File name:

TLauncher.exe

Full analysis: https://app.any.run/tasks/d1c7d57b-9973-4e40-ae52-4f7ca681307e
Verdict: Malicious activity
Analysis date: August 05, 2024, 05:56:59
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

833512C89F1AB92C80131D415F89F442

SHA1:

DD9953DDCC33278BB97502FFDC6E7462E8005680

SHA256:

717F80429E16E7C467A8472DFB0404E22FDF2D67ECD94018B6536DC9D995BFF6

SSDEEP:

98304:qvKK66WOwiutuvviSUTgbIveWkTd2v3t17yoOJXfqXynArvXI01rMWm2hJRUvdd9:Prvbmm9smjNuBPshsmATpVND5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • TLauncher.exe (PID: 6572)
      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

  • SUSPICIOUS

    • Checks for Java to be installed

      • TLauncher.exe (PID: 6572)

    • Reads security settings of Internet Explorer

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Process drops legitimate windows executable

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Executable content was dropped or overwritten

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Identifying current user with WHOAMI command

      • cmd.exe (PID: 1236)

    • The process drops C-runtime libraries

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Starts CMD.EXE for commands execution

      • java.exe (PID: 6436)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7020)
      • cmd.exe (PID: 888)
      • cmd.exe (PID: 6580)
      • cmd.exe (PID: 1556)

    • Uses WMIC.EXE to obtain CPU information

      • cmd.exe (PID: 7020)

    • Uses WMIC.EXE to obtain quick Fix Engineering (patches) data

      • cmd.exe (PID: 6580)

    • The process creates files with name similar to system file names

      • java.exe (PID: 6436)

  • INFO

    • Creates files in the program directory

      • javaw.exe (PID: 6588)

    • Creates files or folders in the user directory

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)
      • dxdiag.exe (PID: 3164)

    • Checks supported languages

      • javaw.exe (PID: 6588)
      • TLauncher.exe (PID: 6572)
      • TextInputHost.exe (PID: 6616)
      • java.exe (PID: 6436)
      • chcp.com (PID: 6984)
      • chcp.com (PID: 1452)
      • chcp.com (PID: 7016)
      • chcp.com (PID: 3660)

    • Reads the computer name

      • javaw.exe (PID: 6588)
      • TextInputHost.exe (PID: 6616)
      • java.exe (PID: 6436)

    • Create files in a temporary directory

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Reads the machine GUID from the registry

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Manual execution by a user

      • cmd.exe (PID: 1236)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6364)
      • dxdiag.exe (PID: 3164)
      • WMIC.exe (PID: 3372)

    • Changes the display of characters in the console

      • chcp.com (PID: 6984)
      • chcp.com (PID: 1452)
      • chcp.com (PID: 7016)
      • chcp.com (PID: 3660)

    • Process checks computer location settings

      • java.exe (PID: 6436)

    • Reads CPU info

      • java.exe (PID: 6436)

    • Reads the software policy settings

      • dxdiag.exe (PID: 3164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (41)
.exe | Win64 Executable (generic) (36.3)
.dll | Win32 Dynamic Link Library (generic) (8.6)
.exe | Win32 Executable (generic) (5.9)
.exe | Win16/32 Executable Delphi generic (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:27 14:34:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.22
CodeSize: 25088
InitializedDataSize: 16896
UninitializedDataSize: 36864
EntryPoint: 0x1290
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.11.0.0
ProductVersionNumber: 1.11.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Windows NT
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: TLauncher Inc.
FileDescription: TLauncher
FileVersion: 1.11
InternalName: TLauncher
LegalCopyright: TLauncher Inc.
LegalTrademarks: -
OriginalFileName: TLauncher.exe
ProductName: TLauncher
ProductVersion: 1.11.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
164
Monitored processes
26
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start tlauncher.exe no specs javaw.exe icacls.exe no specs conhost.exe no specs textinputhost.exe no specs cmd.exe no specs conhost.exe no specs whoami.exe no specs java.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs dxdiag.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs tiworker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
460\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
888cmd.exe /C chcp 437 & set processorC:\Windows\System32\cmd.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1236"C:\WINDOWS\system32\cmd.exe" C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
3221225786
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\wldp.dll
1452chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1556cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txtC:\Windows\System32\cmd.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1692\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2272whoamiC:\Windows\System32\whoami.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
whoami - displays logged on user information
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\whoami.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2336\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3164dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txtC:\Windows\System32\dxdiag.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft DirectX Diagnostic Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dxdiag.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3372wmic qfe get HotFixIDC:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
Total events
29 551
Read events
29 420
Write events
110
Delete events
21

Modification events

(PID) Process:(6588) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6588) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6588) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6588) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6436) java.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6436) java.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6436) java.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6436) java.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3164) dxdiag.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectX Diagnostic Tool
Operation:writeName:DxDiag In SystemInfo
Value:
1
(PID) Process:(3164) dxdiag.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectX Diagnostic Tool
Operation:delete valueName:DxDiag In SystemInfo
Value:

Executable files
425
Suspicious files
176
Text files
812
Unknown types
4

Dropped files

PID
Process
Filename
Type
6588javaw.exeC:\Users\admin\AppData\Local\Temp\imageio3461639656564189125.tmpimage
MD5:A439014382612E34B571515B64A71058
SHA256:AB54464948DEC30D9D13E624BD5E5D0D59EF641B9EFDAB4EB869FB255A54E357
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\starter.jsonbinary
MD5:689E109F2EC6B5C06F34D5154456A666
SHA256:93D1049A5501CDCA00F9B0C68974CBDD587875584BD5B57FE51BA50DF6E5550A
6588javaw.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1693682860-607145093-2874071422-1001\83aa4cc77f591dfc2374580bbd95f6ba_bb926e54-e3ca-40fd-ae90-2764341e7792dbf
MD5:C8366AE350E7019AEFC9D1E6E6A498C6
SHA256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
6588javaw.exeC:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamptext
MD5:567FD6F8D659DFEBDEA054C5F438C637
SHA256:08DFB557098CA9B563C784C2F451E5FC61C1D1C89FA5682DF4EE91085E0B9CF8
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.924\resources.json.metadatabinary
MD5:9E5F845789CA3CFD72AFB45093322F72
SHA256:DF4FC1BFA64D9B4C24B51CA3542512F1604FE2189D724024C049286151C6B169
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.924\dependencies.json.tempbinary
MD5:63EFC497F38E113390292117062CBBA6
SHA256:EBC5231524854028E6B4A34BEDBB91DBE311E4F40802E88C4EA340C3459DB661
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.924\resources.json.tempbinary
MD5:39CE244FC02A8306645263BC762C3F68
SHA256:D870C69C8A8CC0F64C0C5CC599CAD6E64675FD68B80A1D1B6FBCFC5F8945D2E3
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.jsonbinary
MD5:E2CBEA0A8A22B79E63558273DDED5E6C
SHA256:10D0F3646BE0A7D73942D7BDD1E55C4B8DF0C34CAD7AD15A9DC23B2932155007
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json.metadatabinary
MD5:1DC11363697BF6282290A10F77534C56
SHA256:E96407466FA37ADBC2F78EF5FD271EAB8D265B3C64AC06FAABFA91E73FE0CA8F
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json.tempbinary
MD5:E2CBEA0A8A22B79E63558273DDED5E6C
SHA256:10D0F3646BE0A7D73942D7BDD1E55C4B8DF0C34CAD7AD15A9DC23B2932155007
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
129
DNS requests
38
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6140
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6140
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7064
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7124
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
6436
java.exe
GET
200
104.20.37.13:80
http://repo.tlauncher.org/update/downloads/configs/inner_servers-1.1.json
unknown
whitelisted
6436
java.exe
HEAD
200
104.20.37.13:80
http://page.tlauncher.org/
unknown
malicious
6436
java.exe
GET
200
104.26.10.134:80
http://img.fastrepo.org/update/downloads/configs/client/video/tl-discord-en.png
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
2876
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1928
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6588
javaw.exe
104.20.37.13:443
repo.tlauncher.org
CLOUDFLARENET
unknown
4
System
192.168.100.255:137
whitelisted
5336
SearchApp.exe
95.100.146.10:443
www.bing.com
Akamai International B.V.
CZ
unknown
5336
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6140
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 216.58.206.78
whitelisted
repo.tlauncher.org
  • 104.20.37.13
  • 104.20.36.13
whitelisted
www.bing.com
  • 95.100.146.10
  • 95.100.146.17
  • 95.100.146.24
  • 95.100.146.8
  • 95.100.146.33
  • 95.100.146.16
  • 95.100.146.19
  • 95.100.146.32
  • 95.100.146.35
  • 2.23.209.156
  • 2.23.209.162
  • 2.23.209.160
  • 2.23.209.158
  • 2.23.209.168
  • 2.23.209.157
  • 2.23.209.167
  • 2.23.209.166
  • 2.23.209.154
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.73
  • 20.190.159.71
  • 40.126.31.73
  • 40.126.31.71
  • 20.190.159.68
  • 20.190.159.23
  • 20.190.159.4
  • 20.190.159.0
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
fd.api.iris.microsoft.com
  • 20.74.47.205
whitelisted
th.bing.com
  • 95.100.146.24
  • 95.100.146.8
  • 95.100.146.17
  • 95.100.146.19
  • 95.100.146.32
  • 95.100.146.10
  • 95.100.146.16
  • 95.100.146.35
  • 95.100.146.33
  • 2.23.209.130
  • 2.23.209.135
  • 2.23.209.186
  • 2.23.209.187
  • 2.23.209.191
  • 2.23.209.192
  • 2.23.209.189
  • 2.23.209.133
  • 2.23.209.131
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
6436
java.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 17.0.x Detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
TLauncher.exe