File name:

iZotope RX 11 Advanced WiN-MAC.exe

Full analysis: https://app.any.run/tasks/d11fa056-ae20-458f-8c34-50550257cc03
Verdict: Malicious activity
Analysis date: August 31, 2024, 03:25:31
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

4F89649C4173534AAAF737DC8210EC17

SHA1:

9E0AF5D86A217093F6B9BC94850892204CB85204

SHA256:

9EE2425F39B58DC7A6E4F95D53CC57B65F10BB51DDB30432BA0A72D6B8D2789E

SSDEEP:

49152:hdixrq3BdwQSYUJ/ZNFrSnIhVha3DzNvSmG5PmaHX5Y7+rAM5QFLY7YphlwNW1Iw:Wrq3BdwawLFroI8fZG5j35s+rTQFnLjv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 2456)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)
      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 7132)

    • Drops the executable file immediately after the start

      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 2456)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)
      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 7132)

    • Reads security settings of Internet Explorer

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 2080)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)
      • geometry dash auto speedhack.exe (PID: 8160)
      • geometry dash auto speedhack.exe (PID: 5744)

    • Reads the date of Windows installation

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 2080)
      • geometry dash auto speedhack.exe (PID: 8160)
      • geometry dash auto speedhack.exe (PID: 5744)

    • Reads the Windows owner or organization settings

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Checks Windows Trust Settings

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Application launched itself

      • geometry dash auto speedhack.exe (PID: 8160)

    • Creates file in the systems drive root

      • geometry dash auto speedhack.exe (PID: 5744)
      • notepad.exe (PID: 6832)

    • Start notepad (likely ransomware note)

      • geometry dash auto speedhack.exe (PID: 5744)

    • Starts CMD.EXE for commands execution

      • geometry dash auto speedhack.exe (PID: 5744)

  • INFO

    • Create files in a temporary directory

      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 2456)
      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 7132)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Checks supported languages

      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 2456)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 2080)
      • identity_helper.exe (PID: 368)
      • geometry dash auto speedhack.exe (PID: 8160)
      • geometry dash auto speedhack.exe (PID: 7032)
      • geometry dash auto speedhack.exe (PID: 1356)
      • geometry dash auto speedhack.exe (PID: 7136)
      • geometry dash auto speedhack.exe (PID: 6316)
      • geometry dash auto speedhack.exe (PID: 7008)
      • geometry dash auto speedhack.exe (PID: 5744)
      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 7132)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Reads Environment values

      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 2456)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 2080)
      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 7132)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)
      • identity_helper.exe (PID: 368)

    • Process checks computer location settings

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 2080)
      • geometry dash auto speedhack.exe (PID: 8160)
      • geometry dash auto speedhack.exe (PID: 5744)

    • Reads the computer name

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)
      • identity_helper.exe (PID: 368)
      • geometry dash auto speedhack.exe (PID: 8160)
      • geometry dash auto speedhack.exe (PID: 5744)
      • iZotope RX 11 Advanced WiN-MAC.exe (PID: 7132)
      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 2080)
      • geometry dash auto speedhack.exe (PID: 1356)
      • geometry dash auto speedhack.exe (PID: 7008)
      • geometry dash auto speedhack.exe (PID: 7032)
      • geometry dash auto speedhack.exe (PID: 6316)

    • Checks proxy server information

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Reads the machine GUID from the registry

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)
      • geometry dash auto speedhack.exe (PID: 5744)
      • geometry dash auto speedhack.exe (PID: 1356)
      • geometry dash auto speedhack.exe (PID: 7008)
      • geometry dash auto speedhack.exe (PID: 7032)
      • geometry dash auto speedhack.exe (PID: 6316)

    • Creates files or folders in the user directory

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Creates a software uninstall entry

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Reads the software policy settings

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Creates files in the program directory

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)

    • Reads Microsoft Office registry keys

      • iZotope RX 11 Advanced WiN-MAC.tmp (PID: 6176)
      • msedge.exe (PID: 6192)
      • msedge.exe (PID: 6008)
      • geometry dash auto speedhack.exe (PID: 5744)

    • Application launched itself

      • msedge.exe (PID: 6192)
      • msedge.exe (PID: 6008)

    • Manual execution by a user

      • msedge.exe (PID: 6008)
      • geometry dash auto speedhack.exe (PID: 7560)
      • WinRAR.exe (PID: 6724)
      • WinRAR.exe (PID: 6056)
      • geometry dash auto speedhack.exe (PID: 8160)
      • Taskmgr.exe (PID: 7932)
      • Taskmgr.exe (PID: 1124)

    • The process uses the downloaded file

      • msedge.exe (PID: 7816)
      • WinRAR.exe (PID: 6724)
      • msedge.exe (PID: 2368)
      • WinRAR.exe (PID: 6056)
      • geometry dash auto speedhack.exe (PID: 8160)
      • geometry dash auto speedhack.exe (PID: 5744)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6056)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 6832)
      • Taskmgr.exe (PID: 1124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (53.5)
.exe | InstallShield setup (21)
.exe | Win32 EXE PECompact compressed (generic) (20.2)
.exe | Win32 Executable (generic) (2.1)
.exe | Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:06:10 14:47:11+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 2.25
CodeSize: 685056
InitializedDataSize: 90112
UninitializedDataSize: -
EntryPoint: 0xa83bc
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 6.5.0.0
ProductVersionNumber: 6.5.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName:
FileDescription: iZotope RX 11 Advanced WiN-MAC Setup
FileVersion: 6.5.0.0
LegalCopyright: iZotope RX 11 Advanced WiN-MAC
OriginalFileName:
ProductName: iZotope RX 11 Advanced WiN-MAC
ProductVersion: 6.5.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
247
Monitored processes
107
Malicious processes
2
Suspicious processes
4

Behavior graph

Click at the process to see the details
start izotope rx 11 advanced win-mac.exe izotope rx 11 advanced win-mac.tmp no specs izotope rx 11 advanced win-mac.exe izotope rx 11 advanced win-mac.tmp msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs geometry dash auto speedhack.exe no specs geometry dash auto speedhack.exe geometry dash auto speedhack.exe no specs geometry dash auto speedhack.exe no specs geometry dash auto speedhack.exe no specs geometry dash auto speedhack.exe no specs geometry dash auto speedhack.exe no specs geometry dash auto speedhack.exe no specs notepad.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskmgr.exe no specs taskmgr.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
368"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6164 --field-trial-handle=2320,i,15392756496932821222,14235917210528608808,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\bcrypt.dll
508"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2304 --field-trial-handle=2320,i,15392756496932821222,14235917210528608808,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
752"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5888 --field-trial-handle=2320,i,15392756496932821222,14235917210528608808,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
936"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5504 --field-trial-handle=2320,i,15392756496932821222,14235917210528608808,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
936"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6580 --field-trial-handle=2320,i,15392756496932821222,14235917210528608808,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1048"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8396 --field-trial-handle=2320,i,15392756496932821222,14235917210528608808,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1080"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7428 --field-trial-handle=2320,i,15392756496932821222,14235917210528608808,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1124"C:\WINDOWS\system32\taskmgr.exe" /0C:\Windows\System32\Taskmgr.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Manager
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
1356"C:\Users\admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe" /watchdogC:\Users\admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exegeometry dash auto speedhack.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\downloads\memz.by.itzdrk_\geometry dash auto speedhack.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1372"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5864 --field-trial-handle=2320,i,15392756496932821222,14235917210528608808,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
30 919
Read events
30 631
Write events
280
Delete events
8

Modification events

(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
20180000095C277355FBDA01
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
BDD9F8D5B703F7445050FFF789F8E070DD320C4F9CF02580F1F8B1FF6EEC159B
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iZotope RX 11 Advanced WiN-MAC_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.3.1
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iZotope RX 11 Advanced WiN-MAC_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Setup
(PID) Process:(6176) iZotope RX 11 Advanced WiN-MAC.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iZotope RX 11 Advanced WiN-MAC_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Setup\
Executable files
28
Suspicious files
992
Text files
239
Unknown types
0

Dropped files

PID
Process
Filename
Type
7132iZotope RX 11 Advanced WiN-MAC.exeC:\Users\admin\AppData\Local\Temp\is-PN3HR.tmp\iZotope RX 11 Advanced WiN-MAC.tmpexecutable
MD5:7E659ACCD8DC910C6CED52EBD70E995C
SHA256:2E018B6F568A0676EC156EC5EEBFDBB43FE66995FE113D44DA486584283E2784
6176iZotope RX 11 Advanced WiN-MAC.tmpC:\Users\admin\AppData\Local\Temp\is-MU34S.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
2456iZotope RX 11 Advanced WiN-MAC.exeC:\Users\admin\AppData\Local\Temp\is-07I81.tmp\iZotope RX 11 Advanced WiN-MAC.tmpexecutable
MD5:7E659ACCD8DC910C6CED52EBD70E995C
SHA256:2E018B6F568A0676EC156EC5EEBFDBB43FE66995FE113D44DA486584283E2784
6176iZotope RX 11 Advanced WiN-MAC.tmpC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12der
MD5:7FB5FA1534DCF77F2125B2403B30A0EE
SHA256:33A39E9EC2133230533A686EC43760026E014A3828C703707ACBC150FE40FD6F
6176iZotope RX 11 Advanced WiN-MAC.tmpC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:40BBC8CE37E24F821927CE5DC4C3AC0F
SHA256:8F996C5BD14A5C2A6E6E5D27D615D8C60927170792DB7AEE88AF555DB219F26A
6176iZotope RX 11 Advanced WiN-MAC.tmpC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:971C514F84BBA0785F80AA1C23EDFD79
SHA256:F157ED17FCAF8837FA82F8B69973848C9B10A02636848F995698212A08F31895
6176iZotope RX 11 Advanced WiN-MAC.tmpC:\Users\admin\AppData\Local\Temp\is-MU34S.tmp\idp.dllexecutable
MD5:55C310C0319260D798757557AB3BF636
SHA256:54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
6176iZotope RX 11 Advanced WiN-MAC.tmpC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:E7C997BA22F77BDC806A8B12C7B7E7F1
SHA256:465429625AC99478A02507A2741E1310F408B2B8F98EF36B0428C1DFF200E34A
6192msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:04E3F29A62D8BFE314652697DE334A9C
SHA256:62F1F368DA991B1B7964570CBE0C0D6F6ADAB80A628C139B8DB54D1FB71D5A16
6008msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF12ed94.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
314
DNS requests
363
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6176
iZotope RX 11 Advanced WiN-MAC.tmp
GET
200
142.250.186.131:80
http://c.pki.goog/r/gsr1.crl
US
binary
1.70 Kb
whitelisted
3424
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
4980
msedge.exe
GET
304
2.16.202.123:80
http://apps.identrust.com/roots/dstrootcax3.p7c
NL
whitelisted
5044
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
DE
binary
407 b
whitelisted
5044
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
DE
binary
419 b
whitelisted
4980
msedge.exe
GET
304
2.23.197.184:80
http://r3.i.lencr.org/
GB
whitelisted
4980
msedge.exe
GET
304
2.23.197.184:80
http://x1.i.lencr.org/
GB
whitelisted
1712
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/05cb029e-7fd7-4659-8008-90788f8ebbc7?P1=1725602133&P2=404&P3=2&P4=RIkmhEysOmXfnhfH24jwKiD6WBcuvG12gyx1l8opuXZEvB3yEPT%2blVIXUE2JmT1XK54QODWuHu%2ba9KuI9gP7Gg%3d%3d
US
binary
1.09 Kb
whitelisted
1712
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/05cb029e-7fd7-4659-8008-90788f8ebbc7?P1=1725602133&P2=404&P3=2&P4=RIkmhEysOmXfnhfH24jwKiD6WBcuvG12gyx1l8opuXZEvB3yEPT%2blVIXUE2JmT1XK54QODWuHu%2ba9KuI9gP7Gg%3d%3d
US
whitelisted
1712
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/05cb029e-7fd7-4659-8008-90788f8ebbc7?P1=1725602133&P2=404&P3=2&P4=RIkmhEysOmXfnhfH24jwKiD6WBcuvG12gyx1l8opuXZEvB3yEPT%2blVIXUE2JmT1XK54QODWuHu%2ba9KuI9gP7Gg%3d%3d
US
binary
1.81 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6232
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5644
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6232
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6176
iZotope RX 11 Advanced WiN-MAC.tmp
104.21.46.240:443
passengerstamp.website
CLOUDFLARENET
unknown
6176
iZotope RX 11 Advanced WiN-MAC.tmp
142.250.186.131:80
c.pki.goog
GOOGLE
US
whitelisted
3260
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3424
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.206
whitelisted
passengerstamp.website
  • 104.21.46.240
  • 172.67.143.46
unknown
c.pki.goog
  • 142.250.186.131
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
login.live.com
  • 20.190.160.14
  • 40.126.32.140
  • 40.126.32.136
  • 40.126.32.72
  • 40.126.32.76
  • 20.190.160.22
  • 20.190.160.17
  • 40.126.32.74
  • 40.126.31.73
  • 40.126.31.71
  • 40.126.31.67
  • 20.190.159.75
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.68
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
api.edgeoffer.microsoft.com
  • 94.245.104.56
whitelisted

Threats

PID
Process
Class
Message
4980
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
4980
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
4980
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
4980
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
4980
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
4980
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
4980
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net)
4980
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net)
4980
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net)
4980
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net)
Process
Message
msedge.exe
[0831/032711.297:WARNING:device_ticket.cc(151)] Timed out waiting for device ticket. Canceling async operation.
msedge.exe
[0831/032711.868:ERROR:process_memory_win.cc(74)] ReadMemory at 0x7ff6278d0000 of 64 bytes failed: Only part of a ReadProcessMemory or WriteProcessMemory request was completed. (0x12B)
msedge.exe
[0831/032711.868:WARNING:pe_image_reader.cc(340)] could not read dos header from C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
[0831/032711.868:ERROR:process_memory_win.cc(74)] ReadMemory at 0x7ffff85f0000 of 64 bytes failed: Only part of a ReadProcessMemory or WriteProcessMemory request was completed. (0x12B)
msedge.exe
[0831/032711.868:WARNING:pe_image_reader.cc(340)] could not read dos header from C:\WINDOWS\SYSTEM32\ntdll.dll
msedge.exe
[0831/032711.872:ERROR:process_memory_win.cc(74)] ReadMemory at 0x7ffff6f10000 of 64 bytes failed: Only part of a ReadProcessMemory or WriteProcessMemory request was completed. (0x12B)
msedge.exe
[0831/032711.872:WARNING:pe_image_reader.cc(340)] could not read dos header from C:\WINDOWS\System32\KERNEL32.DLL
msedge.exe
[0831/032711.873:ERROR:process_memory_win.cc(74)] ReadMemory at 0x7ffff5da0000 of 64 bytes failed: Only part of a ReadProcessMemory or WriteProcessMemory request was completed. (0x12B)
msedge.exe
[0831/032711.873:WARNING:pe_image_reader.cc(340)] could not read dos header from C:\WINDOWS\System32\KERNELBASE.dll
msedge.exe
[0831/032711.873:ERROR:process_memory_win.cc(74)] ReadMemory at 0x7fffd32d0000 of 64 bytes failed: Only part of a ReadProcessMemory or WriteProcessMemory request was completed. (0x12B)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
iZotope RX 11 Advanced WiN-MAC.exe