File name:

MzkjqY1.exe

Full analysis: https://app.any.run/tasks/adae0a2d-0064-435d-85ab-242ed01766ca
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 10, 2025, 06:17:02
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
uac
stealer
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 10 sections
MD5:

9779118E71130D6F7F4BFC2D3C2E8526

SHA1:

6044A4E66CA989B9A226BC3C8DE91E44C394FCBB

SHA256:

92088CDEDC08A20576BDB1E8EDAB2555134BA5832628B7CD9C91515D21D3DF4C

SSDEEP:

98304:fAqEZeHofovbxGP/x+9l+DKv+eUyocXHvDv/TCkAfDfpbP6wcojmmToMXEpoAoFX:TC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass User Account Control (Modify registry)

      • MzkjqY1.exe (PID: 7412)

    • Bypass User Account Control (ComputerDefaults)

      • ComputerDefaults.exe (PID: 7632)

    • Changes the autorun value in the registry

      • MzkjqY1.exe (PID: 7412)

    • Steals credentials from Web Browsers

      • MzkjqY1.exe (PID: 7412)

    • Actions looks like stealing of personal data

      • MzkjqY1.exe (PID: 7412)

    • Suspicious browser debugging (Possible cookie theft)

      • chrome.exe (PID: 8140)
      • msedge.exe (PID: 7884)

  • SUSPICIOUS

    • Changes default file association

      • MzkjqY1.exe (PID: 7412)

    • Starts CMD.EXE for commands execution

      • MzkjqY1.exe (PID: 7412)

    • There is functionality for taking screenshot (YARA)

      • MzkjqY1.exe (PID: 7412)

    • Executable content was dropped or overwritten

      • MzkjqY1.exe (PID: 7412)

    • Get information on the list of running processes

      • MzkjqY1.exe (PID: 7412)

    • Uses ATTRIB.EXE to modify file attributes

      • MzkjqY1.exe (PID: 7412)

    • Loads DLL from Mozilla Firefox

      • MzkjqY1.exe (PID: 7412)

    • Uses TASKKILL.EXE to kill process

      • MzkjqY1.exe (PID: 7412)

    • Uses TASKKILL.EXE to kill Browsers

      • MzkjqY1.exe (PID: 7412)

    • Returns all items found within a container (POWERSHELL)

      • powershell.exe (PID: 5436)

    • Hides errors and continues executing the command without stopping

      • powershell.exe (PID: 5436)

    • Starts POWERSHELL.EXE for commands execution

      • MzkjqY1.exe (PID: 7412)

    • Probably obfuscated PowerShell command line is found

      • MzkjqY1.exe (PID: 7412)

    • The process verifies whether the antivirus software is installed

      • MzkjqY1.exe (PID: 7412)

  • INFO

    • Reads the computer name

      • MzkjqY1.exe (PID: 7412)
      • MzkjqY1.exe (PID: 7696)
      • runtime_broker.exe (PID: 5772)

    • Checks supported languages

      • MzkjqY1.exe (PID: 7412)
      • MzkjqY1.exe (PID: 7696)
      • runtime_broker.exe (PID: 5772)

    • Reads security settings of Internet Explorer

      • ComputerDefaults.exe (PID: 7632)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)

    • Creates files or folders in the user directory

      • MzkjqY1.exe (PID: 7412)

    • Auto-launch of the file from Registry key

      • MzkjqY1.exe (PID: 7412)

    • Checks proxy server information

      • MzkjqY1.exe (PID: 7412)

    • Reads the software policy settings

      • MzkjqY1.exe (PID: 7412)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)
      • slui.exe (PID: 7792)

    • Create files in a temporary directory

      • MzkjqY1.exe (PID: 7412)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)

    • Manual execution by a user

      • runtime_broker.exe (PID: 5772)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 7904)

    • The sample compiled with english language support

      • MzkjqY1.exe (PID: 7412)

    • Returns hidden items found within a container (POWERSHELL)

      • conhost.exe (PID: 7728)
      • conhost.exe (PID: 7212)
      • conhost.exe (PID: 4996)
      • conhost.exe (PID: 7932)
      • conhost.exe (PID: 1272)
      • conhost.exe (PID: 5376)
      • conhost.exe (PID: 8020)
      • conhost.exe (PID: 472)
      • conhost.exe (PID: 7868)
      • conhost.exe (PID: 5344)
      • conhost.exe (PID: 3896)
      • conhost.exe (PID: 6760)
      • conhost.exe (PID: 7464)
      • conhost.exe (PID: 7712)
      • conhost.exe (PID: 6712)
      • conhost.exe (PID: 4692)
      • conhost.exe (PID: 1324)
      • conhost.exe (PID: 5172)
      • conhost.exe (PID: 6944)
      • conhost.exe (PID: 5124)
      • conhost.exe (PID: 680)
      • conhost.exe (PID: 7612)
      • conhost.exe (PID: 1272)
      • conhost.exe (PID: 3676)
      • conhost.exe (PID: 8152)

    • Application launched itself

      • chrome.exe (PID: 8140)
      • msedge.exe (PID: 7884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:05:06 06:08:33+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Large address aware, No debug
PEType: PE32+
LinkerVersion: 2.41
CodeSize: 3680256
InitializedDataSize: 5368320
UninitializedDataSize: 1024
EntryPoint: 0x13e0
OSVersion: 4
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
324
Monitored processes
195
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start mzkjqy1.exe cmd.exe no specs conhost.exe no specs computerdefaults.exe no specs computerdefaults.exe no specs computerdefaults.exe mzkjqy1.exe no specs sppextcomobj.exe no specs slui.exe attrib.exe no specs conhost.exe no specs vaultcmd.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs runtime_broker.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs cmdkey.exe no specs tasklist.exe no specs conhost.exe no specs certutil.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs certutil.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs slui.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
516"taskkill" /IM browser.exeC:\Windows\System32\taskkill.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
616"taskkill" /F /IM 360browser.exeC:\Windows\System32\taskkill.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
668"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1496,i,5362544467113681765,6576935416082905119,262144 --disable-features=PaintHolding --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
680\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
680\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
728\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"tasklist"C:\Windows\System32\tasklist.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
856\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
904\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
26 012
Read events
25 999
Write events
12
Delete events
1

Modification events

(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CLASSES_ROOT\ms-settings\Shell\open\command
Operation:writeName:DelegateExecute
Value:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CLASSES_ROOT\ms-settings\Shell\open\command
Operation:delete keyName:(default)
Value:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:WindowsRuntimeBroker
Value:
C:\Users\admin\AppData\Roaming\Microsoft\Windows\CLR\runtime_broker.exe
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
Executable files
2
Suspicious files
70
Text files
106
Unknown types
0

Dropped files

PID
Process
Filename
Type
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\ff_history_tmp_3149307250.db
MD5:
SHA256:
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\screenshot_20250510_061720.bmpimage
MD5:0D3E3FB9BCF7661430D00AA8E0EE0BB5
SHA256:A6D9F2AB81FB13F0D456F6C4664B70C376B2591EC2AED42D63578B944F6304DF
7412MzkjqY1.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\CLR\runtime_broker.exeexecutable
MD5:9779118E71130D6F7F4BFC2D3C2E8526
SHA256:92088CDEDC08A20576BDB1E8EDAB2555134BA5832628B7CD9C91515D21D3DF4C
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\CREDHISTbinary
MD5:57862E11EDD0DF6179C7DB308CD09976
SHA256:EE422E1B858F4379DB88C56D8AA6AF27D691AC10E9734C2FE21A4E1639F000BB
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\ff_history_tmp_3149307250.db-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\ff_bookmarks_tmp_1514702529.db
MD5:
SHA256:
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\27aa6b35-7340-487b-af08-247517155f01binary
MD5:4611BBDD5041D21113CE083BAF3BDDF7
SHA256:108B6DF84951A5E1864FCB23CF07542272991334CC38FE10839494BD88C15D0B
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\FileZilla\filezilla.xmlxml
MD5:32F683306CE4FA78157113BB9EACB51D
SHA256:16283B36975456118FBAC2A0CB0AB466C2D26E2B396DD938CDF129F2D3224570
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\c34b2a72-9aaf-4138-8a32-1d6f9045a1ccbinary
MD5:2D24F7C2289BF5A5979BB72F3194BAED
SHA256:1D78293AB79F1271CCCEA14F6ADC603C797ECBE26B6FF20877E9B8E29824EDD1
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\31c26389-0544-4444-9427-e118ab7d776cbinary
MD5:2C68B28B3E0A8BAD4DE703A6258F4A21
SHA256:33C56AFD59C92D87800DFB75C7CDF1A3CCA56249D012D1A3066DC849FC9FAAFF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
23
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.164.40:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
QA
binary
868 b
whitelisted
5988
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
DE
binary
419 b
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
5988
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
DE
binary
407 b
whitelisted
GET
200
2.16.164.40:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
QA
binary
868 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.164.40:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.16.164.40:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
7412
MzkjqY1.exe
104.102.49.106:443
steamcommunity.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.40
  • 2.16.164.120
  • 2.16.164.49
  • 2.16.164.17
  • 2.16.164.34
  • 2.16.164.24
  • 2.16.164.114
  • 2.16.164.58
  • 2.16.164.72
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.68
  • 40.126.31.71
  • 40.126.31.73
  • 40.126.31.0
  • 40.126.31.129
  • 40.126.31.128
  • 40.126.31.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
steamcommunity.com
  • 104.102.49.106
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MzkjqY1.exe