File name:

MzkjqY1.exe

Full analysis: https://app.any.run/tasks/adae0a2d-0064-435d-85ab-242ed01766ca
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 10, 2025, 06:17:02
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
uac
stealer
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 10 sections
MD5:

9779118E71130D6F7F4BFC2D3C2E8526

SHA1:

6044A4E66CA989B9A226BC3C8DE91E44C394FCBB

SHA256:

92088CDEDC08A20576BDB1E8EDAB2555134BA5832628B7CD9C91515D21D3DF4C

SSDEEP:

98304:fAqEZeHofovbxGP/x+9l+DKv+eUyocXHvDv/TCkAfDfpbP6wcojmmToMXEpoAoFX:TC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass User Account Control (Modify registry)

      • MzkjqY1.exe (PID: 7412)

    • Bypass User Account Control (ComputerDefaults)

      • ComputerDefaults.exe (PID: 7632)

    • Changes the autorun value in the registry

      • MzkjqY1.exe (PID: 7412)

    • Steals credentials from Web Browsers

      • MzkjqY1.exe (PID: 7412)

    • Actions looks like stealing of personal data

      • MzkjqY1.exe (PID: 7412)

    • Suspicious browser debugging (Possible cookie theft)

      • chrome.exe (PID: 8140)
      • msedge.exe (PID: 7884)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • MzkjqY1.exe (PID: 7412)

    • Changes default file association

      • MzkjqY1.exe (PID: 7412)

    • There is functionality for taking screenshot (YARA)

      • MzkjqY1.exe (PID: 7412)

    • Loads DLL from Mozilla Firefox

      • MzkjqY1.exe (PID: 7412)

    • Executable content was dropped or overwritten

      • MzkjqY1.exe (PID: 7412)

    • Uses ATTRIB.EXE to modify file attributes

      • MzkjqY1.exe (PID: 7412)

    • Starts POWERSHELL.EXE for commands execution

      • MzkjqY1.exe (PID: 7412)

    • Get information on the list of running processes

      • MzkjqY1.exe (PID: 7412)

    • Probably obfuscated PowerShell command line is found

      • MzkjqY1.exe (PID: 7412)

    • Uses TASKKILL.EXE to kill Browsers

      • MzkjqY1.exe (PID: 7412)

    • Uses TASKKILL.EXE to kill process

      • MzkjqY1.exe (PID: 7412)

    • Returns all items found within a container (POWERSHELL)

      • powershell.exe (PID: 5436)

    • Hides errors and continues executing the command without stopping

      • powershell.exe (PID: 5436)

    • The process verifies whether the antivirus software is installed

      • MzkjqY1.exe (PID: 7412)

  • INFO

    • Checks supported languages

      • MzkjqY1.exe (PID: 7412)
      • MzkjqY1.exe (PID: 7696)
      • runtime_broker.exe (PID: 5772)

    • Reads security settings of Internet Explorer

      • ComputerDefaults.exe (PID: 7632)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)

    • Reads the computer name

      • MzkjqY1.exe (PID: 7696)
      • MzkjqY1.exe (PID: 7412)
      • runtime_broker.exe (PID: 5772)

    • Creates files or folders in the user directory

      • MzkjqY1.exe (PID: 7412)

    • Auto-launch of the file from Registry key

      • MzkjqY1.exe (PID: 7412)

    • Checks proxy server information

      • MzkjqY1.exe (PID: 7412)

    • Reads the software policy settings

      • MzkjqY1.exe (PID: 7412)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)
      • slui.exe (PID: 7792)

    • Create files in a temporary directory

      • MzkjqY1.exe (PID: 7412)
      • powershell.exe (PID: 7528)
      • powershell.exe (PID: 5436)

    • Manual execution by a user

      • runtime_broker.exe (PID: 5772)

    • The sample compiled with english language support

      • MzkjqY1.exe (PID: 7412)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 7904)

    • Returns hidden items found within a container (POWERSHELL)

      • conhost.exe (PID: 7212)
      • conhost.exe (PID: 7728)
      • conhost.exe (PID: 5376)
      • conhost.exe (PID: 4996)
      • conhost.exe (PID: 1272)
      • conhost.exe (PID: 7932)
      • conhost.exe (PID: 3896)
      • conhost.exe (PID: 472)
      • conhost.exe (PID: 6760)
      • conhost.exe (PID: 8020)
      • conhost.exe (PID: 7712)
      • conhost.exe (PID: 7464)
      • conhost.exe (PID: 8152)
      • conhost.exe (PID: 6712)
      • conhost.exe (PID: 4692)
      • conhost.exe (PID: 1324)
      • conhost.exe (PID: 680)
      • conhost.exe (PID: 6944)
      • conhost.exe (PID: 5172)
      • conhost.exe (PID: 7612)
      • conhost.exe (PID: 5124)
      • conhost.exe (PID: 3676)
      • conhost.exe (PID: 1272)
      • conhost.exe (PID: 7868)
      • conhost.exe (PID: 5344)

    • Application launched itself

      • chrome.exe (PID: 8140)
      • msedge.exe (PID: 7884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:05:06 06:08:33+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Large address aware, No debug
PEType: PE32+
LinkerVersion: 2.41
CodeSize: 3680256
InitializedDataSize: 5368320
UninitializedDataSize: 1024
EntryPoint: 0x13e0
OSVersion: 4
ImageVersion: -
SubsystemVersion: 5.2
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
324
Monitored processes
195
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start mzkjqy1.exe cmd.exe no specs conhost.exe no specs computerdefaults.exe no specs computerdefaults.exe no specs computerdefaults.exe mzkjqy1.exe no specs sppextcomobj.exe no specs slui.exe attrib.exe no specs conhost.exe no specs vaultcmd.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs runtime_broker.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs cmdkey.exe no specs tasklist.exe no specs conhost.exe no specs certutil.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs certutil.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs conhost.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs cmdkey.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs slui.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs tasklist.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs tasklist.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
516"taskkill" /IM browser.exeC:\Windows\System32\taskkill.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
616"taskkill" /F /IM 360browser.exeC:\Windows\System32\taskkill.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
668"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1496,i,5362544467113681765,6576935416082905119,262144 --disable-features=PaintHolding --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
680\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
680\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
728\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"tasklist"C:\Windows\System32\tasklist.exeMzkjqY1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
856\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
904\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
26 012
Read events
25 999
Write events
12
Delete events
1

Modification events

(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7632) ComputerDefaults.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CLASSES_ROOT\ms-settings\Shell\open\command
Operation:writeName:DelegateExecute
Value:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CLASSES_ROOT\ms-settings\Shell\open\command
Operation:delete keyName:(default)
Value:
(PID) Process:(7412) MzkjqY1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:WindowsRuntimeBroker
Value:
C:\Users\admin\AppData\Roaming\Microsoft\Windows\CLR\runtime_broker.exe
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(8140) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
Executable files
2
Suspicious files
70
Text files
106
Unknown types
0

Dropped files

PID
Process
Filename
Type
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\ff_history_tmp_3149307250.db
MD5:
SHA256:
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\screenshot_20250510_061720.bmpimage
MD5:0D3E3FB9BCF7661430D00AA8E0EE0BB5
SHA256:A6D9F2AB81FB13F0D456F6C4664B70C376B2591EC2AED42D63578B944F6304DF
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\FileZilla\filezilla.xmlxml
MD5:32F683306CE4FA78157113BB9EACB51D
SHA256:16283B36975456118FBAC2A0CB0AB466C2D26E2B396DD938CDF129F2D3224570
7412MzkjqY1.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\CLR\runtime_broker.exeexecutable
MD5:9779118E71130D6F7F4BFC2D3C2E8526
SHA256:92088CDEDC08A20576BDB1E8EDAB2555134BA5832628B7CD9C91515D21D3DF4C
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Outlook\outlook_registry.txttext
MD5:CA5CF2BBDCF69C6311807B6B9AEBA338
SHA256:04072CFCB7A45CB522BDDDD176413CDD475CC5B6F61B9A5DDC92A35697ABA966
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\ff_bookmarks_tmp_1514702529.db
MD5:
SHA256:
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\8768658c-df3a-4fed-9247-a3ec23c87b9cbinary
MD5:E3AC833986EE5C36F364BC12F8387773
SHA256:1001F2F638CF5CACDCDAC9B58CDB82DB886658DDED82FF992BD902689C5FDDA4
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\CREDHISTbinary
MD5:57862E11EDD0DF6179C7DB308CD09976
SHA256:EE422E1B858F4379DB88C56D8AA6AF27D691AC10E9734C2FE21A4E1639F000BB
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\306ccb42-4900-42c0-863c-8a748ef9a2b2binary
MD5:2839298F7BBCCCD2C196AD7DE84A54B9
SHA256:4FDC6024A96B793CD6E183C5A5D395B79F17E44C82A4ED14BEB8C1ADEA37FC25
7412MzkjqY1.exeC:\Users\admin\AppData\Local\Temp\Prysmax\Apps\Credentials\Credentials_1\S-1-5-21-1693682860-607145093-2874071422-1001\1431926f-206e-4dd5-84c5-c5dbd062f043binary
MD5:29AE6C44E07D63A6B783FA60CC91C73B
SHA256:5C57D8116B068734553CB29A6C20FD9B01EF78147A1DAC7A63DE181FDF465582
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
23
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.164.40:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.40:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5988
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5988
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.164.40:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.16.164.40:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
7412
MzkjqY1.exe
104.102.49.106:443
steamcommunity.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.40
  • 2.16.164.120
  • 2.16.164.49
  • 2.16.164.17
  • 2.16.164.34
  • 2.16.164.24
  • 2.16.164.114
  • 2.16.164.58
  • 2.16.164.72
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.68
  • 40.126.31.71
  • 40.126.31.73
  • 40.126.31.0
  • 40.126.31.129
  • 40.126.31.128
  • 40.126.31.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
steamcommunity.com
  • 104.102.49.106
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
MzkjqY1.exe