File name:

TLauncher-Installer-1.8.6.exe

Full analysis: https://app.any.run/tasks/72a23f62-6850-43f7-9cd4-91a08f6ed698
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 04, 2025, 15:08:38
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
upx
lua
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

C7D2CAF117243BFA880FA9EF5F15F785

SHA1:

2ACBC3753513BAAAFD342F2243D99326F2C0D95F

SHA256:

7631C1EAA1E8089FECC94FDA60554A4307E00AE737C4B44FA631F721B2C0575D

SSDEEP:

393216:mtHWFNPRgabiZjmnlRAoNAZ4uW8rpzAFp:mo4aOEnlbK/W8l+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • irsetup.exe (PID: 320)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • irsetup.exe (PID: 320)
      • BrowserInstaller.exe (PID: 2216)
      • irsetup.exe (PID: 5416)
      • setup.exe (PID: 3940)

    • Executable content was dropped or overwritten

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • BrowserInstaller.exe (PID: 2216)
      • irsetup.exe (PID: 5416)
      • opera-installer-bro.exe (PID: 684)
      • setup.exe (PID: 5744)
      • irsetup.exe (PID: 320)
      • setup.exe (PID: 3940)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 5808)
      • setup.exe (PID: 6716)

    • Checks for Java to be installed

      • irsetup.exe (PID: 320)

    • Reads Microsoft Outlook installation path

      • irsetup.exe (PID: 320)

    • Reads Internet Explorer settings

      • irsetup.exe (PID: 320)

    • There is functionality for taking screenshot (YARA)

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • setup.exe (PID: 5744)
      • BrowserInstaller.exe (PID: 2216)
      • irsetup.exe (PID: 320)
      • setup.exe (PID: 3940)
      • setup.exe (PID: 6716)
      • setup.exe (PID: 5808)

    • Application launched itself

      • setup.exe (PID: 3940)
      • setup.exe (PID: 5808)

    • Starts itself from another location

      • setup.exe (PID: 3940)

    • Creates a software uninstall entry

      • irsetup.exe (PID: 320)

  • INFO

    • The sample compiled with english language support

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • BrowserInstaller.exe (PID: 2216)
      • opera-installer-bro.exe (PID: 684)
      • setup.exe (PID: 5744)
      • irsetup.exe (PID: 320)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 3940)
      • setup.exe (PID: 5808)
      • setup.exe (PID: 6716)

    • Checks supported languages

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • irsetup.exe (PID: 320)
      • BrowserInstaller.exe (PID: 2216)
      • irsetup.exe (PID: 5416)
      • opera-installer-bro.exe (PID: 684)
      • setup.exe (PID: 5744)
      • setup.exe (PID: 3940)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 5808)
      • setup.exe (PID: 6716)

    • Reads the computer name

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • irsetup.exe (PID: 320)
      • BrowserInstaller.exe (PID: 2216)
      • irsetup.exe (PID: 5416)
      • setup.exe (PID: 3940)
      • setup.exe (PID: 5808)

    • Process checks computer location settings

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • irsetup.exe (PID: 320)
      • BrowserInstaller.exe (PID: 2216)
      • irsetup.exe (PID: 5416)

    • The sample compiled with portuguese language support

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • BrowserInstaller.exe (PID: 2216)
      • irsetup.exe (PID: 320)

    • Create files in a temporary directory

      • TLauncher-Installer-1.8.6.exe (PID: 4312)
      • irsetup.exe (PID: 320)
      • BrowserInstaller.exe (PID: 2216)
      • irsetup.exe (PID: 5416)
      • opera-installer-bro.exe (PID: 684)
      • setup.exe (PID: 3940)
      • setup.exe (PID: 5744)
      • setup.exe (PID: 6808)
      • setup.exe (PID: 5808)
      • setup.exe (PID: 6716)

    • Reads the machine GUID from the registry

      • irsetup.exe (PID: 320)
      • irsetup.exe (PID: 5416)
      • setup.exe (PID: 3940)

    • Reads the software policy settings

      • irsetup.exe (PID: 320)
      • irsetup.exe (PID: 5416)
      • setup.exe (PID: 3940)
      • slui.exe (PID: 2276)

    • Checks proxy server information

      • irsetup.exe (PID: 320)
      • irsetup.exe (PID: 5416)
      • setup.exe (PID: 3940)
      • slui.exe (PID: 2276)

    • The process uses Lua

      • irsetup.exe (PID: 320)
      • irsetup.exe (PID: 5416)

    • UPX packer has been detected

      • irsetup.exe (PID: 320)
      • irsetup.exe (PID: 5416)

    • Creates files or folders in the user directory

      • setup.exe (PID: 3940)
      • setup.exe (PID: 5744)
      • irsetup.exe (PID: 320)

    • Creates files in the program directory

      • irsetup.exe (PID: 320)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | InstallShield setup (54.3)
.exe | Win64 Executable (generic) (34.8)
.exe | Win32 Executable (generic) (5.6)
.exe | Generic Win/DOS Executable (2.5)
.exe | DOS Executable Generic (2.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:25 15:19:56+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 1125376
InitializedDataSize: 576000
UninitializedDataSize: -
EntryPoint: 0xf165b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.8.6.0
ProductVersionNumber: 2.9332.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
Comments: TLauncher Setup
CompanyName: TLauncher Inc.
FileDescription: TLauncher Setup
FileVersion: 1.8.6.0
InternalName: TLauncher
LegalCopyright: TLauncher Copyright © 2025
LegalTrademarks: TLauncher
OriginalFileName: suf_launch.exe
ProductName: TLauncher
ProductVersion: 2.9332.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
13
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start tlauncher-installer-1.8.6.exe irsetup.exe browserinstaller.exe irsetup.exe opera-installer-bro.exe setup.exe setup.exe setup.exe setup.exe setup.exe slui.exe svchost.exe tlauncher-installer-1.8.6.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:3933458 "__IRAFN:C:\Users\admin\Desktop\TLauncher-Installer-1.8.6.exe" "__IRCT:3" "__IRTSS:26633353" "__IRSID:S-1-5-21-1693682860-607145093-2874071422-1001"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
TLauncher-Installer-1.8.6.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Version:
10.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
684"C:\Users\admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0C:\Users\admin\AppData\Local\Temp\opera-installer-bro.exe
irsetup.exe
User:
admin
Integrity Level:
HIGH
Description:
Opera installer SFX
Version:
119.0.5497.163
Modules
Images
c:\users\admin\appdata\local\temp\opera-installer-bro.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2200C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2216"C:\Users\admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\admin\AppData\Local\Temp\setuparguments.iniC:\Users\admin\AppData\Local\Temp\BrowserInstaller.exe
irsetup.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
HIGH
Description:
Installer of Browser Offers in TLauncher
Version:
7.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\browserinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2276C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3652"C:\Users\admin\Desktop\TLauncher-Installer-1.8.6.exe" C:\Users\admin\Desktop\TLauncher-Installer-1.8.6.exeexplorer.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
MEDIUM
Description:
TLauncher Setup
Exit code:
3221226540
Version:
1.8.6.0
Modules
Images
c:\users\admin\desktop\tlauncher-installer-1.8.6.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3940C:\Users\admin\AppData\Local\Temp\7zSCA21B297\setup.exe --silent --allusers=0 --server-tracking-blob=MzI2MzAwZjVlNGY2MDg1M2UwNDE3N2Q5NjZiZWYwOGY0MDMxMDZjY2JiMGM5MmMzMmQwMGU0ZTZkM2NhNWVkMTp7ImNvdW50cnkiOiJOTyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPU1TVEwmdXRtX21lZGl1bT1wYiZ1dG1fY2FtcGFpZ249T3BlcmFHWCIsInRpbWVzdGFtcCI6IjE3NTE2NDE3NTEuNDA2NiIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOC4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFHWCIsIm1lZGl1bSI6InBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiOGQwYzIxNDYtMmE0OS00Y2MwLTg1M2QtNzA0NGU4M2NhMmM0In0=C:\Users\admin\AppData\Local\Temp\7zSCA21B297\setup.exe
opera-installer-bro.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera GX Installer
Version:
119.0.5497.163
Modules
Images
c:\users\admin\appdata\local\temp\7zsca21b297\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
4312"C:\Users\admin\Desktop\TLauncher-Installer-1.8.6.exe" C:\Users\admin\Desktop\TLauncher-Installer-1.8.6.exe
explorer.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
HIGH
Description:
TLauncher Setup
Version:
1.8.6.0
Modules
Images
c:\users\admin\desktop\tlauncher-installer-1.8.6.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5416"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:3839250 "__IRAFN:C:\Users\admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:3869932" "__IRSID:S-1-5-21-1693682860-607145093-2874071422-1001"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
BrowserInstaller.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Version:
10.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_1\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5744C:\Users\admin\AppData\Local\Temp\7zSCA21B297\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=119.0.5497.163 --initial-client-data=0x29c,0x2a0,0x2a4,0xf0,0x2a8,0x7ffc451bb388,0x7ffc451bb394,0x7ffc451bb3a0C:\Users\admin\AppData\Local\Temp\7zSCA21B297\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera GX Installer
Version:
119.0.5497.163
Modules
Images
c:\users\admin\appdata\local\temp\7zsca21b297\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
17 809
Read events
17 769
Write events
28
Delete events
12

Modification events

(PID) Process:(320) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(320) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(320) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(320) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
(PID) Process:(320) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFeedsInitialSelection
Value:
(PID) Process:(3940) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3940) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3940) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5808) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Opera Software
Operation:writeName:Last Opera GX Stable Install Path
Value:
C:\Users\admin\AppData\Local\Programs\Opera GX\
(PID) Process:(320) irsetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TLauncher
Operation:writeName:DisplayName
Value:
TLauncher
Executable files
22
Suspicious files
7
Text files
652
Unknown types
0

Dropped files

PID
Process
Filename
Type
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat
MD5:
SHA256:
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG6.PNGimage
MD5:60B52C43FBE8E1130F839EDEACB2365C
SHA256:076B474C2F0041D8C6FB367361A3060095C89535457F96D0DC119E7F5824A8A2
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG11.PNGimage
MD5:B8F16353BB61D0DC3ADAD4D989B85327
SHA256:8935E547950C8DA206386799970D233D30A72ED17C1633038EBCE7CDA23E613C
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG10.PNGimage
MD5:7B3D4746205EDC44D5D9F586B51A5E0C
SHA256:3367A86225CF72AD96D999C4A8EAC8E63AA533B4BA902A616EE7C591C60C4C25
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG4.BMPimage
MD5:C87F44BE2C13B601E3C6C2D2FE07A60A
SHA256:64DA5BD044908B2C3A725C5A55EDEC1644BE498F41EA05D42A6AE8CD797F1D80
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNGimage
MD5:AE4BAB7A21EE0C892A900E1AF5D2CB70
SHA256:AC9E7F0D04688876723F3917EB0865F538545FAA631EB5AFE2604ABEC5DC98D3
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG5.BMPimage
MD5:E08203F56B8B0B7022783CFE8495A099
SHA256:8BB7B411181B2E5CC1309ADEDEC23C1300F7E02F9750187E149A88525D549289
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG8.PNGimage
MD5:12ECAE9157FE5C58553CCDB80E1AA963
SHA256:7DC1476A5EDD8DDDC78E0F1AC1D822743BEF1366B0F29A8CAA686D3E92AC6F00
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG7.BMPimage
MD5:E276621DBADE47E7E95DAFD5E543C794
SHA256:41DEF0B87D450A2096339F5E9D1EB73E479962AD49F8EF243ABE4685301AF599
320irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG6.BMPimage
MD5:E3E2115B669FF7BF83E2335AD9DC20C7
SHA256:BEC04616F5E6F2313FF008BA90FDF61D1903350CED09747AABE708B89B1D2076
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
45
TCP/UDP connections
44
DNS requests
23
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
320
irsetup.exe
GET
200
172.66.129.18:80
http://dl2.tlauncher.org/
unknown
malicious
320
irsetup.exe
GET
200
172.66.129.18:80
http://dl2.tlauncher.org/
unknown
malicious
GET
200
104.20.7.182:443
https://dl2.tlauncher.org/check_latest_tl.php?optime=0
unknown
text
55 b
GET
200
18.194.13.238:443
https://net.geo.opera.com/opera_gx/stable/edition/std-2/?utm_source=MSTL&utm_medium=pb&utm_campaign=OperaGX
unknown
executable
4.18 Mb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
dl2.tlauncher.org
  • 172.66.129.18
  • 104.20.7.182
unknown
net.geo.opera.com
  • 185.26.182.112
  • 185.26.182.111
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted
autoupdate.opera.com
  • 82.145.216.46
  • 82.145.216.19
  • 82.145.216.47
  • 82.145.216.20
whitelisted
features.opera-api2.com
  • 185.26.182.111
  • 185.26.182.94
  • 185.26.182.118
  • 185.26.182.93
  • 185.26.182.112
  • 185.26.182.106
malicious
api.config.opr.gg
  • 104.18.24.17
  • 104.18.25.17
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Potential Corporate Privacy Violation
ET INFO Outgoing Basic Auth Base64 HTTP Password detected unencrypted
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TLauncher-Installer-1.8.6.exe