analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

cr_launcher_1.0.3.139-an3bou6y2.exe

Full analysis: https://app.any.run/tasks/8579438c-b749-4e9b-aaa2-db9386bdcc49
Verdict: Malicious activity
Analysis date: August 03, 2024, 04:24:14
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
icmp
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1A35B02AE4CF92848D3B69E76A59D0CB

SHA1:

EF2F5B09EAF78FD6C09FD2E203461EE00DCB4ADE

SHA256:

A9412D2B1FF2A07936C2EB903331C19590B8412994B69AB539CF1BB132574B80

SSDEEP:

98304:Dg6mNuZNNGNNNNNN/dAGpNRy7jIyGMSgH13AiHtPNZ5xRpdsuOIYKvSzAyv9Atdl:3WqWCxLhnkPN0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • cr_launcher_1.0.3.139-an3bou6y2.exe (PID: 6728)
      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)
      • launcher.exe (PID: 7128)

    • Changes the autorun value in the registry

      • gjagent.exe (PID: 6396)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • cr_launcher_1.0.3.139-an3bou6y2.exe (PID: 6728)
      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)
      • launcher.exe (PID: 7128)

    • Reads the Windows owner or organization settings

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)

    • Process drops legitimate windows executable

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)

    • Reads the date of Windows installation

      • launcher.exe (PID: 7128)

    • Creates file in the systems drive root

      • launcher.exe (PID: 7128)
      • gaijin_downloader.exe (PID: 1860)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)

    • Reads security settings of Internet Explorer

      • launcher.exe (PID: 7128)

    • Executes application which crashes

      • gaijin_downloader.exe (PID: 1860)

    • There is functionality for sendig ICMP (YARA)

      • launcher.exe (PID: 7128)

  • INFO

    • Creates files or folders in the user directory

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)
      • gaijin_downloader.exe (PID: 1860)
      • launcher.exe (PID: 7128)
      • gjagent.exe (PID: 6396)
      • WerFault.exe (PID: 2876)

    • Create files in a temporary directory

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)
      • cr_launcher_1.0.3.139-an3bou6y2.exe (PID: 6728)

    • Checks supported languages

      • cr_launcher_1.0.3.139-an3bou6y2.exe (PID: 6728)
      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)
      • gaijin_downloader.exe (PID: 1860)
      • launcher.exe (PID: 7128)
      • gjagent.exe (PID: 6396)

    • Reads the computer name

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)
      • launcher.exe (PID: 7128)
      • gjagent.exe (PID: 6396)
      • gaijin_downloader.exe (PID: 1860)

    • Reads the software policy settings

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)
      • WerFault.exe (PID: 2876)

    • Reads the machine GUID from the registry

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)
      • launcher.exe (PID: 7128)
      • gaijin_downloader.exe (PID: 1860)
      • gjagent.exe (PID: 6396)

    • Creates a software uninstall entry

      • cr_launcher_1.0.3.139-an3bou6y2.tmp (PID: 6756)

    • Creates files in the program directory

      • launcher.exe (PID: 7128)

    • Process checks computer location settings

      • launcher.exe (PID: 7128)

    • Checks proxy server information

      • WerFault.exe (PID: 2876)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (57.2)
.exe | Win32 Executable (generic) (18.2)
.exe | Win16/32 Executable Delphi generic (8.3)
.exe | Generic Win/DOS Executable (8)
.exe | DOS Executable Generic (8)

EXIF

EXE

ProductVersion:
ProductName: CRSED Launcher
LegalCopyright: 2014-2023 Gaijin Games KFT
FileVersion:
FileDescription: CRSED Launcher Setup
CompanyName: Gaijin Network
Comments: This installation was built with Inno Setup.
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 0.0.0.0
FileVersionNumber: 0.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 5
ImageVersion: 6
OSVersion: 5
EntryPoint: 0x117dc
UninitializedDataSize: -
InitializedDataSize: 249344
CodeSize: 66560
LinkerVersion: 2.25
PEType: PE32
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
TimeStamp: 2016:04:06 14:39:04+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
173
Monitored processes
54
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start cr_launcher_1.0.3.139-an3bou6y2.exe cr_launcher_1.0.3.139-an3bou6y2.tmp netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs THREAT launcher.exe gaijin_downloader.exe gjagent.exe werfault.exe

Process information

PID
CMD
Path
Indicators
Parent process
6728"C:\Users\admin\AppData\Local\Temp\cr_launcher_1.0.3.139-an3bou6y2.exe" C:\Users\admin\AppData\Local\Temp\cr_launcher_1.0.3.139-an3bou6y2.exe
explorer.exe
User:
admin
Company:
Gaijin Network
Integrity Level:
MEDIUM
Description:
CRSED Launcher Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\cr_launcher_1.0.3.139-an3bou6y2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6756"C:\Users\admin\AppData\Local\Temp\is-IT3DL.tmp\cr_launcher_1.0.3.139-an3bou6y2.tmp" /SL5="$70292,8832409,316928,C:\Users\admin\AppData\Local\Temp\cr_launcher_1.0.3.139-an3bou6y2.exe" C:\Users\admin\AppData\Local\Temp\is-IT3DL.tmp\cr_launcher_1.0.3.139-an3bou6y2.tmp
cr_launcher_1.0.3.139-an3bou6y2.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-it3dl.tmp\cr_launcher_1.0.3.139-an3bou6y2.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
7072"C:\WINDOWS\system32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\CRSED\launcher.exe" "CRSED launcher" ENABLE ALLC:\Windows\SysWOW64\netsh.execr_launcher_1.0.3.139-an3bou6y2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
7080\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7156"C:\WINDOWS\system32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\CRSED\bpreport.exe" "CRSED Crash Reporter" ENABLE ALLC:\Windows\SysWOW64\netsh.execr_launcher_1.0.3.139-an3bou6y2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
7164\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1044"C:\WINDOWS\system32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" "Gaijin.Net Updater" ENABLE ALLC:\Windows\SysWOW64\netsh.execr_launcher_1.0.3.139-an3bou6y2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6492\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6572"C:\WINDOWS\system32\netsh.exe" firewall add allowedprogram "C:\Users\admin\AppData\Local\CRSED\win64\cuisine_royale.exe" "CRSED Game Client" ENABLE ALLC:\Windows\SysWOW64\netsh.execr_launcher_1.0.3.139-an3bou6y2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6348\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
39 020
Read events
38 975
Write events
39
Delete events
6

Modification events

(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
641A00008DD0B9045DE5DA01
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
76195F6FB2219EE1882430AFE862C4EA6E27422263D4B58C9DB50ECB3346747F
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Users\admin\AppData\Local\CRSED\launcher.exe
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
8294731517125AC47A81E81CFAC3661514EC9FB87930B59CAD35C84F3385182B
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Gaijin\CuisineRoyale
Operation:writeName:StartupWithWindows
Value:
Yes
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Gaijin\CuisineRoyale
Operation:writeName:InstallDir
Value:
C:\Users\admin\AppData\Local\CRSED
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Gaijin\CuisineRoyale
Operation:writeName:InstallPath
Value:
C:\Users\admin\AppData\Local\CRSED
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Gaijin\CuisineRoyale
Operation:writeName:Dir
Value:
C:\Users\admin\AppData\Local\CRSED
(PID) Process:(6756) cr_launcher_1.0.3.139-an3bou6y2.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Gaijin\CuisineRoyale
Operation:writeName:Path
Value:
C:\Users\admin\AppData\Local\CRSED\launcher.exe
Executable files
18
Suspicious files
10
Text files
12
Unknown types
3

Dropped files

PID
Process
Filename
Type
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\unins000.exeexecutable
MD5:07218CCD6173A247B7EE6A93EF6021BE
SHA256:7F4DF5A2DDEFFBC6037F9C4123D426462B3B3F3B2E202343A97EE23EC0E2F78B
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\launcherr.datcompressed
MD5:D4ACE8CD21448E463A1A9867A04C1090
SHA256:7F657D2DA1B0DD686E6D54776B03EF98A123C0A1F7F3BC03B69400D8D141DC16
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\launcher.exeexecutable
MD5:F1A4C5E93D0DF476A8DEBB260BAC7B0D
SHA256:B87B84E8542D9250ECDE874277E9EC59C2F60142A5D3C1EE767CD8F76788F8B6
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\is-PA9LQ.tmpexecutable
MD5:31911C6EA459F516D1DA0A12EC677BEA
SHA256:44C1DB6B7BF4103B2C4D3A1F014A1EA8FAFBBEBA19CD028525D494E3E390A896
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\gaijin_downloader.exeexecutable
MD5:ADC796431F36632ED86663E8BCAFDDB8
SHA256:699783D9218C730A4334532DD0ADC6FA9D6E22395E96274B20CDB32EFEA6EDBA
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\is-7SH89.tmpexecutable
MD5:ADC796431F36632ED86663E8BCAFDDB8
SHA256:699783D9218C730A4334532DD0ADC6FA9D6E22395E96274B20CDB32EFEA6EDBA
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\icon.icoimage
MD5:B8DE5856627D86AF95C120A6983A3B28
SHA256:40B05FDFE1E3B4980B25FE62549DC511E5117F802DFA6CD8AF318BA94DE7F3EA
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\bpreport.exeexecutable
MD5:31911C6EA459F516D1DA0A12EC677BEA
SHA256:44C1DB6B7BF4103B2C4D3A1F014A1EA8FAFBBEBA19CD028525D494E3E390A896
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\gjagent.exeexecutable
MD5:65F9CBA4FB02014A13685D8358CB0E67
SHA256:2ED5BFDA0B759B4CD795514C0F1FFBDBD0DF40A82EA4FD50044BDFD8AD25CE37
6756cr_launcher_1.0.3.139-an3bou6y2.tmpC:\Users\admin\AppData\Local\CRSED\is-S6L3V.tmpimage
MD5:B8DE5856627D86AF95C120A6983A3B28
SHA256:40B05FDFE1E3B4980B25FE62549DC511E5117F802DFA6CD8AF318BA94DE7F3EA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
35
DNS requests
12
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4080
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
3268
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
4080
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6756
cr_launcher_1.0.3.139-an3bou6y2.tmp
188.42.61.240:443
launcher-bq.gaijin.net
SERVERS-COM
LU
unknown
1860
gaijin_downloader.exe
54.171.18.57:443
yupmaster.gaijinent.com
AMAZON-02
IE
unknown
7128
launcher.exe
89.149.224.35:20011
client-stats.gaijin.net
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.206
whitelisted
launcher-bq.gaijin.net
  • 188.42.61.240
unknown
client-stats.gaijin.net
  • 89.149.224.35
unknown
client-stats.warthunder.com
  • 89.149.224.35
unknown
yupmaster.gaijinent.com
  • 54.171.18.57
  • 52.213.18.147
unknown
seeder.gaijin.lan
  • 49.13.77.253
unknown
crsed.net
  • 104.20.82.98
  • 104.20.83.98
unknown
watson.events.data.microsoft.com
  • 20.189.173.22
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.145
  • 104.126.37.131
whitelisted

Threats

No threats detected
Process
Message
launcher.exe
Log path C:\Users\admin\AppData\Local\CRSED\.launcher_log\2024_08_03_04_25_00_7128.txt
launcher.exe
launcher.exe
BUILD TIMESTAMP: Jul 4 2024 12:38:24
launcher.exe
0.31 [D] TIMER freq: ticks/usec=3 ticks/msec=3579
launcher.exe
0.33 [D] Creating thread "Watchdog thread"...
launcher.exe
0.33 [D] Registered message 0xC1A5
launcher.exe
---$01 (null) --- 0.33 [D] $01 Thread "Watchdog thread" started
launcher.exe
0.34 [D] Mounting C:\Users\admin\AppData\Local\CRSED\launcherr.dat...
launcher.exe
0.34 [D] launcherr.dat sign match
launcher.exe
0.34 [D] Mounted blk.nut
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
cr_launcher_1.0.3.139-an3bou6y2.exe