File name:

TLauncher.exe

Full analysis: https://app.any.run/tasks/d1c7d57b-9973-4e40-ae52-4f7ca681307e
Verdict: Malicious activity
Analysis date: August 05, 2024, 05:56:59
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5:

833512C89F1AB92C80131D415F89F442

SHA1:

DD9953DDCC33278BB97502FFDC6E7462E8005680

SHA256:

717F80429E16E7C467A8472DFB0404E22FDF2D67ECD94018B6536DC9D995BFF6

SSDEEP:

98304:qvKK66WOwiutuvviSUTgbIveWkTd2v3t17yoOJXfqXynArvXI01rMWm2hJRUvdd9:Prvbmm9smjNuBPshsmATpVND5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • TLauncher.exe (PID: 6572)
      • java.exe (PID: 6436)
      • javaw.exe (PID: 6588)

  • SUSPICIOUS

    • Checks for Java to be installed

      • TLauncher.exe (PID: 6572)

    • The process drops C-runtime libraries

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Executable content was dropped or overwritten

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Identifying current user with WHOAMI command

      • cmd.exe (PID: 1236)

    • Starts CMD.EXE for commands execution

      • java.exe (PID: 6436)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7020)
      • cmd.exe (PID: 888)
      • cmd.exe (PID: 1556)
      • cmd.exe (PID: 6580)

    • Reads security settings of Internet Explorer

      • java.exe (PID: 6436)
      • javaw.exe (PID: 6588)

    • Process drops legitimate windows executable

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Uses WMIC.EXE to obtain quick Fix Engineering (patches) data

      • cmd.exe (PID: 6580)

    • The process creates files with name similar to system file names

      • java.exe (PID: 6436)

    • Uses WMIC.EXE to obtain CPU information

      • cmd.exe (PID: 7020)

  • INFO

    • Create files in a temporary directory

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)

    • Reads the computer name

      • javaw.exe (PID: 6588)
      • TextInputHost.exe (PID: 6616)
      • java.exe (PID: 6436)

    • Creates files or folders in the user directory

      • javaw.exe (PID: 6588)
      • java.exe (PID: 6436)
      • dxdiag.exe (PID: 3164)

    • Creates files in the program directory

      • javaw.exe (PID: 6588)

    • Manual execution by a user

      • cmd.exe (PID: 1236)

    • Checks supported languages

      • java.exe (PID: 6436)
      • TLauncher.exe (PID: 6572)
      • javaw.exe (PID: 6588)
      • chcp.com (PID: 6984)
      • TextInputHost.exe (PID: 6616)
      • chcp.com (PID: 1452)
      • chcp.com (PID: 7016)
      • chcp.com (PID: 3660)

    • Reads the machine GUID from the registry

      • java.exe (PID: 6436)
      • javaw.exe (PID: 6588)

    • Process checks computer location settings

      • java.exe (PID: 6436)

    • Reads CPU info

      • java.exe (PID: 6436)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6364)
      • dxdiag.exe (PID: 3164)
      • WMIC.exe (PID: 3372)

    • Changes the display of characters in the console

      • chcp.com (PID: 6984)
      • chcp.com (PID: 1452)
      • chcp.com (PID: 7016)
      • chcp.com (PID: 3660)

    • Reads the software policy settings

      • dxdiag.exe (PID: 3164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (41)
.exe | Win64 Executable (generic) (36.3)
.dll | Win32 Dynamic Link Library (generic) (8.6)
.exe | Win32 Executable (generic) (5.9)
.exe | Win16/32 Executable Delphi generic (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:27 14:34:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug
PEType: PE32
LinkerVersion: 2.22
CodeSize: 25088
InitializedDataSize: 16896
UninitializedDataSize: 36864
EntryPoint: 0x1290
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.11.0.0
ProductVersionNumber: 1.11.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Windows NT
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: TLauncher Inc.
FileDescription: TLauncher
FileVersion: 1.11
InternalName: TLauncher
LegalCopyright: TLauncher Inc.
LegalTrademarks: -
OriginalFileName: TLauncher.exe
ProductName: TLauncher
ProductVersion: 1.11.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
164
Monitored processes
26
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start tlauncher.exe no specs javaw.exe icacls.exe no specs conhost.exe no specs textinputhost.exe no specs cmd.exe no specs conhost.exe no specs whoami.exe no specs java.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs dxdiag.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs tiworker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
460\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
888cmd.exe /C chcp 437 & set processorC:\Windows\System32\cmd.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1236"C:\WINDOWS\system32\cmd.exe" C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
3221225786
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\wldp.dll
1452chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1556cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txtC:\Windows\System32\cmd.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1692\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2272whoamiC:\Windows\System32\whoami.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
whoami - displays logged on user information
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\whoami.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2336\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3164dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txtC:\Windows\System32\dxdiag.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft DirectX Diagnostic Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dxdiag.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3372wmic qfe get HotFixIDC:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
Total events
29 551
Read events
29 420
Write events
110
Delete events
21

Modification events

(PID) Process:(6588) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6588) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6588) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6588) javaw.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6436) java.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6436) java.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6436) java.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6436) java.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3164) dxdiag.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectX Diagnostic Tool
Operation:writeName:DxDiag In SystemInfo
Value:
1
(PID) Process:(3164) dxdiag.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\DirectX Diagnostic Tool
Operation:delete valueName:DxDiag In SystemInfo
Value:

Executable files
425
Suspicious files
176
Text files
812
Unknown types
4

Dropped files

PID
Process
Filename
Type
6588javaw.exeC:\Users\admin\AppData\Local\Temp\imageio6376458085566538663.tmpimage
MD5:12010D9C529AD2AD3979C3A7E7EBB6D1
SHA256:7E20B79A691E10FCD0D78F70723384A4A8D574310ADC507D6BABBE87EE4F9AF5
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json.metadatabinary
MD5:1EB3A98DFC0A2C2B0C41CE64ECABAA94
SHA256:BA257C8074E857E866FF8D05A67CA59B9987513211F7CBD254E4123AAAA0E429
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.924\dependencies.json.metadatabinary
MD5:5639E4F115FB54A534951E6DD2764A25
SHA256:AFF91EDFE3EC4AAB2C73600E9D9AB7956BE08CE3267F97AC57C920B2F906C0BF
6588javaw.exeC:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c8061.timestamptext
MD5:567FD6F8D659DFEBDEA054C5F438C637
SHA256:08DFB557098CA9B563C784C2F451E5FC61C1D1C89FA5682DF4EE91085E0B9CF8
6588javaw.exeC:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1693682860-607145093-2874071422-1001\83aa4cc77f591dfc2374580bbd95f6ba_bb926e54-e3ca-40fd-ae90-2764341e7792dbf
MD5:C8366AE350E7019AEFC9D1E6E6A498C6
SHA256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.924\dependencies.json.tempbinary
MD5:63EFC497F38E113390292117062CBBA6
SHA256:EBC5231524854028E6B4A34BEDBB91DBE311E4F40802E88C4EA340C3459DB661
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json.metadatabinary
MD5:1DC11363697BF6282290A10F77534C56
SHA256:E96407466FA37ADBC2F78EF5FD271EAB8D265B3C64AC06FAABFA91E73FE0CA8F
6588javaw.exeC:\Users\admin\AppData\Local\Temp\imageio9001561682238769337.tmpimage
MD5:794EB92E3B9D16B375D8E07B08BA29A6
SHA256:3AA536E4A0EAF52249C31AD4C033CF59AF476D71682D0A14656059220F6FD217
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\logs\starter\log.2024-08-05_05.logtext
MD5:F115C1B23649987C289A636FBA94925A
SHA256:E596E0936438220A17D426BB80DBF9F89688C470EAA848E78AEC030F68AB5437
6588javaw.exeC:\Users\admin\AppData\Roaming\.tlauncher\starter\starter.jsonbinary
MD5:689E109F2EC6B5C06F34D5154456A666
SHA256:93D1049A5501CDCA00F9B0C68974CBDD587875584BD5B57FE51BA50DF6E5550A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
129
DNS requests
38
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6140
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6140
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7064
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7124
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6436
java.exe
GET
200
104.20.37.13:80
http://repo.tlauncher.org/update/downloads/configs/inner_servers-1.1.json
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
6436
java.exe
HEAD
200
104.20.37.13:80
http://page.tlauncher.org/
unknown
malicious
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
2876
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1928
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6588
javaw.exe
104.20.37.13:443
repo.tlauncher.org
CLOUDFLARENET
unknown
4
System
192.168.100.255:137
whitelisted
5336
SearchApp.exe
95.100.146.10:443
www.bing.com
Akamai International B.V.
CZ
unknown
5336
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
6140
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 216.58.206.78
whitelisted
repo.tlauncher.org
  • 104.20.37.13
  • 104.20.36.13
whitelisted
www.bing.com
  • 95.100.146.10
  • 95.100.146.17
  • 95.100.146.24
  • 95.100.146.8
  • 95.100.146.33
  • 95.100.146.16
  • 95.100.146.19
  • 95.100.146.32
  • 95.100.146.35
  • 2.23.209.156
  • 2.23.209.162
  • 2.23.209.160
  • 2.23.209.158
  • 2.23.209.168
  • 2.23.209.157
  • 2.23.209.167
  • 2.23.209.166
  • 2.23.209.154
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.73
  • 20.190.159.71
  • 40.126.31.73
  • 40.126.31.71
  • 20.190.159.68
  • 20.190.159.23
  • 20.190.159.4
  • 20.190.159.0
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
fd.api.iris.microsoft.com
  • 20.74.47.205
whitelisted
th.bing.com
  • 95.100.146.24
  • 95.100.146.8
  • 95.100.146.17
  • 95.100.146.19
  • 95.100.146.32
  • 95.100.146.10
  • 95.100.146.16
  • 95.100.146.35
  • 95.100.146.33
  • 2.23.209.130
  • 2.23.209.135
  • 2.23.209.186
  • 2.23.209.187
  • 2.23.209.191
  • 2.23.209.192
  • 2.23.209.189
  • 2.23.209.133
  • 2.23.209.131
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
6436
java.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 17.0.x Detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TLauncher.exe