Malware analysis RuLauncher.Updater.RuLauncher.exe Malicious activity

Add for printing

File name:	RuLauncher.Updater.RuLauncher.exe
Full analysis:	https://app.any.run/tasks/927950d0-fe7b-482c-8d93-0d5697e97d4f
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	November 26, 2024, 10:26:41
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	loader arch-doc
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:	0B9BF8B76A3A5B5CAC5C8E7799714FC1
SHA1:	A492BC38245E5350D9D0473B3CFB06543BE204D7
SHA256:	98B332FD82261BD5FC52795F62A5BAC80094E3FDBA7A6C9AFF1D3069306B6717
SSDEEP:	98304:NXTC5e5gX0JLz0OK5VWYLjM1Ne8Um92a0niKXqicxWyX92nK+/9Q9cw3ABeRbs11:mTlVjK5VsImUn1hKI2+V

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Reads security settings of Internet Explorer
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Checks for Java to be installed
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Potential Corporate Privacy Violation
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Executable content was dropped or overwritten
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
  - java.exe (PID: 4516)
  - java.exe (PID: 5548)
- Process requests binary or script from the Internet
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Process drops legitimate windows executable
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- The process drops C-runtime libraries
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
INFO
- Reads the computer name
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Reads Environment values
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Checks supported languages
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Creates files or folders in the user directory
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Reads the machine GUID from the registry
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)
- Reads product name
  - RuLauncher.Updater.RuLauncher.exe (PID: 6800)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Generic CIL Executable (.NET, Mono, etc.) (63.1)
.exe	\|	Win64 Executable (generic) (23.8)
.dll	\|	Win32 Dynamic Link Library (generic) (5.6)
.exe	\|	Win32 Executable (generic) (3.8)
.exe	\|	Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:01:14 21:49:36+00:00
ImageFileCharacteristics:	Executable, Large address aware, 32-bit
PEType:	PE32
LinkerVersion:	48
CodeSize:	11200512
InitializedDataSize:	272896
UninitializedDataSize:	-
EntryPoint:	0xab075e
OSVersion:	4
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	24.1.14.4757
ProductVersionNumber:	24.1.14.4757
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	Launcher for Minecraft
CompanyName:	RuLauncher.com
FileDescription:	RuLauncher
FileVersion:	24.1.14.4757
InternalName:	RuLauncher.exe
LegalCopyright:	Copyright © 2018 RuLauncher.com and contributors
LegalTrademarks:	-
OriginalFileName:	RuLauncher.exe
ProductName:	RuLauncher
ProductVersion:	24.1.14.4757
AssemblyVersion:	24.1.14.4757

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

127

Monitored processes

5

Malicious processes

1

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

4516

"C:\Users\admin\AppData\Roaming\.rulauncher\java\adoptium/21.0.3+9\bin\java.exe" -Xmx1024M -Dlog4j.configurationFile=C:\Users\admin\AppData\Roaming\.minecraft\assets\log_configs\39\client-1.21.2.xml -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\natives -Djna.tmpdir=C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\natives -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\natives -Dio.netty.native.workdir=C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\natives -Dminecraft.launcher.brand=RuLauncher -Dminecraft.launcher.version=OBT -cp C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\fasterxml\jackson\core\jackson-annotations\2.13.4\jackson-annotations-2.13.4.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\fasterxml\jackson\core\jackson-core\2.13.4\jackson-core-2.13.4.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\fasterxml\jackson\core\jackson-databind\2.13.4.2\jackson-databind-2.13.4.2.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\microsoft\azure\msal4j\1.15.0\msal4j-1.15.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\by\ely\authlib\6.0.55-ely.2\authlib-6.0.55-ely.2.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.3.10\brigadier-1.3.10.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\8.0.16\datafixerupper-8.0.16.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\jtracy\1.0.29\jtracy-1.0.29.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\jtracy\1.0.29\jtracy-1.0.29-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.4.9\logging-1.4.9.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\nimbusds\content-type\2.3\content-type-2.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\nimbusds\nimbus-jose-jwt\9.37.3\nimbus-jose-jwt-9.37.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\nimbusds\oauth2-oidc-sdk\11.9.1\oauth2-oidc-sdk-11.9.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\minidev\accessors-smart\2.5.0\accessors-smart-2.5.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\minidev\json-smart\2.5.0\json-smart-2.5.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\ow2\asm\asm\9.3\asm-9.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\1.21.3.jar net.minecraft.client.main.Main --username fad --version 1.21.3 --gameDir C:\Users\admin\AppData\Roaming\.minecraft --assetsDir C:\Users\admin\AppData\Roaming\.minecraft\assets --assetIndex 18 --uuid fc6c7153-72fc-4b6c-80ce-b29d9df78c04 --accessToken dummy_token --clientId clientid --xuid auth_xuid --userType OFFLINE --versionType release

C:\Users\admin\AppData\Roaming\.rulauncher\java\adoptium\21.0.3+9\bin\java.exe

RuLauncher.Updater.RuLauncher.exe

User:

admin

Company:

Eclipse Adoptium

Integrity Level:

MEDIUM

Description:

OpenJDK Platform binary

Exit code:

0

Version:

21.0.3.0

Modules

Images
c:\users\admin\appdata\roaming\.rulauncher\java\adoptium\21.0.3+9\bin\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\users\admin\appdata\roaming\.rulauncher\java\adoptium\21.0.3+9\bin\jli.dll
c:\windows\system32\user32.dll
c:\users\admin\appdata\roaming\.rulauncher\java\adoptium\21.0.3+9\bin\vcruntime140.dll
c:\windows\system32\win32u.dll

5244

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

java.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Console Window Host

Exit code:

0

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

5548

"C:\Users\admin\AppData\Roaming\.rulauncher\java\adoptium/21.0.3+9\bin\java.exe" -Xmx1024M -Dlog4j.configurationFile=C:\Users\admin\AppData\Roaming\.minecraft\assets\log_configs\39\client-1.21.2.xml -XX:HeapDumpPath=MojangTricksIntelDriversForPerformance_javaw.exe_minecraft.exe.heapdump -Djava.library.path=C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\natives -Djna.tmpdir=C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\natives -Dorg.lwjgl.system.SharedLibraryExtractPath=C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\natives -Dio.netty.native.workdir=C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\natives -Dminecraft.launcher.brand=RuLauncher -Dminecraft.launcher.version=OBT -cp C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\fasterxml\jackson\core\jackson-annotations\2.13.4\jackson-annotations-2.13.4.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\fasterxml\jackson\core\jackson-core\2.13.4\jackson-core-2.13.4.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\fasterxml\jackson\core\jackson-databind\2.13.4.2\jackson-databind-2.13.4.2.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\github\oshi\oshi-core\6.4.10\oshi-core-6.4.10.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j\73.2\icu4j-73.2.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\microsoft\azure\msal4j\1.15.0\msal4j-1.15.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\by\ely\authlib\6.0.55-ely.2\authlib-6.0.55-ely.2.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\blocklist\1.0.10\blocklist-1.0.10.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.3.10\brigadier-1.3.10.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\datafixerupper\8.0.16\datafixerupper-8.0.16.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\jtracy\1.0.29\jtracy-1.0.29.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\jtracy\1.0.29\jtracy-1.0.29-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\logging\1.4.9\logging-1.4.9.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\patchy\2.2.10\patchy-2.2.10.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\text2speech\1.17.9\text2speech-1.17.9.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\nimbusds\content-type\2.3\content-type-2.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\nimbusds\lang-tag\1.7\lang-tag-1.7.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\nimbusds\nimbus-jose-jwt\9.37.3\nimbus-jose-jwt-9.37.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\com\nimbusds\oauth2-oidc-sdk\11.9.1\oauth2-oidc-sdk-11.9.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.16.0\commons-codec-1.16.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.15.1\commons-io-2.15.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.2\commons-logging-1.2.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-buffer\4.1.97.Final\netty-buffer-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-codec\4.1.97.Final\netty-codec-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-common\4.1.97.Final\netty-common-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-handler\4.1.97.Final\netty-handler-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-resolver\4.1.97.Final\netty-resolver-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-classes-epoll\4.1.97.Final\netty-transport-classes-epoll-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport-native-unix-common\4.1.97.Final\netty-transport-native-unix-common-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-transport\4.1.97.Final\netty-transport-4.1.97.Final.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\8.5.12\fastutil-8.5.12.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna-platform\5.14.0\jna-platform-5.14.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\5.14.0\jna-5.14.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\minidev\accessors-smart\2.5.0\accessors-smart-2.5.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\minidev\json-smart\2.5.0\json-smart-2.5.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\5.0.4\jopt-simple-5.0.4.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.26.0\commons-compress-1.26.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.4.16\httpcore-4.4.16.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.22.1\log4j-api-2.22.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.22.1\log4j-core-2.22.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-slf4j2-impl\2.22.1\log4j-slf4j2-impl-2.22.1.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\jcraft\jorbis\0.0.17\jorbis-0.0.17.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\joml\joml\1.10.5\joml-1.10.5.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-freetype\3.3.3\lwjgl-freetype-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-glfw\3.3.3\lwjgl-glfw-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-jemalloc\3.3.3\lwjgl-jemalloc-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-openal\3.3.3\lwjgl-openal-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-opengl\3.3.3\lwjgl-opengl-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-stb\3.3.3\lwjgl-stb-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl-tinyfd\3.3.3\lwjgl-tinyfd-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\3.3.3\lwjgl-3.3.3-natives-windows.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\lz4\lz4-java\1.8.0\lz4-java-1.8.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\ow2\asm\asm\9.3\asm-9.3.jar;C:\Users\admin\AppData\Roaming\.minecraft\libraries\org\slf4j\slf4j-api\2.0.9\slf4j-api-2.0.9.jar;C:\Users\admin\AppData\Roaming\.minecraft\versions\1.21.3\1.21.3.jar net.minecraft.client.main.Main --username fad --version 1.21.3 --gameDir C:\Users\admin\AppData\Roaming\.minecraft --assetsDir C:\Users\admin\AppData\Roaming\.minecraft\assets --assetIndex 18 --uuid fc6c7153-72fc-4b6c-80ce-b29d9df78c04 --accessToken dummy_token --clientId clientid --xuid auth_xuid --userType OFFLINE --versionType release

C:\Users\admin\AppData\Roaming\.rulauncher\java\adoptium\21.0.3+9\bin\java.exe

RuLauncher.Updater.RuLauncher.exe

User:

admin

Company:

Eclipse Adoptium

Integrity Level:

MEDIUM

Description:

OpenJDK Platform binary

Exit code:

0

Version:

21.0.3.0

Modules

Images
c:\users\admin\appdata\roaming\.rulauncher\java\adoptium\21.0.3+9\bin\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\users\admin\appdata\roaming\.rulauncher\java\adoptium\21.0.3+9\bin\jli.dll
c:\users\admin\appdata\roaming\.rulauncher\java\adoptium\21.0.3+9\bin\vcruntime140.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll

6800

"C:\Users\admin\Downloads\RuLauncher.Updater.RuLauncher.exe"

C:\Users\admin\Downloads\RuLauncher.Updater.RuLauncher.exe

explorer.exe

User:

admin

Company:

RuLauncher.com

Integrity Level:

MEDIUM

Description:

RuLauncher

Version:

24.1.14.4757

Modules

Images
c:\users\admin\downloads\rulauncher.updater.rulauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

7144

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

java.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Console Window Host

Exit code:

0

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

13 860

Read events

13 846

Write events

14

Delete events

0

Modification events


(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASAPI32
Operation:	write	Name:	EnableFileTracing
Value: 0
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASAPI32
Operation:	write	Name:	EnableAutoFileTracing
Value: 0
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASAPI32
Operation:	write	Name:	EnableConsoleTracing
Value: 0
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASAPI32
Operation:	write	Name:	FileTracingMask
Value:
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASAPI32
Operation:	write	Name:	ConsoleTracingMask
Value:
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASAPI32
Operation:	write	Name:	MaxFileSize
Value: 1048576
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASAPI32
Operation:	write	Name:	FileDirectory
Value: %windir%\tracing
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASMANCS
Operation:	write	Name:	EnableFileTracing
Value: 0
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASMANCS
Operation:	write	Name:	EnableAutoFileTracing
Value: 0
(PID) Process:	(6800) RuLauncher.Updater.RuLauncher.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RuLauncher_RASMANCS
Operation:	write	Name:	EnableConsoleTracing
Value: 0

Add for printing

Executable files

253

Suspicious files

3 255

Text files

468

Unknown types

712

Dropped files

PID	Process	Filename		Type
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.rulauncher\analytics\Yandex.Metrica.CriticalConfig.json		binary
		MD5:35FF1DD7C2DAB0E0546A5A8C36A811B0	SHA256:AEED2B0DA9DA0E767D3CD82065DE05EFE1BFBC6DB48B4031A29F74410E0C4E74
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.rulauncher\analytics\Yandex.Metrica.LiteMetricaService.json		binary
		MD5:B767FDE608A5E70BD91B7D62D5CCF81D	SHA256:2D606B9C1E89E56A356813A62527609B8445C6C1B6E262433BF4C4BC630BCE90
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.rulauncher\caches\server_icons\1B70F3A9FE754AAB26099F91A0E9A538E9EB4315		image
		MD5:5B6D1E17E1B69B79A3D7F99099511556	SHA256:DEEFC195CF7B805AB6A609A4E216194309A97CDCD263A38DDCBCAC3A82B91572
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Local\IsolatedStorage\ivgssfcz.bpp\dsou50i5.ooo\Url.0odin00pevgphx0kbtgj23qbectzycqm\Url.0odin00pevgphx0kbtgj23qbectzycqm\identity.dat		pi2
		MD5:CA0ACFAD4F40AB41955DB11FD711537A	SHA256:CBA3839FEEE0EB78B18D21A468B0F05577A97218339D05923BBFCCD446E7239A
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.minecraft\launcher_profiles.json		binary
		MD5:E04AF4582214D385ABEC2E799DF317A3	SHA256:844DFC518A0B3A1AB2C34C207B65B4ECF616FBCD703DD3A71B6647B519CE6291
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.rulauncher\caches\server_icons\4693D05EBC85CBF423FACA275817DDE6163641A0		image
		MD5:8A096C2D3A0B7286D8CA6AE482B760C7	SHA256:250F32208288308F34DBEC41AB980EFCF734DDB2529274CC49EDCEB7AA8E6E32
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.rulauncher\caches\server_icons\31DC62B26A155054AF9DF86CCC4C279D6EE20AC0		image
		MD5:971BF658B73A3E2C9F622EEF4AAA2334	SHA256:D4A37FEA48DE0D9F3BC4E25AFC8565EE77EE44CFB53AB2936B849123E3256B69
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.rulauncher\caches\server_icons\8CC98347BB6035771DB2C394D46C2E728D7B72A4		image
		MD5:82FBDA150C53A6D124AF88F466435E89	SHA256:9EFE9F999EE6F93D29D4D634C904AE74BCC7EA8D31D320769724F4FB817346FF
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.rulauncher\configs\launcher_appearance.json		binary
		MD5:2666C4A22AAA84442D2713F942799E21	SHA256:B88392ED107973A8A78BCA9FB32F0D4CDC551D287A6FA27938E39262240DE929
6800	RuLauncher.Updater.RuLauncher.exe	C:\Users\admin\AppData\Roaming\.rulauncher\utils\LibraryUnpacker\LibraryUnpacker.jar		java
		MD5:0B189A19D023933B0D6C006F6B0F5521	SHA256:F3C6CC4BABF10124F08E08D8B5C96AB315ACF7564C6E449CA522252DE0FB66ED

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

41

TCP/UDP connections

49

DNS requests

28

Threats

27

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
4712	MoUsoCoreWorker.exe	GET	200	23.48.23.156:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
4712	MoUsoCoreWorker.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
5064	SearchApp.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
1176	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
6800	RuLauncher.Updater.RuLauncher.exe	GET	204	104.21.48.8:80	http://rulauncher.com/generate_204	unknown	—	—	unknown
6800	RuLauncher.Updater.RuLauncher.exe	GET	204	104.21.48.8:80	http://rulauncher.com/generate_204	unknown	—	—	unknown
6800	RuLauncher.Updater.RuLauncher.exe	GET	200	104.21.48.8:80	http://rulauncher.com/meta/modifications.json	unknown	—	—	unknown
6800	RuLauncher.Updater.RuLauncher.exe	GET	204	104.21.48.8:80	http://rulauncher.com/generate_204	unknown	—	—	unknown
6800	RuLauncher.Updater.RuLauncher.exe	GET	200	104.21.48.8:80	http://rulauncher.com/get/news.json	unknown	—	—	unknown
6800	RuLauncher.Updater.RuLauncher.exe	GET	200	104.21.48.8:80	http://rulauncher.com/meta/servers.json	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2084	RUXIMICS.exe	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
—	—	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4712	MoUsoCoreWorker.exe	23.48.23.156:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
4712	MoUsoCoreWorker.exe	2.23.181.156:80	www.microsoft.com	AKAMAI-AS	DE	whitelisted
2632	svchost.exe	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5064	SearchApp.exe	2.16.204.161:443	www.bing.com	Akamai International B.V.	DE	whitelisted
5064	SearchApp.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
—	—	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1176	svchost.exe	20.190.159.71:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted

DNS requests

Domain	IP	Reputation
crl.microsoft.com	23.48.23.156 23.48.23.143	whitelisted
www.microsoft.com	2.23.181.156 95.101.149.131	whitelisted
google.com	216.58.212.174	whitelisted
www.bing.com	2.16.204.161 2.16.204.147 2.16.204.158 2.16.204.151 2.16.204.160 2.16.204.153 2.16.204.152 2.16.204.157 2.16.204.148	whitelisted
settings-win.data.microsoft.com	51.124.78.146 40.127.240.158	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
login.live.com	20.190.159.71 40.126.31.71 20.190.159.68 40.126.31.73 40.126.31.69 20.190.159.73 20.190.159.75 20.190.159.64	whitelisted
go.microsoft.com	23.218.210.69	whitelisted
startup.mobile.yandex.net	213.180.204.244	whitelisted
report.appmetrica.yandex.net	213.180.193.226	whitelisted

Threats

PID	Process	Class	Message
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)
6800	RuLauncher.Updater.RuLauncher.exe	Potential Corporate Privacy Violation	ET POLICY User-Agent (Launcher)

1 ETPRO signatures available at the full report

Add for printing

No debug info

General Info

RuLauncher.Updater.RuLauncher.exe

0B9BF8B76A3A5B5CAC5C8E7799714FC1

A492BC38245E5350D9D0473B3CFB06543BE204D7

98B332FD82261BD5FC52795F62A5BAC80094E3FDBA7A6C9AFF1D3069306B6717

98304:NXTC5e5gX0JLz0OK5VWYLjM1Ne8Um92a0niKXqicxWyX92nK+/9Q9cw3ABeRbs11:mTlVjK5VsImUn1hKI2+V

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Reads security settings of Internet Explorer

Checks for Java to be installed

Potential Corporate Privacy Violation

Executable content was dropped or overwritten

Process requests binary or script from the Internet

Process drops legitimate windows executable

The process drops C-runtime libraries

INFO

Reads the computer name

Reads Environment values

Checks supported languages

Creates files or folders in the user directory

Reads the machine GUID from the registry

Reads product name

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings