File name:

FreeLauncher.exe

Full analysis: https://app.any.run/tasks/960952d8-3c9d-4c6b-ad8c-7fb1f0382e4a
Verdict: Malicious activity
Analysis date: January 05, 2024, 17:41:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

C9A805B68752C2D20179BB055AAB492F

SHA1:

8A7BEEE2BEAEB22049CFDE60B787A3FD4347BF0C

SHA256:

14D51F64349F46AFB39030ECE25A32690AD82F3DA9AF198E18122CAB5AF807FE

SSDEEP:

98304:M/4f1xQGBQU/y/qBQ2fsxwi4MqFnj6qVN+rZtBDzIO/c0Jz9GOGznbIkXVC52P0j:MAKcez/H5Cr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Internet Explorer settings

      • FreeLauncher.exe (PID: 2040)

    • Reads the Internet Settings

      • FreeLauncher.exe (PID: 2040)

    • Checks for Java to be installed

      • FreeLauncher.exe (PID: 2040)

    • Reads Microsoft Outlook installation path

      • FreeLauncher.exe (PID: 2040)

    • Reads settings of System Certificates

      • FreeLauncher.exe (PID: 2040)

  • INFO

    • Checks supported languages

      • FreeLauncher.exe (PID: 2040)
      • wmpnscfg.exe (PID: 1784)

    • Reads the computer name

      • FreeLauncher.exe (PID: 2040)
      • wmpnscfg.exe (PID: 1784)

    • Checks proxy server information

      • FreeLauncher.exe (PID: 2040)

    • Drops the executable file immediately after the start

      • FreeLauncher.exe (PID: 2040)

    • Reads the machine GUID from the registry

      • FreeLauncher.exe (PID: 2040)

    • Reads Environment values

      • FreeLauncher.exe (PID: 2040)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1784)

    • Creates files or folders in the user directory

      • FreeLauncher.exe (PID: 2040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:08:22 18:00:51+02:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 48
CodeSize: 4914176
InitializedDataSize: 38400
UninitializedDataSize: -
EntryPoint: 0x4b1b0e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.2.4.1799
ProductVersionNumber: 0.2.4.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Open Source Minecraft launcher
CompanyName: Igor Popov
FileDescription: FreeLauncher
FileVersion: 0.2.4.1799
InternalName: FreeLauncher.exe
LegalCopyright: Copyright Igor Popov© 2015-2018
LegalTrademarks: -
OriginalFileName: FreeLauncher.exe
ProductName: FreeLauncher
ProductVersion: 0.2.4_master.8566073
AssemblyVersion: 0.2.4.1799
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start freelauncher.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1784"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2040"C:\Users\admin\AppData\Local\Temp\FreeLauncher.exe" C:\Users\admin\AppData\Local\Temp\FreeLauncher.exe
explorer.exe
User:
admin
Company:
Igor Popov
Integrity Level:
MEDIUM
Description:
FreeLauncher
Exit code:
0
Version:
0.2.4.1799
Modules
Images
c:\users\admin\appdata\local\temp\freelauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
Total events
3 847
Read events
3 811
Write events
36
Delete events
0

Modification events

(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2040) FreeLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCC67766-6201-4AD1-A6B8-2F4553C93D47}
Operation:writeName:WpadDecisionReason
Value:
1
Executable files
38
Suspicious files
31
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
2040FreeLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\stylesheet[1].csstext
MD5:CC2B6EDA03A6EC209C8040BC74507A92
SHA256:0C075EF6D8BD3985F8D49C9FCFEEC241BB1A65F636D8CD786EA49F8F6F925AD2
2040FreeLauncher.exeC:\Users\admin\AppData\Roaming\.minecraft\launcher_profiles.jsonbinary
MD5:320B1947FF03D136A9E70C922AFDD0D1
SHA256:2F953560A42D6B669DACD462BD2FE18A207EA1983A49B6B1441A02BFB1ED6A27
2040FreeLauncher.exeC:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\brigadier\1.1.8\brigadier-1.1.8.jarcompressed
MD5:34F54DAE241296B633655353219F8E06
SHA256:CF65AFA612FFFBE4DC976115DAC0312F48B9C84B3DDAF58BEC8018A9454440D7
2040FreeLauncher.exeC:\Users\admin\AppData\Roaming\.minecraft\libraries\com\mojang\authlib\5.0.47\authlib-5.0.47.jarcompressed
MD5:131C07EC3DB98B43D3F68A718FA9918F
SHA256:BA4F7CA8BF98DE78D0C00739E565B18F89B4E7DA268F930B6CF7473E90FACF53
2040FreeLauncher.exeC:\Users\admin\AppData\Roaming\.minecraft\versions\1.20.2\1.20.2.jsonbinary
MD5:9A165A3EFED3C3F844E92BF65EEAA2EB
SHA256:40F5ED4E9FAFFF026A6F95DF63B502293C7B5B056D737433708E80138FCA766B
2040FreeLauncher.exeC:\Users\admin\AppData\Roaming\.minecraft\versions\1.20.2\1.20.2.jarcompressed
MD5:3648233841690C8C4F9F8A0CF63A0DCD
SHA256:FA1A19BE56A506426308ABBC1CAD85F299A7FC6DAE4335559351BA0246713FDA
2040FreeLauncher.exeC:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.10.1\gson-2.10.1.jarcompressed
MD5:DF6097815738CB31FC56391553210843
SHA256:4241C14A7727C34FEEA6507EC801318A3D4A90F070E4525681079FB94EE4C593
2040FreeLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\bg_main[1].pngimage
MD5:F1596E0654794B9A0DD94FA78DDD7D17
SHA256:181A1E60BA5EE57497C0F97F5C6BCD49751DC6C4EC7355332C74056A02946D0C
2040FreeLauncher.exeC:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\32.1.2-jre\guava-32.1.2-jre.jarjava
MD5:5FE031B3B35ED56182478811A931D617
SHA256:BC65DEA7CFD9E4DACF8419D8AF0E741655857D27885BB35D943D7187FC3A8FCE
2040FreeLauncher.exeC:\Users\admin\AppData\Roaming\.minecraft\libraries\com\google\guava\failureaccess\1.0.1\failureaccess-1.0.1.jarjava
MD5:091883993EF5BFA91DA01DCC8FC52236
SHA256:A171EE4C734DD2DA837E4B16BE9DF4661AFAB72A41ADAF31EB84DFDAF936CA26
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
68
TCP/UDP connections
15
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2040
FreeLauncher.exe
GET
200
185.199.108.153:80
http://dedepete.github.io/FreeLauncher/
unknown
html
2.71 Kb
unknown
GET
301
185.199.108.153:80
http://dedepete.github.io/FreeLauncher
unknown
html
162 b
unknown
2040
FreeLauncher.exe
GET
200
185.199.108.153:80
http://dedepete.github.io/FreeLauncher/bg_main.png
unknown
image
434 b
unknown
2040
FreeLauncher.exe
GET
200
185.199.108.153:80
http://dedepete.github.io/FreeLauncher/stylesheet.css
unknown
text
660 b
unknown
2040
FreeLauncher.exe
GET
400
13.107.246.45:80
http://resources.download.minecraft.net/b6/b62ca8ec10d07e6bf5ac8dae0c8c1d2e6a1e3356
unknown
xml
289 b
unknown
2040
FreeLauncher.exe
GET
400
13.107.246.45:80
http://resources.download.minecraft.net/80/8030dd9dc315c0381d52c4782ea36c6baf6e8135
unknown
xml
289 b
unknown
2040
FreeLauncher.exe
GET
400
13.107.246.45:80
http://resources.download.minecraft.net/5f/5ff04807c356f1beed0b86ccf659b44b9983e3fa
unknown
xml
289 b
unknown
2040
FreeLauncher.exe
GET
400
13.107.246.45:80
http://resources.download.minecraft.net/b8/b80b6e9ff01c78c624df5429e1d3dcd3d5130834
unknown
xml
289 b
unknown
2040
FreeLauncher.exe
GET
400
13.107.246.45:80
http://resources.download.minecraft.net/af/af96f55a90eaf11b327f1b5f8834a051027dc506
unknown
xml
289 b
unknown
2040
FreeLauncher.exe
GET
400
13.107.246.45:80
http://resources.download.minecraft.net/f0/f00657542252858a721e715a2e888a9226404e35
unknown
xml
289 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2040
FreeLauncher.exe
17.253.57.195:443
captive.apple.com
APPLE-AUSTIN
DE
unknown
2040
FreeLauncher.exe
140.82.121.5:443
api.github.com
GITHUB
US
unknown
2040
FreeLauncher.exe
185.199.108.153:80
dedepete.github.io
FASTLY
US
shared
2040
FreeLauncher.exe
13.107.213.63:443
launchermeta.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2040
FreeLauncher.exe
13.107.246.63:443
launchermeta.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2040
FreeLauncher.exe
13.107.246.45:80
resources.download.minecraft.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
captive.apple.com
  • 17.253.57.195
  • 17.253.57.208
whitelisted
api.github.com
  • 140.82.121.5
whitelisted
dedepete.github.io
  • 185.199.108.153
  • 185.199.109.153
  • 185.199.110.153
  • 185.199.111.153
unknown
launchermeta.mojang.com
  • 13.107.213.63
  • 13.107.246.63
whitelisted
piston-meta.mojang.com
  • 13.107.246.63
  • 13.107.213.63
unknown
piston-data.mojang.com
  • 13.107.246.63
  • 13.107.213.63
unknown
libraries.minecraft.net
  • 13.107.246.63
  • 13.107.213.63
shared
resources.download.minecraft.net
  • 13.107.246.45
  • 13.107.213.45
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FreeLauncher.exe