Windows Analysis Report
launcher.exe

Overview

General Information

Sample name:	launcher.exe
Analysis ID:	1532877
MD5:	a005515ec895596dedf37353c36cf316
SHA1:	2194e563495ee86dde3e81ef7a38f954ce37f649
SHA256:	b4319210ed63ced7b431ef15430a5a98dadf9601af2ec882d00b48e1aefca6c8
Tags:	exeuser-4k95m
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Loading BitLocker PowerShell Module

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.1% probability

Source: launcher.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb\ source: launcher.exe, 00000000.00000002.1849940570.00007FF608DFB000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb source: launcher.exe, 00000000.00000002.1849940570.00007FF608DFB000.00000002.00000001.01000000.00000003.sdmp

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 140.82.121.4 140.82.121.4

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: github.com

Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: launcher.exe, 00000000.00000002.1847291541.000001A73518E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: launcher.exe, 00000000.00000003.1844704608.000001A73352D000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841865368.000001A7334EB000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1840535775.000001A7334E0000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844842494.000001A733531000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842957439.000001A73351E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1846180232.000001A733532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: launcher.exe, 00000000.00000003.1841444544.000001A73508E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1846382827.000001A733578000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1843930853.000001A735119000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841580734.000001A7350C3000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847185659.000001A735120000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841142554.000001A735031000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841689573.000001A7350E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: launcher.exe, 00000000.00000003.1841444544.000001A73508E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1843930853.000001A735119000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841580734.000001A7350C3000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847185659.000001A735120000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841142554.000001A735031000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841689573.000001A7350E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl5
Source: launcher.exe, 00000000.00000002.1847291541.000001A73518E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: launcher.exe, 00000000.00000003.1842539392.000001A73358F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: launcher.exe, 00000000.00000002.1846493996.000001A7335A1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844177849.000001A73359E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842539392.000001A73358F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: launcher.exe, 00000000.00000002.1846382827.000001A733578000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: launcher.exe, 00000000.00000003.1842469797.000001A7335E8000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841769183.000001A7335CE000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842672229.000001A7335EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl$t
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: launcher.exe, 00000000.00000002.1846493996.000001A7335A1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844177849.000001A73359E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842539392.000001A73358F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlD
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.esb.c?I
Source: launcher.exe, 00000000.00000003.1841689573.000001A7350E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: launcher.exe, 00000000.00000003.1841444544.000001A73508E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1843930853.000001A735119000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841580734.000001A7350C3000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847185659.000001A735120000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841142554.000001A735031000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841689573.000001A7350E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/R5
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/ZPX
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: launcher.exe, 00000000.00000003.1844105131.000001A735477000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A735471000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847735676.000001A73547E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htmD)
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/BCb
Source: launcher.exe, 00000000.00000003.1844105131.000001A735477000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A735471000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847735676.000001A73547E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: launcher.exe, 00000000.00000002.1846513436.000001A7335B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cpsR5
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: launcher.exe, 00000000.00000002.1845702749.0000018893840000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: launcher.exe, 00000000.00000002.1848194677.0000022E07CF7000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: launcher.exe, 00000000.00000002.1845773799.0000019E0A3C1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lolkekdumped228/escapefromeurope/releases/download/1/keyforleave.exe
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: launcher.exe, 00000000.00000003.1759569799.000001A735520000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1758787177.000001A7354CB000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1759292069.000001A7354D9000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845459044.0000008E66100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/1a96d83a223ff9f05f7d942fb84440d323f7b596/lib/internal/bootstrap/
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: launcher.exe, 00000000.00000002.1845500960.000000B781BC0000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: launcher.exe, 00000000.00000002.1845500960.000000B781BC0000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: launcher.exe, 00000000.00000003.1759569799.000001A735520000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1758787177.000001A7354CB000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1759292069.000001A7354D9000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845459044.0000008E66100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33229
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: launcher.exe, 00000000.00000002.1845500960.000000B781BC0000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845702749.0000018893840000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: launcher.exe, 00000000.00000002.1845702749.0000018893840000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: launcher.exe, 00000000.00000002.1848194677.0000022E07CF7000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: launcher.exe, 00000000.00000003.1759569799.000001A735520000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1758787177.000001A7354CB000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1759292069.000001A7354D9000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845459044.0000008E66100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vercel/pkg/issues/1589
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jimmy.warting.se/opensource
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://no-color.org/
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0-headers.tar.gz
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0-headers.tar.gzJ=
Source: launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0.tar.gz
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0.tar.gz-H
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0.tar.gzhttps://nodejs.org/download/release/v
Source: launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/win-x64/node.lib
Source: launcher.exe, 00000000.00000002.1848654968.0000039F7E340000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/win-x64/node.lib1q4
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: launcher.exe, 00000000.00000002.1848194677.0000022E07CF7000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: launcher.exe, 00000000.00000002.1845702749.0000018893840000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://webassembly.github.io/spec/web-api
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: launcher.exe, 00000000.00000002.1848194677.0000022E07CF7000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: launcher.exe, 00000000.00000002.1847291541.000001A73518E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Sample file is different than original file name gathered from version info

Source: launcher.exe, 00000000.00000002.1851355081.00007FF6096BA000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: OriginalFilenamenode.exe* vs launcher.exe

Source: classification engine

Classification label: mal56.evad.winEXE@11/5@1/1

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03

Source: C:\Users\user\Desktop\launcher.exe

File created: C:\Users\user\AppData\Local\Temp\oQku2VJavb.exe

Jump to behavior

Source: launcher.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\tasklist.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\launcher.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\launcher.exe

File read: C:\Users\user\Desktop\launcher.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\launcher.exe "C:\Users\user\Desktop\launcher.exe"
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"	Jump to behavior

Source: C:\Users\user\Desktop\launcher.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Windows\System32\tasklist.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: launcher.exe

Static PE information: More than 8191 > 100 exports found

Source: launcher.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: launcher.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: launcher.exe

Static file information: File size 37681778 > 1048576

Source: launcher.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x12aa000
Source: launcher.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xfe5c00

Source: launcher.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: launcher.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: launcher.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb\ source: launcher.exe, 00000000.00000002.1849940570.00007FF608DFB000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb source: launcher.exe, 00000000.00000002.1849940570.00007FF608DFB000.00000002.00000001.01000000.00000003.sdmp

Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: launcher.exe

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\launcher.exe

Code function: 0_2_00007FF5E7A88BDA push edx; ret

0_2_00007FF5E7A89071

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\launcher.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6294			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3466			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5628	Thread sleep count: 6294 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5628	Thread sleep count: 3466 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6224	Thread sleep count: 78 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW?
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: launcher.exe, 00000000.00000002.1845773799.0000019E0A3C1000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.e
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\launcher.exe	Queries volume information: C:\Users\user\Desktop\launcher.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\oQku2VJavb.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
140.82.121.4	github.com	United States		36459	GITHUBUS	false

Contacted Domains

Name	IP	Active
github.com	140.82.121.4	true

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.1% probability

Source: launcher.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb\ source: launcher.exe, 00000000.00000002.1849940570.00007FF608DFB000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb source: launcher.exe, 00000000.00000002.1849940570.00007FF608DFB000.00000002.00000001.01000000.00000003.sdmp

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 140.82.121.4 140.82.121.4

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: github.com

Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: launcher.exe, 00000000.00000002.1847291541.000001A73518E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: launcher.exe, 00000000.00000003.1844704608.000001A73352D000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841865368.000001A7334EB000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1840535775.000001A7334E0000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844842494.000001A733531000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842957439.000001A73351E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1846180232.000001A733532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: launcher.exe, 00000000.00000003.1841444544.000001A73508E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1846382827.000001A733578000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1843930853.000001A735119000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841580734.000001A7350C3000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847185659.000001A735120000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841142554.000001A735031000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841689573.000001A7350E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: launcher.exe, 00000000.00000003.1841444544.000001A73508E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1843930853.000001A735119000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841580734.000001A7350C3000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847185659.000001A735120000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841142554.000001A735031000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841689573.000001A7350E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl5
Source: launcher.exe, 00000000.00000002.1847291541.000001A73518E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: launcher.exe, 00000000.00000003.1842539392.000001A73358F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: launcher.exe, 00000000.00000002.1846493996.000001A7335A1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844177849.000001A73359E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842539392.000001A73358F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: launcher.exe, 00000000.00000002.1846382827.000001A733578000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: launcher.exe, 00000000.00000003.1842469797.000001A7335E8000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841769183.000001A7335CE000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842672229.000001A7335EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl$t
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: launcher.exe, 00000000.00000002.1846493996.000001A7335A1000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844177849.000001A73359E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842539392.000001A73358F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: launcher.exe, 00000000.00000002.1846404076.000001A73357F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlD
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.esb.c?I
Source: launcher.exe, 00000000.00000003.1841689573.000001A7350E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: launcher.exe, 00000000.00000003.1841444544.000001A73508E000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1843930853.000001A735119000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841580734.000001A7350C3000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847185659.000001A735120000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841142554.000001A735031000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1841689573.000001A7350E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/R5
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/ZPX
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: launcher.exe, 00000000.00000003.1844105131.000001A735477000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A735471000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847735676.000001A73547E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htmD)
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/BCb
Source: launcher.exe, 00000000.00000003.1844105131.000001A735477000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A735471000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847735676.000001A73547E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: launcher.exe, 00000000.00000002.1846513436.000001A7335B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: launcher.exe, 00000000.00000003.1840735158.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cpsR5
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: launcher.exe, 00000000.00000002.1845702749.0000018893840000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: launcher.exe, 00000000.00000002.1848194677.0000022E07CF7000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: launcher.exe, 00000000.00000002.1845773799.0000019E0A3C1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lolkekdumped228/escapefromeurope/releases/download/1/keyforleave.exe
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: launcher.exe, 00000000.00000003.1759569799.000001A735520000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1758787177.000001A7354CB000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1759292069.000001A7354D9000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845459044.0000008E66100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/1a96d83a223ff9f05f7d942fb84440d323f7b596/lib/internal/bootstrap/
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: launcher.exe, 00000000.00000002.1845500960.000000B781BC0000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: launcher.exe, 00000000.00000002.1845500960.000000B781BC0000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: launcher.exe, 00000000.00000003.1759569799.000001A735520000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1758787177.000001A7354CB000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1759292069.000001A7354D9000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845459044.0000008E66100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33229
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: launcher.exe, 00000000.00000002.1845500960.000000B781BC0000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845702749.0000018893840000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: launcher.exe, 00000000.00000002.1845702749.0000018893840000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: launcher.exe, 00000000.00000002.1848194677.0000022E07CF7000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: launcher.exe, 00000000.00000003.1759569799.000001A735520000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1758787177.000001A7354CB000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1759292069.000001A7354D9000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1845459044.0000008E66100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vercel/pkg/issues/1589
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jimmy.warting.se/opensource
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://no-color.org/
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0-headers.tar.gz
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0-headers.tar.gzJ=
Source: launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0.tar.gz
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0.tar.gz-H
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0.tar.gzhttps://nodejs.org/download/release/v
Source: launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/win-x64/node.lib
Source: launcher.exe, 00000000.00000002.1848654968.0000039F7E340000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.5.0/win-x64/node.lib1q4
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: launcher.exe, 00000000.00000002.1845667446.000001667E340000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: launcher.exe, 00000000.00000002.1848194677.0000022E07CF7000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: launcher.exe, 00000000.00000002.1845702749.0000018893840000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: launcher.exe, 00000000.00000002.1845736861.0000019C3D640000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://webassembly.github.io/spec/web-api
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: launcher.exe, 00000000.00000002.1847735676.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1842144490.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000003.1844105131.000001A7354AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: launcher.exe, 00000000.00000002.1848194677.0000022E07CF7000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: launcher.exe, 00000000.00000002.1849940570.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp, launcher.exe, 00000000.00000003.1757041147.000001A735204000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: launcher.exe, 00000000.00000002.1847814558.000001A7354E6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: launcher.exe, 00000000.00000002.1847291541.000001A73518E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Sample file is different than original file name gathered from version info

Source: launcher.exe, 00000000.00000002.1851355081.00007FF6096BA000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: OriginalFilenamenode.exe* vs launcher.exe

Source: classification engine

Classification label: mal56.evad.winEXE@11/5@1/1

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03

Source: C:\Users\user\Desktop\launcher.exe

File created: C:\Users\user\AppData\Local\Temp\oQku2VJavb.exe

Jump to behavior

Source: launcher.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\tasklist.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\launcher.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\launcher.exe

File read: C:\Users\user\Desktop\launcher.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\launcher.exe "C:\Users\user\Desktop\launcher.exe"
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"	Jump to behavior

Source: C:\Users\user\Desktop\launcher.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Windows\System32\tasklist.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: launcher.exe

Static PE information: More than 8191 > 100 exports found

Source: launcher.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: launcher.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: launcher.exe

Static file information: File size 37681778 > 1048576

Source: launcher.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x12aa000
Source: launcher.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xfe5c00

Source: launcher.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: launcher.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: launcher.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: launcher.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb\ source: launcher.exe, 00000000.00000002.1849940570.00007FF608DFB000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb source: launcher.exe, 00000000.00000002.1849940570.00007FF608DFB000.00000002.00000001.01000000.00000003.sdmp

Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: launcher.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: launcher.exe

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\launcher.exe

Code function: 0_2_00007FF5E7A88BDA push edx; ret

0_2_00007FF5E7A89071

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\launcher.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6294			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3466			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5628	Thread sleep count: 6294 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5628	Thread sleep count: 3466 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6224	Thread sleep count: 78 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW?
Source: launcher.exe, 00000000.00000002.1845871062.000001A733470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: launcher.exe, 00000000.00000002.1845773799.0000019E0A3C1000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.e
Source: launcher.exe, 00000000.00000000.1752547715.00007FF6083FB000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\launcher.exe	Queries volume information: C:\Users\user\Desktop\launcher.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\launcher.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\oQku2VJavb.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior

ID:	1532877
Product:	CloudBasic
Start time:	04:13:11
Start date:	14.10.2024
Sample:	launcher.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a005515ec895596dedf37353c36cf316
SHA1:	2194e563495ee86dde3e81ef7a38f954ce37f649
SHA256:	b4319210ed63ced7b431ef15430a5a98dadf9601af2ec882d00b48e1aefca6c8
Filetype:	Win64 Executable Console (202006/5) 92.65%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	6E6C2B510FF8665DFAFB81CA42E7E6D8	5D032FB8A53A7635CBB67510A02A77C0E871FBDA	87BF5AB544BC2AC5EB8AB30EB47E267D0C409C69B1C777EFAB58C18D658684C4
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hd0yau0w.tqx.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsoljp4p.al5.ps1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qfzsiwe3.iw4.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ttdlpfsq.vft.psm1	ASCII text, with no line terminators	D17FE0A3F47BE24A6453E9EF58C94641	6AB83620379FC69F80C0242105DDFFD7D98D5D9D	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7

Windows Analysis Report
launcher.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report launcher.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
launcher.exe