URL:

https://github.com/PrismLauncher/PrismLauncher/releases/download/11.0.2/PrismLauncher-Windows-MSVC-Setup-11.0.2.exe

Full analysis: https://app.any.run/tasks/af3c03b5-2f6f-46a4-983e-e1dadcb77bc9
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 22, 2026, 18:17:46
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
github
auto
generic
loader
Indicators:
MD5:

D21C7A1768E89306775F595304D3E4E6

SHA1:

B8CBC4D2D5036385076CD5E99AD608B1D8FA91A0

SHA256:

FE70FEA345468429EFF7A00690FF957D4CB8B56768DBF96A8F58783DEF3AE04D

SSDEEP:

3:N8tEdbeGNLdeGNXE2kCUS85IqeGNJKbFChbNn:2ufpL1r6SDunKbFC9Nn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • msiexec.exe (PID: 8904)

    • Changes the autorun value in the registry

      • VC_redist.x64.exe (PID: 8944)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)

    • Executable content was dropped or overwritten

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)
      • vc_redist.x64.exe (PID: 8808)
      • vc_redist.x64.exe (PID: 8740)
      • VC_redist.x64.exe (PID: 8944)
      • VC_redist.x64.exe (PID: 2340)
      • VC_redist.x64.exe (PID: 3612)

    • Uses TASKKILL.EXE to kill process

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)

    • The process creates files with name similar to system file names

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)

    • Starts itself from another location

      • vc_redist.x64.exe (PID: 8808)

    • Starts a Microsoft application from unusual location

      • VC_redist.x64.exe (PID: 8944)
      • vc_redist.x64.exe (PID: 8808)

    • Executes as Windows Service

      • VSSVC.exe (PID: 9048)

    • Searches for installed software

      • vc_redist.x64.exe (PID: 8808)
      • dllhost.exe (PID: 9004)
      • VC_redist.x64.exe (PID: 2340)
      • VC_redist.x64.exe (PID: 3612)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 8904)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 8904)

    • Application launched itself

      • VC_redist.x64.exe (PID: 9164)
      • VC_redist.x64.exe (PID: 2340)

    • Potential Corporate Privacy Violation

      • prismlauncher_updater.exe (PID: 3640)
      • prismlauncher.exe (PID: 8308)

  • INFO

    • The sample compiled with english language support

      • msedge.exe (PID: 7608)
      • msedge.exe (PID: 4280)
      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)
      • vc_redist.x64.exe (PID: 8808)
      • vc_redist.x64.exe (PID: 8740)
      • VC_redist.x64.exe (PID: 8944)
      • msiexec.exe (PID: 8904)
      • VC_redist.x64.exe (PID: 2340)
      • VC_redist.x64.exe (PID: 3612)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7608)

    • Application launched itself

      • msedge.exe (PID: 7608)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4280)
      • msedge.exe (PID: 7608)
      • msiexec.exe (PID: 8904)

    • Reads the computer name

      • identity_helper.exe (PID: 5632)
      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)
      • VC_redist.x64.exe (PID: 8944)
      • vc_redist.x64.exe (PID: 8808)
      • msiexec.exe (PID: 8904)
      • VC_redist.x64.exe (PID: 3612)
      • VC_redist.x64.exe (PID: 2340)
      • prismlauncher_updater.exe (PID: 3640)
      • prismlauncher.exe (PID: 8308)

    • Checks supported languages

      • identity_helper.exe (PID: 5632)
      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)
      • vc_redist.x64.exe (PID: 8740)
      • VC_redist.x64.exe (PID: 8944)
      • vc_redist.x64.exe (PID: 8808)
      • msiexec.exe (PID: 8904)
      • VC_redist.x64.exe (PID: 9164)
      • VC_redist.x64.exe (PID: 2340)
      • VC_redist.x64.exe (PID: 3612)
      • prismlauncher.exe (PID: 8308)
      • prismlauncher_updater.exe (PID: 3640)
      • prismlauncher.exe (PID: 8372)

    • Reads Environment values

      • identity_helper.exe (PID: 5632)

    • Create files in a temporary directory

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)
      • vc_redist.x64.exe (PID: 8740)
      • vc_redist.x64.exe (PID: 8808)
      • VC_redist.x64.exe (PID: 8944)
      • VC_redist.x64.exe (PID: 2340)
      • prismlauncher.exe (PID: 8308)

    • Creates files or folders in the user directory

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)
      • msiexec.exe (PID: 8904)
      • prismlauncher.exe (PID: 8308)
      • prismlauncher_updater.exe (PID: 3640)

    • Creates a software uninstall entry

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)
      • msiexec.exe (PID: 8904)
      • VC_redist.x64.exe (PID: 8944)

    • Reads the machine GUID from the registry

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)
      • VC_redist.x64.exe (PID: 8944)
      • msiexec.exe (PID: 8904)
      • prismlauncher.exe (PID: 8308)

    • Reads security settings of Internet Explorer

      • vc_redist.x64.exe (PID: 8808)
      • VC_redist.x64.exe (PID: 2340)

    • Process checks computer location settings

      • vc_redist.x64.exe (PID: 8808)
      • VC_redist.x64.exe (PID: 2340)
      • prismlauncher.exe (PID: 8308)
      • prismlauncher_updater.exe (PID: 3640)

    • Launching a file from a Registry key

      • VC_redist.x64.exe (PID: 8944)

    • There is functionality for taking screenshot (YARA)

      • PrismLauncher-Windows-MSVC-Setup-11.0.2.exe (PID: 8444)

    • Manages system restore points

      • SrTasks.exe (PID: 8880)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • prismlauncher.exe (PID: 8308)

    • Reads the time zone

      • prismlauncher.exe (PID: 8308)
      • prismlauncher_updater.exe (PID: 3640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
221
Monitored processes
71
Malicious processes
2
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs prismlauncher-windows-msvc-setup-11.0.2.exe taskkill.exe no specs conhost.exe no specs vc_redist.x64.exe vc_redist.x64.exe vc_redist.x64.exe SPPSurrogate no specs vssvc.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs #GENERIC msiexec.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs vc_redist.x64.exe no specs msedge.exe no specs vc_redist.x64.exe vc_redist.x64.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs prismlauncher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs prismlauncher_updater.exe prismlauncher.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3556,i,10571937510883057449,17487761542395366254,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7724,i,10571937510883057449,17487761542395366254,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=9152 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2160"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6584,i,10571937510883057449,17487761542395366254,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2340"C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" -burn.filehandle.attached=668 -burn.filehandle.self=652 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d8bbe9f9-7c5b-42c6-b715-9ee898a2e515} -burn.filehandle.self=1196 -burn.embedded BurnPipe.{9BAD8554-CD0F-4666-A6FC-E67F6E2ECC1E} {31A3F78A-DA68-43D7-9BEB-D6AD7CBAD75B} 8944C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
VC_redist.x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7892,i,10571937510883057449,17487761542395366254,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=8344 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2428"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6224,i,10571937510883057449,17487761542395366254,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2452"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x294,0x298,0x29c,0x28c,0x2a4,0x7ffe2392f208,0x7ffe2392f214,0x7ffe2392f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2656"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=3872,i,10571937510883057449,17487761542395366254,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=3832,i,10571937510883057449,17487761542395366254,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3140"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=3988,i,10571937510883057449,17487761542395366254,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
35 666
Read events
34 658
Write events
630
Delete events
378

Modification events

(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CURRENT_USER\SOFTWARE\PrismLauncher
Operation:writeName:InstallDir
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CLASSES_ROOT\curseforge
Operation:writeName:URL Protocol
Value:
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CLASSES_ROOT\prismlauncher
Operation:writeName:URL Protocol
Value:
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:DisplayName
Value:
Prism Launcher
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PrismLauncher\uninstall.exe" _?=C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PrismLauncher\uninstall.exe" /S _?=C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\PrismLauncher
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:Publisher
Value:
Prism Launcher Contributors
(PID) Process:(8444) PrismLauncher-Windows-MSVC-Setup-11.0.2.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrismLauncher
Operation:writeName:Version
Value:
11.0.2.0
Executable files
199
Suspicious files
1 905
Text files
691
Unknown types
136

Dropped files

PID
Process
Filename
Type
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFdfde8.TMP
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFdfdf8.TMP
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFdfdf8.TMP
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFdfe08.TMP
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFdfe08.TMP
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7608msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFdfe27.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 137
TCP/UDP connections
217
DNS requests
293
Threats
64

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4280
msedge.exe
GET
302
140.82.121.3:443
https://github.com/PrismLauncher/PrismLauncher/releases/download/11.0.2/PrismLauncher-Windows-MSVC-Setup-11.0.2.exe
US
whitelisted
4280
msedge.exe
GET
304
150.171.28.11:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
US
whitelisted
4280
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
132 b
whitelisted
4280
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
4280
msedge.exe
GET
200
150.171.109.100:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
binary
82 b
whitelisted
4280
msedge.exe
GET
200
185.199.109.133:443
https://release-assets.githubusercontent.com/github-production-release-asset/553135896/8544e5e9-731e-43f0-88ef-5e266e604669?sp=r&sv=2018-11-09&sr=b&spr=https&se=2026-04-22T19%3A11%3A13Z&rscd=attachment%3B+filename%3DPrismLauncher-Windows-MSVC-Setup-11.0.2.exe&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2026-04-22T18%3A10%3A25Z&ske=2026-04-22T19%3A11%3A13Z&sks=b&skv=2018-11-09&sig=H65cw0RKVDKT1%2FguUt4I6BhZrhx%2BVV7dEpr6%2BE2Z67k%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc3Njg4MzY3MywibmJmIjoxNzc2ODgxODczLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.bQhvG_KSU63OGklTA9VHQXGfhYJfkbsQhCcX5lITWTo&response-content-disposition=attachment%3B%20filename%3DPrismLauncher-Windows-MSVC-Setup-11.0.2.exe&response-content-type=application%2Foctet-stream
US
executable
5.00 Mb
whitelisted
7608
msedge.exe
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBTDHsfuqfubd3pihvq4mgQVWgHWNwQUyH7SaoUqG8oZmAQHJ89QEE9oqKICEzMAAAAHh6M0o3uljhwAAAAAAAc%3D
US
binary
2.60 Kb
whitelisted
5316
svchost.exe
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
NL
binary
471 b
whitelisted
7608
msedge.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20CS%20EOC%20CA%2003.crl
US
binary
1.12 Kb
whitelisted
7608
msedge.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20Code%20Signing%20PCA%202021.crl
US
binary
785 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5276
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
128.24.231.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7984
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.16.241.218:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
5532
SearchApp.exe
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4280
msedge.exe
52.123.243.65:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4280
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4280
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 128.24.231.64
whitelisted
google.com
  • 142.251.14.102
  • 142.251.14.101
  • 142.251.14.113
  • 142.251.14.138
  • 142.251.14.139
  • 142.251.14.100
whitelisted
www.bing.com
  • 2.16.241.218
  • 2.16.241.205
  • 2.16.241.207
  • 2.16.241.222
  • 23.36.162.79
  • 23.36.162.85
  • 23.36.162.76
  • 23.36.162.86
  • 23.36.162.73
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 52.123.243.65
  • 52.123.224.75
  • 52.123.243.92
whitelisted
github.com
  • 140.82.121.3
whitelisted
api.edgeoffer.microsoft.com
  • 150.171.109.100
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted
release-assets.githubusercontent.com
  • 185.199.109.133
  • 185.199.110.133
  • 185.199.111.133
  • 185.199.108.133
whitelisted

Threats

PID
Process
Class
Message
4280
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access release user assets on GitHub
4280
msedge.exe
Misc activity
ET INFO EXE - Served Attached HTTP
8444
PrismLauncher-Windows-MSVC-Setup-11.0.2.exe
Misc activity
ET INFO EXE - Served Attached HTTP
8308
prismlauncher.exe
Potential Corporate Privacy Violation
ET INFO User-Agent (Launcher)
4280
msedge.exe
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
3640
prismlauncher_updater.exe
Potential Corporate Privacy Violation
ET INFO User-Agent (Launcher)
8308
prismlauncher.exe
Potential Corporate Privacy Violation
ET INFO User-Agent (Launcher)
8308
prismlauncher.exe
Potential Corporate Privacy Violation
ET INFO User-Agent (Launcher)
8308
prismlauncher.exe
Potential Corporate Privacy Violation
ET INFO User-Agent (Launcher)
8308
prismlauncher.exe
Potential Corporate Privacy Violation
ET INFO User-Agent (Launcher)
Process
Message
msiexec.exe
Failed to release Service
prismlauncher.exe
Destination file: "C:/Users/admin/AppData/Roaming/PrismLauncher/logs/PrismLauncher-4.log"
prismlauncher.exe
Failed to copy files: "The system cannot find the file specified."
prismlauncher.exe
Source file: "C:/Users/admin/AppData/Roaming/PrismLauncher/logs/PrismLauncher-1.log"
prismlauncher.exe
Failed to copy files: "The system cannot find the file specified."
prismlauncher.exe
Source file: "C:/Users/admin/AppData/Roaming/PrismLauncher/logs/PrismLauncher-2.log"
prismlauncher.exe
Copy of "logs/PrismLauncher-2.log" to "logs/PrismLauncher-3.log" failed!
prismlauncher.exe
Destination file: "C:/Users/admin/AppData/Roaming/PrismLauncher/logs/PrismLauncher-3.log"
prismlauncher.exe
Move of "logs/PrismLauncher-3.log" to "logs/PrismLauncher-4.log" failed!
prismlauncher.exe
Failed to move file: "The system cannot find the file specified." "2"
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/PrismLauncher/PrismLauncher/releases/download/11.0.2/PrismLauncher-Windows-MSVC-Setup-11.0.2.exe