File name:

TLauncher-Installer-1.7.2.exe

Full analysis: https://app.any.run/tasks/064558ae-a40b-4d07-b396-62cd1142f504
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 17, 2025, 03:00:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
upx
lua
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

CB36CC6B09BD767CCA83A494D65AE496

SHA1:

C24EA24A25B9B315363C114A6DBF3CB1C7FB8083

SHA256:

A9741780FC7DEE2AFE2C51229704D911A4DDFCB85DAAA7E3AAA681E3412B6EC1

SSDEEP:

196608:LCVdM8FnOaNvJN8cOuOl0e+d3bRnTEWkRo/F7zdHFRloinZ87eSkDgtycn7:WXmabiZjmnlRAoNBTl72RkUn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • irsetup.exe (PID: 6964)
      • 360TS_Setup.exe (PID: 4428)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • TLauncher-Installer-1.7.2.exe (PID: 6564)
      • irsetup.exe (PID: 6964)
      • BrowserInstaller.exe (PID: 5164)
      • 360-installer-bro.exe (PID: 1164)
      • irsetup.exe (PID: 6728)
      • 360TS_Setup.exe (PID: 7000)
      • 360TS_Setup.exe (PID: 4428)

    • Reads security settings of Internet Explorer

      • TLauncher-Installer-1.7.2.exe (PID: 6564)
      • irsetup.exe (PID: 6964)
      • BrowserInstaller.exe (PID: 5164)
      • irsetup.exe (PID: 6728)
      • 360-installer-bro.exe (PID: 1164)
      • 360TS_Setup.exe (PID: 4428)

    • Checks for Java to be installed

      • irsetup.exe (PID: 6964)

    • Reads Microsoft Outlook installation path

      • irsetup.exe (PID: 6964)

    • There is functionality for taking screenshot (YARA)

      • irsetup.exe (PID: 6964)
      • 360TS_Setup.exe (PID: 7000)

    • Creates a software uninstall entry

      • irsetup.exe (PID: 6964)

    • Starts itself from another location

      • 360TS_Setup.exe (PID: 7000)

    • Process requests binary or script from the Internet

      • 360-installer-bro.exe (PID: 1164)

    • Potential Corporate Privacy Violation

      • 360-installer-bro.exe (PID: 1164)

    • Reads Internet Explorer settings

      • irsetup.exe (PID: 6964)

    • Creates file in the systems drive root

      • 360TS_Setup.exe (PID: 4428)

    • The process verifies whether the antivirus software is installed

      • 360TS_Setup.exe (PID: 4428)

    • Drops 7-zip archiver for unpacking

      • 360TS_Setup.exe (PID: 4428)

  • INFO

    • The sample compiled with english language support

      • TLauncher-Installer-1.7.2.exe (PID: 6564)
      • irsetup.exe (PID: 6964)
      • BrowserInstaller.exe (PID: 5164)
      • irsetup.exe (PID: 6728)
      • 360-installer-bro.exe (PID: 1164)
      • 360TS_Setup.exe (PID: 4428)

    • Checks supported languages

      • TLauncher-Installer-1.7.2.exe (PID: 6564)
      • irsetup.exe (PID: 6964)
      • irsetup.exe (PID: 6728)
      • BrowserInstaller.exe (PID: 5164)
      • 360-installer-bro.exe (PID: 1164)
      • 360TS_Setup.exe (PID: 7000)
      • 360TS_Setup.exe (PID: 4428)

    • Create files in a temporary directory

      • TLauncher-Installer-1.7.2.exe (PID: 6564)
      • irsetup.exe (PID: 6964)
      • BrowserInstaller.exe (PID: 5164)
      • irsetup.exe (PID: 6728)
      • 360-installer-bro.exe (PID: 1164)
      • 360TS_Setup.exe (PID: 7000)
      • 360TS_Setup.exe (PID: 4428)

    • Reads the computer name

      • irsetup.exe (PID: 6964)
      • TLauncher-Installer-1.7.2.exe (PID: 6564)
      • BrowserInstaller.exe (PID: 5164)
      • irsetup.exe (PID: 6728)
      • 360-installer-bro.exe (PID: 1164)
      • 360TS_Setup.exe (PID: 7000)
      • 360TS_Setup.exe (PID: 4428)

    • Process checks computer location settings

      • TLauncher-Installer-1.7.2.exe (PID: 6564)
      • irsetup.exe (PID: 6964)
      • BrowserInstaller.exe (PID: 5164)
      • irsetup.exe (PID: 6728)
      • 360-installer-bro.exe (PID: 1164)
      • 360TS_Setup.exe (PID: 4428)

    • Checks proxy server information

      • irsetup.exe (PID: 6964)
      • irsetup.exe (PID: 6728)
      • 360-installer-bro.exe (PID: 1164)
      • slui.exe (PID: 5364)
      • 360TS_Setup.exe (PID: 4428)

    • Reads the machine GUID from the registry

      • irsetup.exe (PID: 6964)
      • irsetup.exe (PID: 6728)
      • 360-installer-bro.exe (PID: 1164)
      • 360TS_Setup.exe (PID: 4428)

    • Reads the software policy settings

      • irsetup.exe (PID: 6964)
      • irsetup.exe (PID: 6728)
      • slui.exe (PID: 5364)
      • 360TS_Setup.exe (PID: 4428)

    • UPX packer has been detected

      • irsetup.exe (PID: 6964)
      • irsetup.exe (PID: 6728)

    • The process uses Lua

      • irsetup.exe (PID: 6964)
      • irsetup.exe (PID: 6728)

    • Creates files in the program directory

      • irsetup.exe (PID: 6964)
      • 360TS_Setup.exe (PID: 7000)
      • 360TS_Setup.exe (PID: 4428)

    • Disables trace logs

      • 360-installer-bro.exe (PID: 1164)

    • Creates files or folders in the user directory

      • irsetup.exe (PID: 6964)
      • 360-installer-bro.exe (PID: 1164)
      • 360TS_Setup.exe (PID: 4428)

    • The sample compiled with chinese language support

      • 360TS_Setup.exe (PID: 7000)
      • 360TS_Setup.exe (PID: 4428)

    • The sample compiled with turkish language support

      • 360TS_Setup.exe (PID: 4428)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:09:18 16:06:44+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 23552
InitializedDataSize: 142848
UninitializedDataSize: -
EntryPoint: 0x2ce1
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.7.2.0
ProductVersionNumber: 2.9316.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
Comments: TLauncher Setup
CompanyName: TLauncher Inc.
FileDescription: TLauncher Setup
FileVersion: 1.7.2.0
InternalName: TLauncher
LegalCopyright: TLauncher Copyright © 2025
LegalTrademarks: TLauncher
OriginalFileName: suf_launch.exe
ProductName: TLauncher
ProductVersion: 2.9316.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
129
Monitored processes
9
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start tlauncher-installer-1.7.2.exe irsetup.exe browserinstaller.exe irsetup.exe 360-installer-bro.exe slui.exe 360ts_setup.exe 360ts_setup.exe tlauncher-installer-1.7.2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1164"C:\Users\admin\AppData\Local\Temp\360-installer-bro.exe" /sC:\Users\admin\AppData\Local\Temp\360-installer-bro.exe
irsetup.exe
User:
admin
Company:
Qihoo 360 Technology Co. Ltd.
Integrity Level:
HIGH
Description:
360 Total Security Online Installer
Exit code:
1
Version:
6, 6, 0, 1060
Modules
Images
c:\users\admin\appdata\local\temp\360-installer-bro.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1228"C:\Users\admin\Desktop\TLauncher-Installer-1.7.2.exe" C:\Users\admin\Desktop\TLauncher-Installer-1.7.2.exeexplorer.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
MEDIUM
Description:
TLauncher Setup
Exit code:
3221226540
Version:
1.7.2.0
Modules
Images
c:\users\admin\desktop\tlauncher-installer-1.7.2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4428"C:\Program Files (x86)\1742180593_0\360TS_Setup.exe" /c:WW.TLauncher.CPI202307 /pmode:2 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /s /TSinstallC:\Program Files (x86)\1742180593_0\360TS_Setup.exe
360TS_Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Installer Module
Version:
11,0,0,1178
Modules
Images
c:\program files (x86)\1742180593_0\360ts_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5164"C:\Users\admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\admin\AppData\Local\Temp\setuparguments.iniC:\Users\admin\AppData\Local\Temp\BrowserInstaller.exe
irsetup.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
HIGH
Description:
Installer of Browser Offers in TLauncher
Exit code:
0
Version:
5.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\browserinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5364C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6564"C:\Users\admin\Desktop\TLauncher-Installer-1.7.2.exe" C:\Users\admin\Desktop\TLauncher-Installer-1.7.2.exe
explorer.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
HIGH
Description:
TLauncher Setup
Version:
1.7.2.0
Modules
Images
c:\users\admin\desktop\tlauncher-installer-1.7.2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6728"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1682186 "__IRAFN:C:\Users\admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1712847" "__IRSID:S-1-5-21-1693682860-607145093-2874071422-1001"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
BrowserInstaller.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
0
Version:
9.7.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_1\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6964"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1776394 "__IRAFN:C:\Users\admin\Desktop\TLauncher-Installer-1.7.2.exe" "__IRCT:3" "__IRTSS:23849095" "__IRSID:S-1-5-21-1693682860-607145093-2874071422-1001"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
TLauncher-Installer-1.7.2.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Version:
9.7.0.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
7000"C:\Users\admin\AppData\Local\Temp\360TS_Setup.exe" /c:WW.TLauncher.CPI202307 /pmode:2 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /sC:\Users\admin\AppData\Local\Temp\360TS_Setup.exe
360-installer-bro.exe
User:
admin
Integrity Level:
HIGH
Description:
Installer Module
Version:
11,0,0,1178
Modules
Images
c:\users\admin\appdata\local\temp\360ts_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
18 329
Read events
18 265
Write events
48
Delete events
16

Modification events

(PID) Process:(6964) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6964) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6964) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6964) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
(PID) Process:(6964) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFeedsInitialSelection
Value:
(PID) Process:(1164) 360-installer-bro.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\360Safe\Liveup
Operation:writeName:mid
Value:
80342cb959da2233832ae840f019ccba8b56b331eb673be97c52113eab1cd1bc
(PID) Process:(1164) 360-installer-bro.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LiveUpdate360
Operation:writeName:proxytype
Value:
1
(PID) Process:(1164) 360-installer-bro.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360-installer-bro_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(1164) 360-installer-bro.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360-installer-bro_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(1164) 360-installer-bro.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\360-installer-bro_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
101
Suspicious files
363
Text files
795
Unknown types
0

Dropped files

PID
Process
Filename
Type
6964irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat
MD5:
SHA256:
6564TLauncher-Installer-1.7.2.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exeexecutable
MD5:C6910D820D93ABDA59A3A14A37792EB3
SHA256:3EE9F8B6118C1AB867EF9A30A3CEC909638B5106E7B21C5A27F291F234B6C3ED
6564TLauncher-Installer-1.7.2.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dllexecutable
MD5:ECC57F7D6507C2CB63AEB1F9D18210D3
SHA256:E6CB42CE5A0245DCAF635CD2950B2811AE5F4990CBC11126E2E8E769556144AB
6964irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNGimage
MD5:291E091E6BA848322862B4542CA31D86
SHA256:FC8417DB835B3951211F7A4F9E620EA6C0FDC1349BB121B8EAB5C4DF086AA8DD
6964irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG8.PNGimage
MD5:6AA3A2B752FB8497352A2B4A07B9DE6A
SHA256:544F81175D3262F34E0F30D323FFD03D72217E1351218E37BE22ED2F7F7453DA
6964irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMPimage
MD5:F5D6A81635291E408332CC01C565068F
SHA256:4C85CDDDD497AD81FEDB090BC0F8D69B54106C226063FDC1795ADA7D8DC74E26
6964irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG6.PNGimage
MD5:2069DBECB12B81F39BD4DA5D68ACDAF9
SHA256:23671AB4E8051F0729C884EA24C107DE6B02620AF4153C6AC033BB87A368D810
6964irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNGimage
MD5:416A822743CDBB2E2AA12989EE3AD93E
SHA256:014C943AC5C17A932189A045B44A6366198165F79420CE62020A1FDFCEEC93D2
6964irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMPimage
MD5:F35117734829B05CFCEAA7E39B2B61FB
SHA256:9C893FE1AB940EE4C2424AA9DD9972E7AD3198DA670006263ECBBB5106D881E3
6964irsetup.exeC:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNGimage
MD5:989062F9985A241F1EECB2E3FEFE768B
SHA256:5613C36D661C305A2C765F519C4F006355BACB6283CF682923FE29A30599C570
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
69
DNS requests
15
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6964
irsetup.exe
GET
200
104.20.36.13:80
http://dl2.tlauncher.org/
unknown
malicious
6964
irsetup.exe
GET
200
104.20.36.13:80
http://dl2.tlauncher.org/
unknown
malicious
1164
360-installer-bro.exe
GET
200
52.29.179.141:80
http://s.360safe.com/360ts/mini_inst.htm?ver=6.6.0.1060&pid=WW.TLauncher.CPI202307&os=10.0&mid=80342cb959da2233832ae840f019ccba&state=153
unknown
whitelisted
1164
360-installer-bro.exe
GET
200
52.29.179.141:80
http://s.360safe.com/safei18n/query_env.htm?v611=DgY0MAEIT09F0AABAADlPJRb4qVil2f%2FlqrkeJ8CdzRipr8pWZfKv2DSJnGDWHISSVdJneyv0QqXkqzjkM3Z5z7vQO00JA6fm4BBzVI1JYdwlZudcc04VtxrUcXbKyC1DaB%2FrHq3h%2Bs9oxuohVqli75YKWI%2BsMJRPPD2xnX2dvAkPicdL9G1Y10JUETsPr%2FRXnKqGCUqbJqcB0v37BZxg5K7Qp%2FJD5iT03OWilfDR7bFlCbOqKg10imC%2BCuVVTRMXDRDfMexWWEO6URcsEC0lRR%2F4sBfFobkCmqZX8COcGd2LvEnEc9divUfZsW2b4pP4wuqmiSO9KDFDgSgN5G4d8qby5ZJHnhvskpStAo50zJ%2BVllQNoST9Wfao9oN4Me2Wtlcb6caQsykJnpDAx6X%2BxjwrOpzCsMzLh9yLIerIJHXsVoFSvse%2Bv7PN5pLIWRtKcqnp%2FOx00%2FirjU%2Bhsw%3D
unknown
whitelisted
1164
360-installer-bro.exe
GET
200
52.29.179.141:80
http://s.360safe.com/safei18n/dimana.htm?lr=1&mid=80342cb959da2233832ae840f019ccba&mod=360Installer.exe&ph=02a8342074eb25c8adb2d135e2bab7e5&p2p=1&t_id=360TS_Setup_For_Mini.cab&tads=656&tdl=656&tds=656&terr=0&tes=Status|1,ErrorCode|0,DnCount|6,HttpNum|1,DnFailCount|1,FStatus|1,P2SS|656,P2PS|0,PDMode|2&tfl=656&tp=t&tst=1&ttdl=656&ttm=1000&ttup=120&vh=1.3.0.1361&vp=1.3.0.1320&softname=360TS
unknown
whitelisted
1164
360-installer-bro.exe
GET
200
151.236.118.173:80
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cab
unknown
whitelisted
1164
360-installer-bro.exe
GET
104.192.108.21:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1178.exe
unknown
whitelisted
1164
360-installer-bro.exe
GET
104.192.108.20:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1178.exe
unknown
whitelisted
1164
360-installer-bro.exe
GET
200
108.138.24.189:80
http://sd.p.360safe.com/0AF163392E0737C0CFF7908EC1FB2ACC0BAD6FDB.trt
unknown
whitelisted
1164
360-installer-bro.exe
GET
104.192.108.17:80
http://int.down.360safe.com/totalsecurity/360TS_Setup_11.0.0.1178.exe
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6964
irsetup.exe
104.20.36.13:80
dl2.tlauncher.org
CLOUDFLARENET
unknown
6964
irsetup.exe
104.20.36.13:443
dl2.tlauncher.org
CLOUDFLARENET
unknown
6728
irsetup.exe
151.236.71.147:443
free.360totalsecurity.com
CDNetworks LLC
RU
whitelisted
1164
360-installer-bro.exe
54.77.42.29:3478
st.p.360safe.com
whitelisted
1164
360-installer-bro.exe
52.29.179.141:80
s.360safe.com
AMAZON-02
DE
whitelisted
1164
360-installer-bro.exe
151.236.118.173:80
iup.360safe.com
CDNetworks LLC
RU
whitelisted
1164
360-installer-bro.exe
54.76.174.118:80
tr.p.360safe.com
whitelisted
1164
360-installer-bro.exe
108.138.24.189:80
sd.p.360safe.com
AMAZON-02
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.206
whitelisted
dl2.tlauncher.org
  • 104.20.36.13
  • 104.20.37.13
unknown
free.360totalsecurity.com
  • 151.236.71.147
whitelisted
st.p.360safe.com
  • 54.77.42.29
whitelisted
s.360safe.com
  • 52.29.179.141
  • 18.184.178.29
whitelisted
iup.360safe.com
  • 151.236.118.173
whitelisted
tr.p.360safe.com
  • 54.76.174.118
whitelisted
int.down.360safe.com
  • 104.192.108.17
  • 104.192.108.20
  • 104.192.108.21
whitelisted
sd.p.360safe.com
  • 108.138.24.189
  • 108.138.24.132
  • 108.138.24.16
  • 108.138.24.221
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO Packed Executable Download
1164
360-installer-bro.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
1164
360-installer-bro.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TLauncher-Installer-1.7.2.exe