File name:

MzkjqY1.exe

Full analysis: https://app.any.run/tasks/adae0a2d-0064-435d-85ab-242ed01766ca
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 10, 2025, 06:17:02
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
uac
stealer
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 10 sections
MD5:

9779118E71130D6F7F4BFC2D3C2E8526

SHA1:

6044A4E66CA989B9A226BC3C8DE91E44C394FCBB

SHA256:

92088CDEDC08A20576BDB1E8EDAB2555134BA5832628B7CD9C91515D21D3DF4C

SSDEEP:

98304:fAqEZeHofovbxGP/x+9l+DKv+eUyocXHvDv/TCkAfDfpbP6wcojmmToMXEpoAoFX:TC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass User Account Control (Modify registry)

      • MzkjqY1.exe (PID: 7412)

    • Bypass User Account Control (ComputerDefaults)

      • ComputerDefaults.exe (PID: 7632)

    • Changes the autorun value in the registry

      • MzkjqY1.exe (PID: 7412)

    • Steals credentials from Web Browsers

      • MzkjqY1.exe (PID: 7412)

    • Actions looks like stealing of personal data

      • MzkjqY1.exe (PID: 7412)

    • Suspicious browser debugging (Possible cookie theft)

      • chrome.exe (PID: 8140)
      • msedge.exe (PID: 7884)

  • SUSPICIOUS

    • Changes default file association

      • MzkjqY1.exe (PID: 7412)

    • Starts CMD.EXE for commands execution

      • MzkjqY1.exe (PID: 7412)

    • Executable content was dropped or overwritten

      • MzkjqY1.exe (PID: 7412)

    • Uses ATTRIB.EXE to modify file attributes

      • MzkjqY1.exe (PID: 7412)

    • There is functionality for taking screenshot (YARA)

      • MzkjqY1.exe (PID: 7412)

    • Loads DLL from Mozilla Firefox

      • MzkjqY1.exe (PID: 7412)

    • Get information on the list of running processes

      • MzkjqY1.exe (PID: 7412)

    • Starts POWERSHELL.EXE for commands execution

      • MzkjqY1.exe (PID: 7412)

    • Probably obfuscated PowerShell command line is found

      • MzkjqY1.exe (PID: 7412)

    • Uses TASKKILL.EXE to kill Browsers

      • MzkjqY1.exe (PID: 7412)

    • Uses TASKKILL.EXE to kill process

      • MzkjqY1.exe (PID: 7412)

    • Hides errors and continues executing the command without stopping

      • powershell.exe (PID: 5436)

    • Returns all items found within a container (POWERSHELL)

      • powershell.exe (PID: 5436)

    • The process verifies whether the antivirus software is installed

      • MzkjqY1.exe (PID: 7412)

  • INFO

    • Reads the computer name

      • MzkjqY1.exe (PID: 7412)
      • MzkjqY1.exe (PID: 7696)
      • runtime_broker.exe (PID: 5772)

    • Checks supported languages

      • MzkjqY1.exe (PID: 7412)
      • MzkjqY1.exe (PID: 7696)
      • runtime_broker.exe (PID: 5772)

    • Reads security settings of Internet Explorer

      • ComputerDefaults.exe (PID: 7632)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)

    • Creates files or folders in the user directory

      • MzkjqY1.exe (PID: 7412)

    • Auto-launch of the file from Registry key

      • MzkjqY1.exe (PID: 7412)

    • Checks proxy server information

      • MzkjqY1.exe (PID: 7412)

    • Reads the software policy settings

      • MzkjqY1.exe (PID: 7412)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)
      • slui.exe (PID: 7792)

    • Create files in a temporary directory

      • MzkjqY1.exe (PID: 7412)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)

    • Manual execution by a user

      • runtime_broker.exe (PID: 5772)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 7904)

    • The sample compiled with english language support

      • MzkjqY1.exe (PID: 7412)

    • Returns hidden items found within a container (POWERSHELL)

      • conhost.exe (PID: 7212)
      • conhost.exe (PID: 4996)
      • conhost.exe (PID: 7932)
      • conhost.exe (PID: 3896)
      • conhost.exe (PID: 5376)
      • conhost.exe (PID: 1272)
      • conhost.exe (PID: 472)
      • conhost.exe (PID: 8020)
      • conhost.exe (PID: 7868)
      • conhost.exe (PID: 5344)
      • conhost.exe (PID: 7728)
      • conhost.exe (PID: 7464)
      • conhost.exe (PID: 6712)
      • conhost.exe (PID: 4692)
      • conhost.exe (PID: 6944)
      • conhost.exe (PID: 5172)
      • conhost.exe (PID: 1324)
      • conhost.exe (PID: 680)
      • conhost.exe (PID: 5124)
      • conhost.exe (PID: 7612)
      • conhost.exe (PID: 3676)
      • conhost.exe (PID: 1272)
      • conhost.exe (PID: 6760)
      • conhost.exe (PID: 7712)
      • conhost.exe (PID: 8152)

    • Application launched itself

      • chrome.exe (PID: 8140)
      • msedge.exe (PID: 7884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:05:06 06:08:33+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Large address aware, No debug
PEType: PE32+
LinkerVersion: 2.41
CodeSize: 3680256
InitializedDataSize: 5368320
UninitializedDataSize: 1024
EntryPoint: 0x13e0
OSVersion: 4
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
324
Monitored processes
195
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start mzkjqy1.exe cmd.exe no specs conhost.exe no specs computerdefaults.exe no specs computerdefaults.exe no specs computerdefaults.exe mzkjqy1.exe no specs sppextcomobj.exe no specs slui.exe attrib.exe no specs conhost.exe no specs vaultcmd.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs runtime_broker.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs cmdkey.exe no specs tasklist.exe no specs conhost.exe no specs certutil.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs certutil.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs slui.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
516"taskkill" /IM browser.exeC:\Windows\System32\taskkill.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
616"taskkill" /F /IM 360browser.exeC:\Windows\System32\taskkill.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
668"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1496,i,5362544467113681765,6576935416082905119,262144 --disable-features=PaintHolding --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
680\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
680\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
728\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"tasklist"C:\Windows\System32\tasklist.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
856\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
904\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
26 012
Read events
25 999
Write events
12
Delete events
1

Modification events

(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CLASSES_ROOT\ms-settings\Shell\open\command
Operation:writeName:DelegateExecute
Value:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CLASSES_ROOT\ms-settings\Shell\open\command
Operation:delete keyName:(default)
Value:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:WindowsRuntimeBroker
Value:
C:\Users\admin\AppData\Roaming\Microsoft\Windows\CLR\runtime_broker.exe
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
Executable files
2
Suspicious files
70
Text files
106
Unknown types
0

Dropped files

PID
Process
Filename
Type
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\ff_history_tmp_3149307250.db
MD5:
SHA256:
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\FileZilla\filezilla.xmlxml
MD5:32F683306CE4FA78157113BB9EACB51D
SHA256:16283B36975456118FBAC2A0CB0AB466C2D26E2B396DD938CDF129F2D3224570
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\8768658c-df3a-4fed-9247-a3ec23c87b9cbinary
MD5:E3AC833986EE5C36F364BC12F8387773
SHA256:1001F2F638CF5CACDCDAC9B58CDB82DB886658DDED82FF992BD902689C5FDDA4
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\31c26389-0544-4444-9427-e118ab7d776cbinary
MD5:2C68B28B3E0A8BAD4DE703A6258F4A21
SHA256:33C56AFD59C92D87800DFB75C7CDF1A3CCA56249D012D1A3066DC849FC9FAAFF
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\ff_history_tmp_3149307250.db-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\ff_bookmarks_tmp_1514702529.db
MD5:
SHA256:
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\5de96dac-dbeb-48b8-8e7b-394ea1a0bf80binary
MD5:0D1B73B143B6D4EA999E928D1CC4F50B
SHA256:E294A94DE97276C90692814BE096E17FE46F4434FFF9B01D833E7801AE2340F8
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\b118b76c-2129-4336-ac17-d214ea0f1b69binary
MD5:ADCA2F4E91E1213D2DADAA4CB2D233E4
SHA256:B7423232BE18A0090D324F6A9A816908EB3735E4E6BE7AB5004890ADD0477762
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\136a6807-03f4-4648-9145-17fee5c37b33binary
MD5:199584A1B51F4347835E0BF177073F21
SHA256:79064CA48D730ADDF764B905F7A41DF0118F086D46954AE34C31B9AA53525E7F
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\CREDHISTbinary
MD5:57862E11EDD0DF6179C7DB308CD09976
SHA256:EE422E1B858F4379DB88C56D8AA6AF27D691AC10E9734C2FE21A4E1639F000BB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
23
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.164.40:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.40:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5988
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5988
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.164.40:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.16.164.40:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
7412
MzkjqY1.exe
104.102.49.106:443
steamcommunity.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.40
  • 2.16.164.120
  • 2.16.164.49
  • 2.16.164.17
  • 2.16.164.34
  • 2.16.164.24
  • 2.16.164.114
  • 2.16.164.58
  • 2.16.164.72
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.68
  • 40.126.31.71
  • 40.126.31.73
  • 40.126.31.0
  • 40.126.31.129
  • 40.126.31.128
  • 40.126.31.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
steamcommunity.com
  • 104.102.49.106
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MzkjqY1.exe