File name:

Launcher.exe

Full analysis: https://app.any.run/tasks/2417bfd6-5dd8-4bb1-a1ed-eb038c65bc37
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 15, 2026, 22:02:36
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
salatstealer
stealer
ms-smartcard
upx
susp-powershell
golang
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

F828782533295EF975D1E91D3C9369DB

SHA1:

3D9337A5BD9E5B38955DFC0670C3C08CFE60B6B8

SHA256:

625AFDCEF21F99F8C2CD2E1277C98A0F13887966A231801B34C996183EA82176

SSDEEP:

98304:vrc9heAIlPMcPtgtnGZWhx5ORSpArXFuI4TiyjQ5GU3OPWdQzdLAkPOhHLOOLKGh:JrIBxl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • SALATSTEALER has been detected (SURICATA)

      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)

    • Actions looks like stealing of personal data

      • StartMenuExperienceHost.exe (PID: 3388)

    • Steals credentials from Web Browsers

      • StartMenuExperienceHost.exe (PID: 3388)

    • SALATSTEALER mutex has been found

      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)

    • SALATSTEALER has been detected (YARA)

      • StartMenuExperienceHost.exe (PID: 3388)

  • SUSPICIOUS

    • Starts itself from another location

      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)

    • The process creates files with name similar to system file names

      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)

    • Executable content was dropped or overwritten

      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)

    • Possible stealing of messenger data

      • StartMenuExperienceHost.exe (PID: 3388)

    • Possible stealing from crypto wallets

      • StartMenuExperienceHost.exe (PID: 3388)

    • Starts POWERSHELL.EXE for commands execution

      • StartMenuExperienceHost.exe (PID: 3388)

    • Application launched itself

      • Launcher.exe (PID: 3652)

    • Multiple wallet extension IDs have been found

      • StartMenuExperienceHost.exe (PID: 3388)

    • Gets path to any of the special folders (POWERSHELL)

      • powershell.exe (PID: 4220)

  • INFO

    • Checks supported languages

      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)
      • StartMenuExperienceHost.exe (PID: 7844)
      • Launcher.exe (PID: 3652)
      • StartMenuExperienceHost.exe (PID: 8332)

    • Reads the machine GUID from the registry

      • Launcher.exe (PID: 3652)
      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)
      • StartMenuExperienceHost.exe (PID: 7844)
      • StartMenuExperienceHost.exe (PID: 8332)

    • Process checks computer location settings

      • Launcher.exe (PID: 3652)

    • Reads security settings of Internet Explorer

      • Launcher.exe (PID: 3652)

    • Reads the computer name

      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)
      • StartMenuExperienceHost.exe (PID: 7844)
      • Launcher.exe (PID: 3652)
      • StartMenuExperienceHost.exe (PID: 8332)

    • Creates files in the program directory

      • Launcher.exe (PID: 3716)
      • StartMenuExperienceHost.exe (PID: 3388)

    • Create files in a temporary directory

      • StartMenuExperienceHost.exe (PID: 3388)

    • Drops script file

      • StartMenuExperienceHost.exe (PID: 3388)
      • powershell.exe (PID: 4220)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • StartMenuExperienceHost.exe (PID: 3388)

    • Checks current location (POWERSHELL)

      • powershell.exe (PID: 4220)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 4220)

    • Found Base64 encoded access to environment variables via PowerShell (YARA)

      • StartMenuExperienceHost.exe (PID: 3388)

    • UPX packer has been detected

      • StartMenuExperienceHost.exe (PID: 3388)

    • Detects GO elliptic curve encryption (YARA)

      • StartMenuExperienceHost.exe (PID: 3388)

    • There is functionality for taking screenshot (YARA)

      • StartMenuExperienceHost.exe (PID: 3388)

    • Application based on Golang

      • StartMenuExperienceHost.exe (PID: 3388)

    • Found Base64 encoded access to Windows Defender via PowerShell (YARA)

      • StartMenuExperienceHost.exe (PID: 3388)

    • Checks proxy server information

      • slui.exe (PID: 6468)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 4220)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (64.2)
.dll | Win32 Dynamic Link Library (generic) (15.6)
.exe | Win32 Executable (generic) (10.6)
.exe | Generic Win/DOS Executable (4.7)
.exe | DOS Executable Generic (4.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 0000:00:00 00:00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 3
CodeSize: 3297280
InitializedDataSize: 4096
UninitializedDataSize: 8810496
EntryPoint: 0xb8bcd0
OSVersion: 6.1
ImageVersion: 1
SubsystemVersion: 6.1
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
10
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start launcher.exe no specs #SALATSTEALER launcher.exe #SALATSTEALER startmenuexperiencehost.exe powershell.exe no specs conhost.exe no specs startmenuexperiencehost.exe no specs startmenuexperiencehost.exe no specs slui.exe updater.exe no specs updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3388"C:\Program Files (x86)\Windows Multimedia Platform\StartMenuExperienceHost.exe"C:\Program Files (x86)\Windows Multimedia Platform\StartMenuExperienceHost.exe
Launcher.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\program files (x86)\windows multimedia platform\startmenuexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3652"C:\Users\admin\Desktop\Launcher.exe" C:\Users\admin\Desktop\Launcher.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
2
Modules
Images
c:\users\admin\desktop\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3716"C:\Users\admin\Desktop\Launcher.exe" C:\Users\admin\Desktop\Launcher.exe
Launcher.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4220powershell.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeStartMenuExperienceHost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5508"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --wake --systemC:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exesvchost.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
Modules
Images
c:\program files (x86)\google\googleupdater\134.0.6985.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
6468C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7020\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7844"C:\Program Files\Google\Chrome\Application\StartMenuExperienceHost.exe" -C:\Program Files\Google\Chrome\Application\StartMenuExperienceHost.exeStartMenuExperienceHost.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\google\chrome\application\startmenuexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
8028"C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=134.0.6985.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x139c460,0x139c46c,0x139c478C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exeupdater.exe
User:
SYSTEM
Company:
Google LLC
Integrity Level:
SYSTEM
Description:
Google Updater
Exit code:
0
Version:
134.0.6985.0
Modules
Images
c:\program files (x86)\google\googleupdater\134.0.6985.0\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
8332"C:\Program Files (x86)\Microsoft\Edge\Application\StartMenuExperienceHost.exe" -C:\Program Files (x86)\Microsoft\Edge\Application\StartMenuExperienceHost.exeStartMenuExperienceHost.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files (x86)\microsoft\edge\application\startmenuexperiencehost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
11 451
Read events
11 451
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
1
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
4220powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_cvkydbcr.eit.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
4220powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_woohsc33.kb1.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
4220powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_jibgxfpv.lqw.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
3716Launcher.exeC:\Program Files (x86)\Windows Multimedia Platform\StartMenuExperienceHost.exeexecutable
MD5:F828782533295EF975D1E91D3C9369DB
SHA256:625AFDCEF21F99F8C2CD2E1277C98A0F13887966A231801B34C996183EA82176
8028updater.exeC:\Program Files (x86)\Google\GoogleUpdater\updater.logtext
MD5:AE30A378A4F2EFF927C6FE1FC61F51AC
SHA256:14C07B6CCA6C433E594163BF379375F1A5A6B19594BEA03F7C5E19C5FE244B67
4220powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_wgrolczy.cbm.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
4220powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactivebinary
MD5:0BAF9317DE8C2ED0316A3CB4B057ACD1
SHA256:B7905BF49E08DE735529E605EFEFFB01916B9AEA0B528ED537D92E8ACD74F6C1
3716Launcher.exeC:\Program Files (x86)\Windows Media Player\conhost.exeexecutable
MD5:F828782533295EF975D1E91D3C9369DB
SHA256:625AFDCEF21F99F8C2CD2E1277C98A0F13887966A231801B34C996183EA82176
3388StartMenuExperienceHost.exeC:\Program Files\Google\Chrome\Application\StartMenuExperienceHost.exeexecutable
MD5:F828782533295EF975D1E91D3C9369DB
SHA256:625AFDCEF21F99F8C2CD2E1277C98A0F13887966A231801B34C996183EA82176
3388StartMenuExperienceHost.exeC:\Program Files (x86)\Microsoft\Edge\Application\StartMenuExperienceHost.exeexecutable
MD5:F828782533295EF975D1E91D3C9369DB
SHA256:625AFDCEF21F99F8C2CD2E1277C98A0F13887966A231801B34C996183EA82176
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
67
TCP/UDP connections
63
DNS requests
24
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
200
2.16.164.24:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
20.190.159.71:443
https://login.live.com/RST2.srf
unknown
text
10.3 Kb
unknown
3344
svchost.exe
GET
200
2.16.164.24:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
20.190.159.68:443
https://login.live.com/RST2.srf
unknown
binary
11.1 Kb
unknown
356
svchost.exe
POST
200
20.190.159.73:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
356
svchost.exe
POST
200
20.190.159.73:443
https://login.live.com/RST2.srf
unknown
text
10.3 Kb
whitelisted
4200
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
356
svchost.exe
POST
200
20.190.159.73:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
POST
200
40.126.31.129:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
unknown
POST
403
23.52.181.212:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
unknown
text
384 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3344
svchost.exe
2.16.164.24:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.16.164.24:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
2.16.164.24:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
356
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 51.104.136.2
whitelisted
self.events.data.microsoft.com
  • 20.44.10.123
  • 20.42.73.31
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
google.com
  • 172.217.20.142
whitelisted
crl.microsoft.com
  • 2.16.164.24
  • 2.16.164.89
  • 2.16.164.49
  • 2.16.164.81
  • 2.16.164.107
  • 2.16.164.114
  • 2.16.164.17
  • 2.16.164.72
  • 2.16.164.34
  • 2.16.164.120
whitelisted
login.live.com
  • 20.190.159.73
  • 20.190.159.0
  • 20.190.159.4
  • 20.190.159.68
  • 20.190.159.23
  • 20.190.159.71
  • 40.126.31.2
  • 40.126.31.1
whitelisted
dns.google
  • 8.8.8.8
  • 8.8.4.4
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
slscr.update.microsoft.com
  • 135.233.95.144
whitelisted
www.microsoft.com
  • 23.52.181.212
  • 88.221.169.152
whitelisted

Threats

PID
Process
Class
Message
2292
svchost.exe
Misc activity
INFO [ANY.RUN] Google DNS-over-HTTPS service requested (dns. google)
3716
Launcher.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Salatstealer JA3 hash observed
3716
Launcher.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Salatstealer JA3 hash observed
3716
Launcher.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Salatstealer JA3 hash observed
3716
Launcher.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Salatstealer related domain (salator .es)
3716
Launcher.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Salatstealer JA3 hash observed
3388
StartMenuExperienceHost.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Salatstealer JA3 hash observed
3388
StartMenuExperienceHost.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Salatstealer JA3 hash observed
3388
StartMenuExperienceHost.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Win32/Salatstealer JA3 hash observed
3388
StartMenuExperienceHost.exe
A Network Trojan was detected
MALWARE [ANY.RUN] Salatstealer related domain (salator .es)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Launcher.exe