URL:

https://tlauncher.org/en/

Full analysis: https://app.any.run/tasks/6b2af8cc-03e6-4fb7-8c9a-9d90d45799a4
Verdict: Malicious activity
Analysis date: March 26, 2024, 01:39:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C146A57F50544DCA592397189220E6B5

SHA1:

91D2079252AA9D349CA4BFDD7CA031A8D9CEA748

SHA256:

C322DB70597221ED0C6CC05BB9208F5EF70614DBA14B01209EB4015E9EF96868

SSDEEP:

3:N8BEeLu5A+:2K5F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • irsetup.exe (PID: 2644)
      • TLauncher-2.899-Installer-1.3.1.exe (PID: 2256)
      • BrowserInstaller.exe (PID: 128)
      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3816)

    • Actions looks like stealing of personal data

      • irsetup.exe (PID: 2644)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • TLauncher-2.899-Installer-1.3.1.exe (PID: 2256)
      • irsetup.exe (PID: 2644)
      • BrowserInstaller.exe (PID: 128)
      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3816)

    • Checks for Java to be installed

      • irsetup.exe (PID: 2644)
      • TLauncher.exe (PID: 2424)
      • TLauncher.exe (PID: 3548)

    • Checks Windows Trust Settings

      • irsetup.exe (PID: 2644)
      • irsetup.exe (PID: 2760)

    • Reads the Internet Settings

      • TLauncher-2.899-Installer-1.3.1.exe (PID: 2256)
      • irsetup.exe (PID: 2644)
      • BrowserInstaller.exe (PID: 128)
      • irsetup.exe (PID: 2760)
      • WMIC.exe (PID: 1732)
      • WMIC.exe (PID: 2492)
      • WMIC.exe (PID: 1876)
      • WMIC.exe (PID: 1636)

    • Reads security settings of Internet Explorer

      • TLauncher-2.899-Installer-1.3.1.exe (PID: 2256)
      • irsetup.exe (PID: 2644)
      • BrowserInstaller.exe (PID: 128)
      • irsetup.exe (PID: 2760)

    • Reads the Windows owner or organization settings

      • irsetup.exe (PID: 2644)
      • irsetup.exe (PID: 2760)

    • Reads Microsoft Outlook installation path

      • irsetup.exe (PID: 2644)

    • Reads settings of System Certificates

      • irsetup.exe (PID: 2644)
      • irsetup.exe (PID: 2760)
      • dxdiag.exe (PID: 1368)

    • Adds/modifies Windows certificates

      • irsetup.exe (PID: 2644)

    • Creates a software uninstall entry

      • irsetup.exe (PID: 2644)

    • Starts CMD.EXE for commands execution

      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3816)

    • Starts application with an unusual extension

      • cmd.exe (PID: 2380)
      • cmd.exe (PID: 2740)
      • cmd.exe (PID: 3124)
      • cmd.exe (PID: 3120)
      • cmd.exe (PID: 124)
      • cmd.exe (PID: 3696)
      • cmd.exe (PID: 1020)

    • Reads Internet Explorer settings

      • irsetup.exe (PID: 2644)

    • Uses WMIC.EXE to obtain operating system information

      • cmd.exe (PID: 2740)
      • cmd.exe (PID: 2380)

    • The process drops C-runtime libraries

      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3816)

    • Process drops legitimate windows executable

      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3816)

    • Process requests binary or script from the Internet

      • javaw.exe (PID: 3816)

    • Uses ICACLS.EXE to modify access control lists

      • javaw.exe (PID: 3816)

    • Uses WMIC.EXE to obtain CPU information

      • cmd.exe (PID: 3120)

    • The process creates files with name similar to system file names

      • javaw.exe (PID: 3816)

    • Uses WMIC.EXE to obtain quick Fix Engineering (patches) data

      • cmd.exe (PID: 3696)

    • Creates/Modifies COM task schedule object

      • dxdiag.exe (PID: 1368)

  • INFO

    • Manual execution by a user

      • chrome.exe (PID: 1576)
      • TLauncher.exe (PID: 3548)

    • Application launched itself

      • iexplore.exe (PID: 2120)
      • chrome.exe (PID: 1576)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 1576)
      • chrome.exe (PID: 1772)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 1576)
      • chrome.exe (PID: 1772)

    • The process uses the downloaded file

      • chrome.exe (PID: 1576)
      • chrome.exe (PID: 908)

    • Checks supported languages

      • TLauncher-2.899-Installer-1.3.1.exe (PID: 2256)
      • irsetup.exe (PID: 2644)
      • BrowserInstaller.exe (PID: 128)
      • irsetup.exe (PID: 2760)
      • TLauncher.exe (PID: 2424)
      • javaw.exe (PID: 1548)
      • chcp.com (PID: 2556)
      • chcp.com (PID: 668)
      • TLauncher.exe (PID: 3548)
      • javaw.exe (PID: 3416)
      • chcp.com (PID: 2072)
      • chcp.com (PID: 840)
      • javaw.exe (PID: 3816)
      • chcp.com (PID: 3812)
      • chcp.com (PID: 2904)
      • chcp.com (PID: 3504)

    • Checks proxy server information

      • irsetup.exe (PID: 2644)
      • irsetup.exe (PID: 2760)

    • Reads the machine GUID from the registry

      • irsetup.exe (PID: 2644)
      • javaw.exe (PID: 1548)
      • irsetup.exe (PID: 2760)
      • javaw.exe (PID: 3816)

    • Reads the computer name

      • TLauncher-2.899-Installer-1.3.1.exe (PID: 2256)
      • irsetup.exe (PID: 2644)
      • BrowserInstaller.exe (PID: 128)
      • irsetup.exe (PID: 2760)
      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3416)
      • javaw.exe (PID: 3816)

    • Create files in a temporary directory

      • TLauncher-2.899-Installer-1.3.1.exe (PID: 2256)
      • irsetup.exe (PID: 2644)
      • BrowserInstaller.exe (PID: 128)
      • irsetup.exe (PID: 2760)
      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3416)
      • javaw.exe (PID: 3816)

    • Reads the software policy settings

      • irsetup.exe (PID: 2644)
      • irsetup.exe (PID: 2760)
      • dxdiag.exe (PID: 1368)

    • Creates files or folders in the user directory

      • irsetup.exe (PID: 2644)
      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3416)
      • javaw.exe (PID: 3816)

    • Creates files in the program directory

      • irsetup.exe (PID: 2644)
      • javaw.exe (PID: 1548)
      • javaw.exe (PID: 3816)

    • Reads security settings of Internet Explorer

      • dxdiag.exe (PID: 1368)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
113
Monitored processes
54
Malicious processes
9
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs tlauncher-2.899-installer-1.3.1.exe no specs tlauncher-2.899-installer-1.3.1.exe irsetup.exe browserinstaller.exe irsetup.exe tlauncher.exe no specs javaw.exe icacls.exe no specs cmd.exe no specs chcp.com no specs wmic.exe no specs cmd.exe no specs chcp.com no specs wmic.exe no specs tlauncher.exe no specs javaw.exe no specs javaw.exe icacls.exe no specs cmd.exe no specs cmd.exe no specs chcp.com no specs systeminfo.exe no specs chcp.com no specs wmic.exe no specs cmd.exe no specs chcp.com no specs cmd.exe no specs chcp.com no specs dxdiag.exe no specs cmd.exe no specs chcp.com no specs wmic.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124cmd.exe /C chcp 437 & set processorC:\Windows\System32\cmd.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
128"C:\Users\admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\admin\AppData\Local\Temp\setuparguments.iniC:\Users\admin\AppData\Local\Temp\BrowserInstaller.exe
irsetup.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
HIGH
Description:
Installer of Browser Offers in TLauncher
Exit code:
0
Version:
2.6.0.0
Modules
Images
c:\users\admin\appdata\local\temp\browserinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
668chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Change CodePage Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
680"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=892,i,6208108103792901040,2067340479357805860,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
840chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Change CodePage Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
908"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=4120 --field-trial-handle=892,i,6208108103792901040,2067340479357805860,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
948"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2288 --field-trial-handle=892,i,6208108103792901040,2067340479357805860,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1020cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txtC:\Windows\System32\cmd.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1168icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage\608ad60fbfdf0bc0.timestamp /grant "everyone":(OI)(CI)MC:\Windows\System32\icacls.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
1368dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txtC:\Windows\System32\dxdiag.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft DirectX Diagnostic Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dxdiag.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
57 808
Read events
57 177
Write events
532
Delete events
99

Modification events

(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31096606
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31096606
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2120) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
391
Suspicious files
1 412
Text files
1 391
Unknown types
83

Dropped files

PID
Process
Filename
Type
3092iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:014FFFBD0F57919C58B32998C33C5428
SHA256:35E5C830A76062856F581DF2AEA6720CCC30DADCC644FA9BBCE010C8BCB7FD2A
3092iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:65A591E032F79D56E3B0B8E8326C8D4C
SHA256:E756605DC8465008D7DD7498E33B21F69BA48396B28BB3013862EBBB9FB177DF
2120iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFE198A61CA967D3A7.TMPgmc
MD5:32685D69510B7F562D9458862DEAA7AD
SHA256:4C6FC43A4CE08910D03E0FB6CB8EC1E77C39FB3A3BABC566BA6BED5921A49B18
2120iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118Ader
MD5:8C5CD6BAB6123DE3B8F2A57A22F28CD3
SHA256:D383182162CE092BB3CE895AE358D8C1D59CD30503AF4694BEBB59DC26567728
3092iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:DC83F7ACAED8A3525BC9A91778A357AF
SHA256:BCBA6E9A08BEEE95D60ACEA8C5B0646042759E4D125F2956BA3834FB84434970
1576chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF186193.TMP
MD5:
SHA256:
1576chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3092iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464der
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
3092iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:F0BA032DE86CEE2DDA99C39E085827A9
SHA256:4F43FDBC4FA8772D63D2285A4D82C221B273CCD3AAB9784CA1B4F03FE2DDC410
3092iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:4DD6C26BA34071E16E0616B9F6D241AA
SHA256:A5852C3C449B39843F2029A7311C82CB88B49CC0F2B7608C515049DF6C39619A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
123
DNS requests
71
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3092
iexplore.exe
GET
200
172.217.18.3:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
3092
iexplore.exe
GET
304
95.101.54.227:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5259f1aa84763c8c
unknown
unknown
3092
iexplore.exe
GET
304
2.16.202.65:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7f30423e8f7249ff
unknown
unknown
3092
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
binary
2.18 Kb
unknown
3092
iexplore.exe
GET
200
172.217.18.3:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
binary
724 b
unknown
2120
iexplore.exe
GET
304
2.16.202.65:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4ad9b1827f1f75f1
unknown
unknown
2120
iexplore.exe
GET
304
2.16.202.65:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?dca56d26e7d9ce15
unknown
unknown
2120
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
314 b
unknown
1080
svchost.exe
GET
200
95.101.54.243:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?aa4b77dd5ef709e5
unknown
compressed
67.5 Kb
unknown
2120
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
3092
iexplore.exe
104.20.64.88:443
tlauncher.org
CLOUDFLARENET
unknown
3092
iexplore.exe
2.16.202.65:80
ctldl.windowsupdate.com
Akamai International B.V.
NL
unknown
3092
iexplore.exe
95.101.54.227:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
3092
iexplore.exe
104.18.38.233:80
ocsp.usertrust.com
CLOUDFLARENET
shared
3092
iexplore.exe
104.16.80.73:443
static.cloudflareinsights.com
CLOUDFLARENET
unknown
3092
iexplore.exe
172.217.18.3:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2120
iexplore.exe
2.23.209.187:443
www.bing.com
Akamai International B.V.
GB
unknown

DNS requests

Domain
IP
Reputation
tlauncher.org
  • 104.20.64.88
  • 104.20.65.88
unknown
ctldl.windowsupdate.com
  • 95.101.54.227
  • 2.16.202.65
  • 95.101.54.243
  • 95.101.54.232
  • 95.101.54.248
  • 95.101.54.234
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
static.cloudflareinsights.com
  • 104.16.80.73
  • 104.16.79.73
whitelisted
ocsp.pki.goog
  • 172.217.18.3
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 2.23.209.133
  • 2.23.209.187
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
clientservices.googleapis.com
  • 142.250.185.195
whitelisted
accounts.google.com
  • 74.125.71.84
shared

Threats

PID
Process
Class
Message
1772
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] A free CDN for open source projects (jsdelivr .net)
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
3816
javaw.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://tlauncher.org/en/