File name:

PrismLauncher-Windows-MSVC-Setup-9.1.exe

Full analysis: https://app.any.run/tasks/9aa92267-2651-4aee-be65-cda5ab235095
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 10, 2024, 00:28:19
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

255C5FC4DDD206F19D6FDB69B147B5F6

SHA1:

DC7B59BDBB3FD8F065B8A53E2B8F742F24E12888

SHA256:

E1C336A931699AF16DE244550DA8CE7E1F9B70FD8023AA2FF896D52A603B740F

SSDEEP:

196608:hCFH+/4/qPoxMeuHzDkPZYAXXqI74rEO+FTon2f6Ag7xeDrSe:hCo/4vxYTaRXXqI7AP+FEzASxa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • The process creates files with name similar to system file names

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Executable content was dropped or overwritten

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 7156)
      • vc_redist.x64.exe (PID: 6952)
      • VC_redist.x64.exe (PID: 3108)
      • VC_redist.x64.exe (PID: 7100)
      • VC_redist.x64.exe (PID: 5464)

    • Uses TASKKILL.EXE to kill process

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Creates a software uninstall entry

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Process drops legitimate windows executable

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 6952)
      • vc_redist.x64.exe (PID: 7156)
      • msiexec.exe (PID: 5700)
      • VC_redist.x64.exe (PID: 3108)
      • VC_redist.x64.exe (PID: 5464)

    • Searches for installed software

      • vc_redist.x64.exe (PID: 6952)
      • dllhost.exe (PID: 6148)

    • Reads security settings of Internet Explorer

      • vc_redist.x64.exe (PID: 6952)

    • Starts itself from another location

      • vc_redist.x64.exe (PID: 6952)

    • Starts a Microsoft application from unusual location

      • VC_redist.x64.exe (PID: 5464)
      • vc_redist.x64.exe (PID: 6952)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7044)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 5700)

    • Application launched itself

      • VC_redist.x64.exe (PID: 4004)
      • VC_redist.x64.exe (PID: 7100)

    • There is functionality for taking screenshot (YARA)

      • VC_redist.x64.exe (PID: 5464)

  • INFO

    • Create files in a temporary directory

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 7156)
      • vc_redist.x64.exe (PID: 6952)

    • Checks supported languages

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 7156)
      • VC_redist.x64.exe (PID: 5464)
      • vc_redist.x64.exe (PID: 6952)

    • Reads the computer name

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 6952)
      • VC_redist.x64.exe (PID: 5464)

    • Creates files or folders in the user directory

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • The process uses the downloaded file

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 6952)

    • Reads the machine GUID from the registry

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Process checks computer location settings

      • vc_redist.x64.exe (PID: 6952)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5700)

    • Manages system restore points

      • SrTasks.exe (PID: 1580)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x3552
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 9.1.0.0
ProductVersionNumber: 9.1.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileDescription: Prism Launcher Installer
FileVersion: 9.1.0.0
LegalCopyright: © 2022-2024 Prism Launcher Contributors\n© 2021-2022 PolyMC Contributors\n© 2012-2021 MultiMC Contributors
ProductName: Prism Launcher
ProductVersion: 9.1.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
150
Monitored processes
21
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start prismlauncher-windows-msvc-setup-9.1.exe taskkill.exe no specs conhost.exe no specs vc_redist.x64.exe vc_redist.x64.exe THREAT vc_redist.x64.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x64.exe no specs vc_redist.x64.exe vc_redist.x64.exe prismlauncher.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs icacls.exe no specs conhost.exe no specs javaw.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1580C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1588javaw -jar C:/Users/admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jarC:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_2989500\javaw.exeprismlauncher.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
2056"C:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"C:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exePrismLauncher-Windows-MSVC-Setup-9.1.exe
User:
admin
Company:
MultiMC & Prism Launcher Contributors
Integrity Level:
MEDIUM
Description:
Prism Launcher
Version:
9.1.0.0
2660"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar C:/Users/admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jarC:\Program Files\Java\jre1.8.0_271\bin\javaw.exeprismlauncher.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
3108"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D782DEED-FD09-47CA-8800-685049413C2C} {1F7F6BC1-4BF9-4CA9-9854-E791FC052F52} 7100C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
VC_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
4004"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={77169412-f642-45e7-b533-0c6f48de12f9} -burn.filehandle.self=1132 -burn.embedded BurnPipe.{36AB0BD4-B33F-4FBC-8540-960E392A7D3E} {783861E9-B3F5-413D-8B2D-8E1078DE327A} 5464C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exeVC_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
5464"C:\Users\admin\AppData\Local\Temp\{FE6BE6A0-D043-40B4-8793-F7DC58870473}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{CE0D54B5-621C-4B7F-B478-63BCDEF1F63E} {3D9BED32-6ABA-42DE-9BD4-4C4E769C8FA7} 6952C:\Users\admin\AppData\Local\Temp\{FE6BE6A0-D043-40B4-8793-F7DC58870473}\.be\VC_redist.x64.exe
vc_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33816
Exit code:
3010
Version:
14.40.33816.0
Modules
Images
c:\users\admin\appdata\local\temp\{fe6be6a0-d043-40b4-8793-f7dc58870473}\.be\vc_redist.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5640"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jarC:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_2989500\javaw.exeprismlauncher.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
5700C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5748"C:\Users\admin\Desktop\PrismLauncher-Windows-MSVC-Setup-9.1.exe" C:\Users\admin\Desktop\PrismLauncher-Windows-MSVC-Setup-9.1.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Prism Launcher Installer
Exit code:
0
Version:
9.1.0.0
Modules
Images
c:\users\admin\desktop\prismlauncher-windows-msvc-setup-9.1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
13 352
Read events
12 708
Write events
465
Delete events
179

Modification events

(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\PrismLauncher
Operation:writeName:InstallDir
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CLASSES_ROOT\curseforge
Operation:writeName:URL Protocol
Value:
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CLASSES_ROOT\prismlauncher
Operation:writeName:URL Protocol
Value:
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:DisplayName
Value:
Prism Launcher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PrismLauncher\uninstall.exe" _?=C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PrismLauncher\uninstall.exe" /S _?=C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:Publisher
Value:
Prism Launcher Contributors
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:Version
Value:
9.1.0.0
Executable files
100
Suspicious files
63
Text files
103
Unknown types
1

Dropped files

PID
Process
Filename
Type
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\qtlogging.initext
MD5:58967A7FCC8CD9D2BDB9B0FC24EED94D
SHA256:BA15AEE260E7CA1D48016546BAB52FE30C3DA264356B629739C125CD4EB3C700
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher_filelink.exeexecutable
MD5:0EC4DB5ACDC8FD5E9CE2206E34F1C17E
SHA256:9DD0F1445E2DEB46D7CE38AB516988067A994B66B2235A3CC97541D1DFBF7697
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Temp\nstCFAE.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\Qt6Core5Compat.dllexecutable
MD5:49F13638989B994AFB8F47755152DEE8
SHA256:298AF983B948AC481C3417887D5D53CAFF5F68C654F94BFFDF23A50974D50075
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Temp\nstCFAE.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher_updater.exeexecutable
MD5:8C1BB4354FEECC8A62ADE1A82F385181
SHA256:B84CA80DCAD5F212C3C6304DCCD38ED5A70A225D64345A02A7EBB3D38F2E4275
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\Qt6Svg.dllexecutable
MD5:AFFBBFD53FD7EEB00E6851CA46B4F191
SHA256:01000B464FBF9B9C9989367CBE973DFF0D0B7CE893E24476022A097AE05C51BE
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dllexecutable
MD5:84632E762AE7601B8C45B5F48E3C7531
SHA256:CED3AEF690624B1186660BAA85C7D2C3319D46F5C0194EEAFE39E2377643E1D4
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\Qt6NetworkAuth.dllexecutable
MD5:8C308B0A574781059A21FB5CA95FD95E
SHA256:54455722028B0203D2C6C8019CD5F7260ED89FBA03199B5719A4B79364E5EBF2
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Temp\nstCFAE.tmp\nsDialogs.dllexecutable
MD5:B7D61F3F56ABF7B7FF0D4E7DA3AD783D
SHA256:89A82C4849C21DFE765052681E1FAD02D2D7B13C8B5075880C52423DCA72A912
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
26
DNS requests
12
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6908
RUXIMICS.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6908
RUXIMICS.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
52.170.7.25:443
https://aka.ms/vs/17/release/vc_redist.x64.exe
unknown
unknown
5700
msiexec.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5700
msiexec.exe
GET
200
104.76.201.160:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
GET
200
185.199.111.153:443
https://i18n.prismlauncher.org/index_v2.json
unknown
binary
21.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6908
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6908
RUXIMICS.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6908
RUXIMICS.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 2.23.181.156
  • 104.76.201.160
whitelisted
aka.ms
  • 184.30.22.2
whitelisted
download.visualstudio.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
i18n.prismlauncher.org
  • 185.199.108.153
  • 185.199.110.153
  • 185.199.111.153
  • 185.199.109.153
unknown
self.events.data.microsoft.com
  • 20.189.173.26
whitelisted
prismlauncher.org
  • 3.75.10.80
  • 3.124.100.143
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Potential Corporate Privacy Violation
ET POLICY User-Agent (Launcher)
Potential Corporate Privacy Violation
ET POLICY User-Agent (Launcher)
Process
Message
msiexec.exe
Failed to release Service
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PrismLauncher-Windows-MSVC-Setup-9.1.exe