File name:

PrismLauncher-Windows-MSVC-Setup-9.1.exe

Full analysis: https://app.any.run/tasks/9aa92267-2651-4aee-be65-cda5ab235095
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 10, 2024, 00:28:19
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

255C5FC4DDD206F19D6FDB69B147B5F6

SHA1:

DC7B59BDBB3FD8F065B8A53E2B8F742F24E12888

SHA256:

E1C336A931699AF16DE244550DA8CE7E1F9B70FD8023AA2FF896D52A603B740F

SSDEEP:

196608:hCFH+/4/qPoxMeuHzDkPZYAXXqI74rEO+FTon2f6Ag7xeDrSe:hCo/4vxYTaRXXqI7AP+FEzASxa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Creates a software uninstall entry

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Process drops legitimate windows executable

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 7156)
      • vc_redist.x64.exe (PID: 6952)
      • msiexec.exe (PID: 5700)
      • VC_redist.x64.exe (PID: 3108)
      • VC_redist.x64.exe (PID: 5464)

    • Executable content was dropped or overwritten

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 6952)
      • VC_redist.x64.exe (PID: 5464)
      • VC_redist.x64.exe (PID: 7100)
      • VC_redist.x64.exe (PID: 3108)
      • vc_redist.x64.exe (PID: 7156)

    • Uses TASKKILL.EXE to kill process

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Starts a Microsoft application from unusual location

      • vc_redist.x64.exe (PID: 6952)
      • VC_redist.x64.exe (PID: 5464)

    • Searches for installed software

      • vc_redist.x64.exe (PID: 6952)
      • dllhost.exe (PID: 6148)

    • Reads security settings of Internet Explorer

      • vc_redist.x64.exe (PID: 6952)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7044)

    • Starts itself from another location

      • vc_redist.x64.exe (PID: 6952)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 5700)

    • Application launched itself

      • VC_redist.x64.exe (PID: 4004)
      • VC_redist.x64.exe (PID: 7100)

    • There is functionality for taking screenshot (YARA)

      • VC_redist.x64.exe (PID: 5464)

  • INFO

    • Checks supported languages

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 7156)
      • vc_redist.x64.exe (PID: 6952)
      • VC_redist.x64.exe (PID: 5464)

    • Reads the computer name

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 6952)
      • VC_redist.x64.exe (PID: 5464)

    • Create files in a temporary directory

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 7156)
      • vc_redist.x64.exe (PID: 6952)

    • The process uses the downloaded file

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)
      • vc_redist.x64.exe (PID: 6952)

    • Creates files or folders in the user directory

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Reads the machine GUID from the registry

      • PrismLauncher-Windows-MSVC-Setup-9.1.exe (PID: 5748)

    • Manages system restore points

      • SrTasks.exe (PID: 1580)

    • Process checks computer location settings

      • vc_redist.x64.exe (PID: 6952)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x3552
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 9.1.0.0
ProductVersionNumber: 9.1.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileDescription: Prism Launcher Installer
FileVersion: 9.1.0.0
LegalCopyright: © 2022-2024 Prism Launcher Contributors\n© 2021-2022 PolyMC Contributors\n© 2012-2021 MultiMC Contributors
ProductName: Prism Launcher
ProductVersion: 9.1.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
150
Monitored processes
21
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start prismlauncher-windows-msvc-setup-9.1.exe taskkill.exe no specs conhost.exe no specs vc_redist.x64.exe vc_redist.x64.exe THREAT vc_redist.x64.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x64.exe no specs vc_redist.x64.exe vc_redist.x64.exe prismlauncher.exe no specs javaw.exe no specs javaw.exe no specs javaw.exe no specs icacls.exe no specs conhost.exe no specs javaw.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1580C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1588javaw -jar C:/Users/admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jarC:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_2989500\javaw.exeprismlauncher.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
2056"C:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"C:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exePrismLauncher-Windows-MSVC-Setup-9.1.exe
User:
admin
Company:
MultiMC & Prism Launcher Contributors
Integrity Level:
MEDIUM
Description:
Prism Launcher
Version:
9.1.0.0
2660"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar C:/Users/admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jarC:\Program Files\Java\jre1.8.0_271\bin\javaw.exeprismlauncher.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
3108"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D782DEED-FD09-47CA-8800-685049413C2C} {1F7F6BC1-4BF9-4CA9-9854-E791FC052F52} 7100C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
VC_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
4004"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={77169412-f642-45e7-b533-0c6f48de12f9} -burn.filehandle.self=1132 -burn.embedded BurnPipe.{36AB0BD4-B33F-4FBC-8540-960E392A7D3E} {783861E9-B3F5-413D-8B2D-8E1078DE327A} 5464C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exeVC_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
5464"C:\Users\admin\AppData\Local\Temp\{FE6BE6A0-D043-40B4-8793-F7DC58870473}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{CE0D54B5-621C-4B7F-B478-63BCDEF1F63E} {3D9BED32-6ABA-42DE-9BD4-4C4E769C8FA7} 6952C:\Users\admin\AppData\Local\Temp\{FE6BE6A0-D043-40B4-8793-F7DC58870473}\.be\VC_redist.x64.exe
vc_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33816
Exit code:
3010
Version:
14.40.33816.0
Modules
Images
c:\users\admin\appdata\local\temp\{fe6be6a0-d043-40b4-8793-f7dc58870473}\.be\vc_redist.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5640"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jarC:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_2989500\javaw.exeprismlauncher.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
5700C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5748"C:\Users\admin\Desktop\PrismLauncher-Windows-MSVC-Setup-9.1.exe" C:\Users\admin\Desktop\PrismLauncher-Windows-MSVC-Setup-9.1.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Prism Launcher Installer
Exit code:
0
Version:
9.1.0.0
Modules
Images
c:\users\admin\desktop\prismlauncher-windows-msvc-setup-9.1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
13 352
Read events
12 708
Write events
465
Delete events
179

Modification events

(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\PrismLauncher
Operation:writeName:InstallDir
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CLASSES_ROOT\curseforge
Operation:writeName:URL Protocol
Value:
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CLASSES_ROOT\prismlauncher
Operation:writeName:URL Protocol
Value:
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:DisplayName
Value:
Prism Launcher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PrismLauncher\uninstall.exe" _?=C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PrismLauncher\uninstall.exe" /S _?=C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:Publisher
Value:
Prism Launcher Contributors
(PID) Process:(5748) PrismLauncher-Windows-MSVC-Setup-9.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:Version
Value:
9.1.0.0
Executable files
100
Suspicious files
63
Text files
103
Unknown types
1

Dropped files

PID
Process
Filename
Type
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\qt.confbinary
MD5:7215EE9C7D9DC229D2921A40E899EC5F
SHA256:36A9E7F1C95B82FFB99743E0C5C4CE95D83C9A430AAC59F84EF3CBFAB6145068
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\Qt6Gui.dllexecutable
MD5:84632E762AE7601B8C45B5F48E3C7531
SHA256:CED3AEF690624B1186660BAA85C7D2C3319D46F5C0194EEAFE39E2377643E1D4
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Temp\nstCFAE.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exeexecutable
MD5:34ED8C4DECB9E92348E79FA146FF5E1B
SHA256:A048F77170B58BF5B1324EF9BA5ABCB124715568EAA31B371E9B8B32E25AF6B3
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\qtlogging.initext
MD5:58967A7FCC8CD9D2BDB9B0FC24EED94D
SHA256:BA15AEE260E7CA1D48016546BAB52FE30C3DA264356B629739C125CD4EB3C700
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher_updater.exeexecutable
MD5:8C1BB4354FEECC8A62ADE1A82F385181
SHA256:B84CA80DCAD5F212C3C6304DCCD38ED5A70A225D64345A02A7EBB3D38F2E4275
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\imageformats\qicns.dllexecutable
MD5:65682BA0E5E6931BDB9EDD3179B08A1E
SHA256:A741826ED2E3FA95F1B2C0D31931C00B3BA9488664A92357A8F3CB09A94D4C3E
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Temp\nstCFAE.tmp\System.dllexecutable
MD5:192639861E3DC2DC5C08BB8F8C7260D5
SHA256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\Qt6NetworkAuth.dllexecutable
MD5:8C308B0A574781059A21FB5CA95FD95E
SHA256:54455722028B0203D2C6C8019CD5F7260ED89FBA03199B5719A4B79364E5EBF2
5748PrismLauncher-Windows-MSVC-Setup-9.1.exeC:\Users\admin\AppData\Local\Programs\PrismLauncher\Qt6Widgets.dllexecutable
MD5:1DA8E191C6D2ED3935791F816A829B77
SHA256:3FAC74F2736EE0850657005CEADE2A4EDEF6E97D58C764E77C2E39E629E04E82
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
26
DNS requests
12
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6908
RUXIMICS.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6908
RUXIMICS.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
52.170.7.25:443
https://aka.ms/vs/17/release/vc_redist.x64.exe
unknown
5700
msiexec.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5700
msiexec.exe
GET
200
104.76.201.160:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
GET
200
185.199.111.153:443
https://i18n.prismlauncher.org/index_v2.json
unknown
binary
21.2 Kb
5488
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6908
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6908
RUXIMICS.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6908
RUXIMICS.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 2.23.181.156
  • 104.76.201.160
whitelisted
aka.ms
  • 184.30.22.2
whitelisted
download.visualstudio.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
i18n.prismlauncher.org
  • 185.199.108.153
  • 185.199.110.153
  • 185.199.111.153
  • 185.199.109.153
unknown
self.events.data.microsoft.com
  • 20.189.173.26
whitelisted
prismlauncher.org
  • 3.75.10.80
  • 3.124.100.143
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Potential Corporate Privacy Violation
ET POLICY User-Agent (Launcher)
Potential Corporate Privacy Violation
ET POLICY User-Agent (Launcher)
Process
Message
msiexec.exe
Failed to release Service
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PrismLauncher-Windows-MSVC-Setup-9.1.exe