1dc07aa3277d956bca65ee0adb68467eec113e535b60a8a5fb5414c7d0ca761ceae5c43b7d9a9

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

MD5 7fb94b44f009100c6fa774e4986d1ded
SHA1 99d751e3c52870c1ff412cbf956d47b5ab6c30b2
SHA256 5d4167dd70bc7d2d2087650a9651fa208a34a41c086e6fcc926788f264412095
SHA512 1dd7cd1e7f7bcb8ad9e84d9b71cfaf3b6945db793b6e77f66d6653924358800b4d8221e7144b5a177be47c50743a7bf295112d0993714237d95154471ab37703

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 24a9868bdf8dee97e6a2a82a7b03e25f
SHA1 51e53ed7c1d89786a6c1c6aa214e273e78c9db57
SHA256 273b8524f0107ea817c73fffe9d5f37343a9f78f2a07d01ac42c5f2dec59b139
SHA512 6ad6a9fc126cc887fba47860a0f5808c9b4ef38717d4e00d286b07ce4c1b6fbcb97ba4d42c8238e333b4fbc493f0b17fac1d9986b8dba952482f1b317c6e545d

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\ffmpeg.dll

MD5 cc17d72b9f24329e036dcea0de135381
SHA1 bdd1be21e3f502a256813bfaf1a9af1dce1523e0
SHA256 67a4f15434ddc74d96ea07b4621b56b20883976331c3384aa76ae18f77b5e16b
SHA512 7a89f3658093e5234814a6c61153a7cdc72c8ace9265c44972e5274d03f654d6006115b02ec309de09fc529e2067978ba4d064c35a6dc86c8f8ed8e9ddf4c91e

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\vk_swiftshader.dll

MD5 1634ae1072ebb76d0635969ee15637be
SHA1 464c1a8911f6670d5defca13c82bcd89efa2e00d
SHA256 e860825c0a20ceecd6f682caa0579854e679ea0a5960ee32d6d88961e28f2025
SHA512 ad25b426ae19e50a85c36499190f05eec69f4e942f8dba9655b47ac114c8a696694e984cf7eaee64731a0100e3329672aa73155a1990394b915f5a86762fcafe

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\vk_swiftshader.dll

MD5 f2d4ae4718e054ed1ac3ab41b5652096
SHA1 99e62a95d09e27a179d0f6e87747b1641ea80484
SHA256 33a72b02c4c34b314231cd3f338e6828273d3505fe7a2e6fcf72bada66ffe40a
SHA512 8067cbbdc8f41dccb9618b4714c63ce874d93e1004444b2d642689f62f59f3642ecb23d9653f713f280eea8f21cf20015ba90de9158575ce7767a02e777eb10c

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\libEGL.dll

MD5 d61e8252025a7d9e88d20d4debc7f2e8
SHA1 a6fbff5ed226b993037b4ebdb8c1aae2456d0c86
SHA256 84b529e5953422ff3c060182dbe4f326d146f2f760619844b9f958ae0210fc56
SHA512 034edce2249417999cf410c2dbac683c4713bcc5ec3f7126f8dc2f2ec75c6957683ee20920493dd396271f8cda3e87c4f87ced536daad7173bda40f06f5752b3

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\libGLESv2.dll

MD5 3a8703526c77f59d18eddae2769b3a07
SHA1 6313b3b5c7f930109c7b791b9f71fdce64ec5a0a
SHA256 4bcc824de28ac52887caef122df42538bee2ac360fded935efcc3fdf5bb7a145
SHA512 9cc047e9179a5fea5dd8a150baf3f97bbe6d14a8c5a58e444e95de85c11baa8f45cd6242d0b9218ee4e0304c19ebf20192cfea477ead7d77b5b91bee8bc465ab

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\libglesv2.dll

MD5 35262b7256093c89de1688607596c977
SHA1 89f2fd7dad720cd1621cfb04c73c26f53f413521
SHA256 eb853fadfb507f8cee1e6ab522dfe07c9837855a55764e7a88bd6154d1c8de36
SHA512 b4ed3ca0d54ea1fcdffb8dea94750b7c4de97256aff7f772119c9b2e6282eb0e935ac4979bdf4ffd11337ce029fc8ae559d4e4fda85a5782f8a177ac39ec721a

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\d3dcompiler_47.dll

MD5 53b6b68c3aa0b2cb48b7f3e363a35526
SHA1 ee16092bfed51765aa4a2034d522c3d32badaf1b
SHA256 ba87b7945abb6fe7cdce866e5f9f1ac97cf08e650354651dd1e2c2e28efbe2e8
SHA512 39d421ad893f06bc188520ae36af86abb851385e7cb8601b7e87fdfa1f19712bc6a84945cdb5fe4c8b38c9799ccc7025bf936a206758817d2bda8d206374969e

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\D3DCompiler_47.dll

MD5 ba3bee1d65e422f3ae8955b82b4c067a
SHA1 76d47212f27d770b85cc2dc8935b1af492adb457
SHA256 190a37a194a084c334f74e377e5e5773eefa4b19e07026cf5b658b92cb57cbbf
SHA512 5bab3350988863527e0d4898bf0f2f5716c7f9862d0e20db102edb03b9f942b0e3587ee5078d6206626e119fe5aa9c5779e38e069490ac25313cebd4d77d0f4b

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 8ea13d2ebe1ce8691a00de0b0cd84ead
SHA1 66ff50e73112881e62a2c269a2c371d9a65819f4
SHA256 6f2eb87a80c657c330f2d879e477aea7697883ff8bb46f91c5da53f028bc42b8
SHA512 37cefad4cef1449b7a59196714d592624d536f79fe517c8f1ff92c001e46656ed5fa1cb893250d9b46c7e540e0f0b8428bdb54b40f0cb42019e5df319ea45472

C:\Users\Admin\AppData\Local\insomnia\app-8.5.0\Insomnia.exe

MD5 9588ee74ea4f8626cb51374907046c1a
SHA1 2ecb17ab71c4f0bb916f382b35c2b0b6accb5f65
SHA256 0cd636c61dc2f70e4c9959251e4fdf37c175363a673a2213909104c7a32bd467
SHA512 baa87d9709243585d1897c35f537204c6ae420a9fac34b10f287efc738e2a7ead50aadca8f7f130dcfc3d59ebe4fe82338afb50e916c458bbf2a275493938373

C:\Users\Admin\AppData\Roaming\Insomnia\sentry\queue\9226c3f4fd4545448fcf6647ef38627f

MD5 90cd69d878ea1a347a6d2dbc66058533
SHA1 aeb622781dbc7ae09c8b0f80d0d60ffe95421f1b
SHA256 9522b86d2e96d435f60ea05f06fce6db884e376940cd87e6ff9167f5b8f63e78
SHA512 3ba152121f23901bd205ded9da6a927f73a1bc93bf571a3ada8dda7e48f600d27e69e82228aaa60cadf3a99ca01b04061f9b7e1324d1ea451a75003fa4123009