Malware analysis TLauncher-2.86-Installer-1.0.1.exe Malicious activity

Add for printing

File name:	TLauncher-2.86-Installer-1.0.1.exe
Full analysis:	https://app.any.run/tasks/a1ae0bbf-88be-4bae-8642-b2439ec2e25b
Verdict:	Malicious activity
Analysis date:	January 28, 2024, 05:36:21
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	F643BE370CC9763A17F7746B1B6A0243
SHA1:	C65391F59A6E1421D783EAF43EB9661CFD476F82
SHA256:	5AB5F39D143B6FF77DF2FD5026AC8E4788EDFD3DE27A4E1FA4B420A7D2F61D38
SSDEEP:	196608:8R6LQpso7SM9BSHdBEhha1YG4GFSj0QeOFV6z/RFjp:3OHSM9BqEG1YDGFRQeiVoRFjp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - TLauncher-2.86-Installer-1.0.1.exe (PID: 1880)
  - AdditionalExecuteTL.exe (PID: 2360)
  - javaw.exe (PID: 3344)
  - irsetup.exe (PID: 2240)
- Actions looks like stealing of personal data
  - irsetup.exe (PID: 2240)
SUSPICIOUS
- Executable content was dropped or overwritten
  - TLauncher-2.86-Installer-1.0.1.exe (PID: 1880)
  - AdditionalExecuteTL.exe (PID: 2360)
  - javaw.exe (PID: 3344)
  - irsetup.exe (PID: 2240)
- Checks for Java to be installed
  - irsetup.exe (PID: 2240)
  - TLauncher.exe (PID: 3440)
- Reads the Windows owner or organization settings
  - irsetup.exe (PID: 2240)
  - irsetup.exe (PID: 968)
- Checks Windows Trust Settings
  - irsetup.exe (PID: 2240)
  - irsetup.exe (PID: 968)
- Reads the Internet Settings
  - irsetup.exe (PID: 2240)
  - AdditionalExecuteTL.exe (PID: 2360)
  - irsetup.exe (PID: 968)
  - WMIC.exe (PID: 3772)
  - WMIC.exe (PID: 3880)
  - TLauncher-2.86-Installer-1.0.1.exe (PID: 1880)
  - WMIC.exe (PID: 3016)
  - WMIC.exe (PID: 2340)
- Reads security settings of Internet Explorer
  - irsetup.exe (PID: 2240)
  - irsetup.exe (PID: 968)
- Reads settings of System Certificates
  - irsetup.exe (PID: 2240)
  - irsetup.exe (PID: 968)
  - dxdiag.exe (PID: 552)
- Adds/modifies Windows certificates
  - irsetup.exe (PID: 2240)
- Reads Microsoft Outlook installation path
  - irsetup.exe (PID: 2240)
- Reads Internet Explorer settings
  - irsetup.exe (PID: 2240)
- Uses WMIC.EXE to obtain operating system information
  - cmd.exe (PID: 3640)
  - cmd.exe (PID: 3828)
- Starts application with an unusual extension
  - cmd.exe (PID: 3640)
  - cmd.exe (PID: 3828)
  - cmd.exe (PID: 296)
  - cmd.exe (PID: 3528)
  - cmd.exe (PID: 1892)
  - cmd.exe (PID: 2808)
  - cmd.exe (PID: 3076)
- Starts CMD.EXE for commands execution
  - javaw.exe (PID: 3344)
  - javaw.exe (PID: 2132)
- Process requests binary or script from the Internet
  - javaw.exe (PID: 3344)
  - javaw.exe (PID: 2132)
- The process drops C-runtime libraries
  - javaw.exe (PID: 3344)
- Process drops legitimate windows executable
  - javaw.exe (PID: 3344)
- Uses ICACLS.EXE to modify access control lists
  - javaw.exe (PID: 2132)
- Uses WMIC.EXE to obtain quick Fix Engineering (patches) data
  - cmd.exe (PID: 3076)
- Uses WMIC.EXE to obtain CPU information
  - cmd.exe (PID: 296)
INFO
- Create files in a temporary directory
  - TLauncher-2.86-Installer-1.0.1.exe (PID: 1880)
  - AdditionalExecuteTL.exe (PID: 2360)
  - irsetup.exe (PID: 968)
  - javaw.exe (PID: 3344)
  - javaw.exe (PID: 2132)
  - irsetup.exe (PID: 2240)
- Reads the machine GUID from the registry
  - irsetup.exe (PID: 2240)
  - irsetup.exe (PID: 968)
  - javaw.exe (PID: 3344)
  - javaw.exe (PID: 2132)
- Reads the computer name
  - irsetup.exe (PID: 2240)
  - TLauncher-2.86-Installer-1.0.1.exe (PID: 1880)
  - AdditionalExecuteTL.exe (PID: 2360)
  - irsetup.exe (PID: 968)
  - javaw.exe (PID: 3344)
  - javaw.exe (PID: 2132)
- Checks proxy server information
  - irsetup.exe (PID: 2240)
  - irsetup.exe (PID: 968)
- Checks supported languages
  - AdditionalExecuteTL.exe (PID: 2360)
  - irsetup.exe (PID: 968)
  - TLauncher.exe (PID: 3440)
  - javaw.exe (PID: 3344)
  - chcp.com (PID: 3752)
  - chcp.com (PID: 3788)
  - javaw.exe (PID: 2132)
  - chcp.com (PID: 2128)
  - TLauncher-2.86-Installer-1.0.1.exe (PID: 1880)
  - irsetup.exe (PID: 2240)
  - chcp.com (PID: 1796)
  - chcp.com (PID: 2560)
  - chcp.com (PID: 2544)
  - chcp.com (PID: 3504)
- Creates files or folders in the user directory
  - irsetup.exe (PID: 2240)
  - irsetup.exe (PID: 968)
  - javaw.exe (PID: 3344)
  - javaw.exe (PID: 2132)
- Creates files in the program directory
  - irsetup.exe (PID: 2240)
  - javaw.exe (PID: 3344)
  - javaw.exe (PID: 2132)
- Reads security settings of Internet Explorer
  - dxdiag.exe (PID: 552)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 EXE Yoda's Crypter (75.7)
.exe	\|	Win32 Executable (generic) (12.8)
.exe	\|	Generic Win/DOS Executable (5.7)
.exe	\|	DOS Executable Generic (5.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2019:01:03 20:13:08+01:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	10
CodeSize:	23552
InitializedDataSize:	142336
UninitializedDataSize:	-
EntryPoint:	0x2ce1
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	1.0.1.0
ProductVersionNumber:	2.86.0.0
FileFlagsMask:	0x0000
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	ASCII
Comments:	TLauncher Setup
CompanyName:	TLauncher Inc.
FileDescription:	TLauncher Setup
FileVersion:	1.0.1.0
InternalName:	TLauncher
LegalCopyright:	TLauncher Copyright © 2022
LegalTrademarks:	TLauncher
OriginalFileName:	suf_launch.exe
ProductName:	TLauncher
ProductVersion:	2.86.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

296

cmd.exe /C chcp 437 & wmic CPU get NAME

C:\Windows\System32\cmd.exe

—

javaw.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

552

dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt

C:\Windows\System32\dxdiag.exe

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft DirectX Diagnostic Tool

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\dxdiag.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

968

"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1814730 "__IRAFN:C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1839152" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"

C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

AdditionalExecuteTL.exe

User:

admin

Company:

Indigo Rose Corporation

Integrity Level:

HIGH

Description:

Setup Application

Exit code:

Version:

9.5.3.0

Modules

Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_1\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll

1036

"C:\Users\admin\Downloads\TLauncher-2.86-Installer-1.0.1.exe"

C:\Users\admin\Downloads\TLauncher-2.86-Installer-1.0.1.exe

—

explorer.exe

User:

admin

Company:

TLauncher Inc.

Integrity Level:

MEDIUM

Description:

TLauncher Setup

Exit code:

3221226540

Version:

1.0.1.0

Modules

Images
c:\users\admin\downloads\tlauncher-2.86-installer-1.0.1.exe
c:\windows\system32\ntdll.dll

1796

chcp 437

C:\Windows\System32\chcp.com

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Change CodePage Utility

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1880

"C:\Users\admin\Downloads\TLauncher-2.86-Installer-1.0.1.exe"

C:\Users\admin\Downloads\TLauncher-2.86-Installer-1.0.1.exe

explorer.exe

User:

admin

Company:

TLauncher Inc.

Integrity Level:

HIGH

Description:

TLauncher Setup

Exit code:

Version:

1.0.1.0

Modules

Images
c:\users\admin\downloads\tlauncher-2.86-installer-1.0.1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll

1892

cmd.exe /C chcp 437 & systeminfo

C:\Windows\System32\cmd.exe

—

javaw.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Command Processor

Exit code:

Version:

6.1.7601.17514 (win7sp1_rtm.101119-1850)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2128

chcp 437

C:\Windows\System32\chcp.com

—

cmd.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Change CodePage Utility

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2132

C:\Users\admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_111\bin\javaw.exe -Xmx1024m -Dfile.encoding=UTF8 -cp C:\Users\admin\AppData\Roaming\.minecraft\TLauncher.exe;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extentions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\net\sf\jopt-simple\jopt-simple\4.9\jopt-simple-4.9.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\log4j\log4j\1.2.17\log4j-1.2.17.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tukaani\xz\1.5\xz-1.5.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\picture-bundle\3.72\picture-bundle-3.72.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\skin-server-API\1.0\skin-server-API-1.0.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\tlauncher\tlauncher-resource\1.4\tlauncher-resource-1.4.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\github\junrar\junrar\0.7\junrar-0.7.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\dnsjava\dnsjava\2.1.8\dnsjava-2.1.8.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\httpcomponents\fluent-hc\4.5.13\fluent-hc-4.5.13.jar;C:\Users\admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\logging\log4j\log4j-core\2.14.1\log4j-core-2.14.1.jar; org.tlauncher.tlauncher.rmo.TLauncher

C:\Users\admin\AppData\Roaming\.tlauncher\jvms\jre1.8.0_111\bin\javaw.exe

javaw.exe

User:

admin

Company:

Oracle Corporation

Integrity Level:

HIGH

Description:

Java(TM) Platform SE binary

Exit code:

Version:

8.0.1110.14

Modules

Images
c:\users\admin\appdata\roaming\.tlauncher\jvms\jre1.8.0_111\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

2240

"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\admin\Downloads\TLauncher-2.86-Installer-1.0.1.exe" "__IRCT:3" "__IRTSS:22693301" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"

C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

TLauncher-2.86-Installer-1.0.1.exe

User:

admin

Company:

Indigo Rose Corporation

Integrity Level:

HIGH

Description:

Setup Application

Exit code:

Version:

9.5.3.0

Modules

Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

18 821

Read events

18 656

Write events

149

Delete events

Modification events


(PID) Process:	(1880) TLauncher-2.86-Installer-1.0.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1880) TLauncher-2.86-Installer-1.0.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(1880) TLauncher-2.86-Installer-1.0.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(1880) TLauncher-2.86-Installer-1.0.1.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(2240) irsetup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(2240) irsetup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(2240) irsetup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2240) irsetup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2240) irsetup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2240) irsetup.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

131

Suspicious files

Text files

578

Unknown types

Dropped files

PID	Process	Filename		Type
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat		—
		MD5:—	SHA256:—
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG		image
		MD5:6EF1AF4A2154CB5D00912ABE2FAE2B1F	SHA256:CDC1A8A27707375BBF63B018350D6B5AAD10F34E3D1AF3A0FE0B039FDB0BC453
1880	TLauncher-2.86-Installer-1.0.1.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe		executable
		MD5:1313BB5DF6C6E0D5C358735044FBEBEF	SHA256:7590D0F21687327812A6C61D0429C6DF1345B97C53AD7115F03BD4CB2E4F4C8D
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG5.PNG		image
		MD5:A0586C49D30229FD9DE85986F9C11A65	SHA256:8B6F15460D949D6DDE593D329B86C4C7C2B6DC5CA8E1103D6F3E5CDC5EC18510
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG		image
		MD5:08E076E5BD1C9736F740CE51BA176E19	SHA256:2631440F073843A3303BBD84BADCA329DC3FBDFB1F02FAB29D942974B32BEE94
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG6.PNG		image
		MD5:494A3F759D4416595FD2B290B9069CD4	SHA256:02B7658E2114CBFFB10383739C0775548F1FAE5D3BDE86D1FA098245CFCEDBC0
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG4.PNG		image
		MD5:5F2C2AC250C121473845F3D6750A2244	SHA256:6A0E8295FD59BBD53E192D6C5DBE6EECF16C6E0C10B36588B00C5436F8A4F048
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG		image
		MD5:07A3B8FC5002FC45C2B85B4DA8707867	SHA256:42F065601E38B4EC134F94ABFA2FEF6E4DEE23E04A35DBAFB442460090983F87
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG7.PNG		image
		MD5:60C4499189D11376C387660BE96A6B06	SHA256:64018D99D1A929066EE3F0E9B66E83D014B89D30D4EEDD7D09CF92D004660041
2240	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG		image
		MD5:63B87B298ED6A5A4FC0D2A3FAFA01DF4	SHA256:BF12F68AD3E982EEFF7330EA4BEAD2E6150A105407D35F1CA6373C175B3A91AD

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
968	irsetup.exe	GET	304	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f9d50ae334969db8	unknown	—	—	unknown
968	irsetup.exe	GET	200	104.18.38.233:80	http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D	unknown	binary	2.18 Kb	unknown
3344	javaw.exe	GET	302	78.46.66.120:80	http://res.tlauncher.org/b/libraries/org/tlauncher/picture-bundle/3.72/picture-bundle-3.72.jar	unknown	—	—	unknown
1080	svchost.exe	GET	200	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3e412f7b4eff0943	unknown	compressed	65.2 Kb	unknown
3344	javaw.exe	GET	302	78.46.66.120:80	http://res.tlauncher.org/b/client/jre/windows/jre-8u111-windows-i586.tar.gz	unknown	—	—	unknown
2132	javaw.exe	GET	200	104.21.70.46:80	http://img.fastrepo.org/update/downloads/configs/client/video/tl-discord-en.png	unknown	image	49.2 Kb	unknown
2132	javaw.exe	HEAD	200	104.20.64.88:80	http://page.tlauncher.org/	unknown	—	—	unknown
2132	javaw.exe	GET	200	104.20.65.88:80	http://repo.tlauncher.org/update/downloads/configs/inner_servers-1.1.json	unknown	text	5.02 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
2240	irsetup.exe	104.20.64.88:443	dl2.tlauncher.org	CLOUDFLARENET	—	unknown
968	irsetup.exe	104.20.65.88:443	dl2.tlauncher.org	CLOUDFLARENET	—	unknown
968	irsetup.exe	93.184.221.240:80	ctldl.windowsupdate.com	EDGECAST	GB	whitelisted
968	irsetup.exe	104.18.38.233:80	ocsp.usertrust.com	CLOUDFLARENET	—	shared
2240	irsetup.exe	46.4.112.215:443	advancedrepository.com	Hetzner Online GmbH	DE	unknown
3344	javaw.exe	78.46.66.120:80	res.tlauncher.org	Hetzner Online GmbH	DE	unknown
3344	javaw.exe	104.20.65.88:443	dl2.tlauncher.org	CLOUDFLARENET	—	unknown

DNS requests

Domain	IP	Reputation
dl2.tlauncher.org	104.20.64.88 104.20.65.88	unknown
tlauncher.org	104.20.65.88 104.20.64.88	unknown
ctldl.windowsupdate.com	93.184.221.240	whitelisted
ocsp.usertrust.com	104.18.38.233 172.64.149.23	whitelisted
advancedrepository.com	46.4.112.215	unknown
res.tlauncher.org	78.46.66.120	whitelisted
cl2-res.tlauncher.org	104.20.65.88 104.20.64.88	unknown
page.tlauncher.org	104.20.64.88 104.20.65.88	unknown
repo.tlauncher.org	104.20.65.88 104.20.64.88	whitelisted
img.tlauncher.org	104.20.64.88 104.20.65.88	unknown

Threats

PID	Process	Class	Message
3344	javaw.exe	Potentially Bad Traffic	ET POLICY Vulnerable Java Version 1.8.x Detected
3344	javaw.exe	Potentially Bad Traffic	ET POLICY Vulnerable Java Version 1.8.x Detected

Add for printing

No debug info

General Info

TLauncher-2.86-Installer-1.0.1.exe

F643BE370CC9763A17F7746B1B6A0243

C65391F59A6E1421D783EAF43EB9661CFD476F82

5AB5F39D143B6FF77DF2FD5026AC8E4788EDFD3DE27A4E1FA4B420A7D2F61D38

196608:8R6LQpso7SM9BSHdBEhha1YG4GFSj0QeOFV6z/RFjp:3OHSM9BqEG1YDGFRQeiVoRFjp

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Actions looks like stealing of personal data

SUSPICIOUS

Executable content was dropped or overwritten

Checks for Java to be installed

Reads the Windows owner or organization settings

Checks Windows Trust Settings

Reads the Internet Settings

Reads security settings of Internet Explorer

Reads settings of System Certificates

Adds/modifies Windows certificates

Reads Microsoft Outlook installation path

Reads Internet Explorer settings

Uses WMIC.EXE to obtain operating system information

Starts application with an unusual extension

Starts CMD.EXE for commands execution

Process requests binary or script from the Internet

The process drops C-runtime libraries

Process drops legitimate windows executable

Uses ICACLS.EXE to modify access control lists

Uses WMIC.EXE to obtain quick Fix Engineering (patches) data

Uses WMIC.EXE to obtain CPU information

INFO

Create files in a temporary directory

Reads the machine GUID from the registry

Reads the computer name

Checks proxy server information

Checks supported languages

Creates files or folders in the user directory

Creates files in the program directory

Reads security settings of Internet Explorer

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests