URL:

https://tlauncher.org/en/

Full analysis: https://app.any.run/tasks/f6b45de5-7301-481c-bb14-fc76d7a17c59
Verdict: Malicious activity
Analysis date: October 05, 2023, 17:39:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

91D2079252AA9D349CA4BFDD7CA031A8D9CEA748

SHA256:

C322DB70597221ED0C6CC05BB9208F5EF70614DBA14B01209EB4015E9EF96868

SSDEEP:

3:N8BEeLu5A+:2K5F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • irsetup.exe (PID: 2424)
      • BrowserInstaller.exe (PID: 2880)
      • irsetup.exe (PID: 3196)
      • TLauncher.exe (PID: 2372)
      • TLauncher.exe (PID: 2984)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1840)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1884)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1764)
      • irsetup.exe (PID: 3372)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 3524)
      • irsetup.exe (PID: 3440)
      • BrowserInstaller.exe (PID: 3364)
      • TLauncher.exe (PID: 948)
      • TLauncher.exe (PID: 3716)

    • Loads dropped or rewritten executable

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • irsetup.exe (PID: 3372)
      • irsetup.exe (PID: 3440)

    • Drops the executable file immediately after the start

      • irsetup.exe (PID: 2424)
      • BrowserInstaller.exe (PID: 2880)
      • irsetup.exe (PID: 3372)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1764)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1884)
      • BrowserInstaller.exe (PID: 3364)

    • Actions looks like stealing of personal data

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3372)

  • SUSPICIOUS

    • Reads the Internet Settings

      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1764)
      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • BrowserInstaller.exe (PID: 2880)
      • irsetup.exe (PID: 3372)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1884)
      • BrowserInstaller.exe (PID: 3364)
      • irsetup.exe (PID: 3440)
      • WMIC.exe (PID: 2844)
      • WMIC.exe (PID: 3988)

    • Reads the Windows owner or organization settings

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • irsetup.exe (PID: 3372)
      • irsetup.exe (PID: 3440)

    • Checks for Java to be installed

      • irsetup.exe (PID: 2424)
      • TLauncher.exe (PID: 2372)
      • TLauncher.exe (PID: 2984)
      • irsetup.exe (PID: 3372)
      • TLauncher.exe (PID: 948)
      • TLauncher.exe (PID: 3716)

    • Reads Microsoft Outlook installation path

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3372)

    • Checks Windows Trust Settings

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • irsetup.exe (PID: 3372)
      • irsetup.exe (PID: 3440)

    • Reads security settings of Internet Explorer

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • irsetup.exe (PID: 3372)
      • irsetup.exe (PID: 3440)

    • Reads settings of System Certificates

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • irsetup.exe (PID: 3372)
      • irsetup.exe (PID: 3440)

    • Reads Internet Explorer settings

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3372)

    • Adds/modifies Windows certificates

      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1764)

    • Creates a software uninstall entry

      • irsetup.exe (PID: 3372)

    • Starts CMD.EXE for commands execution

      • javaw.exe (PID: 3084)

    • Starts application with an unusual extension

      • cmd.exe (PID: 1052)
      • cmd.exe (PID: 2852)

    • Uses WMIC.EXE to obtain operating system information

      • cmd.exe (PID: 1052)
      • cmd.exe (PID: 2852)

    • Process requests binary or script from the Internet

      • javaw.exe (PID: 3084)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 612)
      • chrome.exe (PID: 2140)

    • Manual execution by a user

      • chrome.exe (PID: 2140)
      • explorer.exe (PID: 3776)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1840)
      • TLauncher.exe (PID: 2984)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1884)
      • TLauncher.exe (PID: 3716)

    • The process uses the downloaded file

      • chrome.exe (PID: 2356)
      • chrome.exe (PID: 1992)
      • chrome.exe (PID: 2572)
      • chrome.exe (PID: 2140)
      • chrome.exe (PID: 3232)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 2140)
      • chrome.exe (PID: 4052)

    • Reads the computer name

      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1764)
      • irsetup.exe (PID: 2424)
      • BrowserInstaller.exe (PID: 2880)
      • irsetup.exe (PID: 3196)
      • irsetup.exe (PID: 3372)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1884)
      • BrowserInstaller.exe (PID: 3364)
      • irsetup.exe (PID: 3440)
      • javaw.exe (PID: 3084)
      • javaw.exe (PID: 2352)

    • Checks supported languages

      • irsetup.exe (PID: 2424)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1764)
      • irsetup.exe (PID: 3196)
      • BrowserInstaller.exe (PID: 2880)
      • TLauncher.exe (PID: 2372)
      • javaw.exe (PID: 3124)
      • javaw.exe (PID: 2500)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1884)
      • TLauncher.exe (PID: 2984)
      • irsetup.exe (PID: 3372)
      • BrowserInstaller.exe (PID: 3364)
      • TLauncher.exe (PID: 948)
      • javaw.exe (PID: 3084)
      • irsetup.exe (PID: 3440)
      • chcp.com (PID: 604)
      • TLauncher.exe (PID: 3716)
      • javaw.exe (PID: 2352)
      • chcp.com (PID: 3500)

    • Create files in a temporary directory

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • BrowserInstaller.exe (PID: 2880)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1884)
      • irsetup.exe (PID: 3372)
      • TLauncher-2.885-Installer-1.1.3 (1).exe (PID: 1764)
      • BrowserInstaller.exe (PID: 3364)
      • irsetup.exe (PID: 3440)
      • javaw.exe (PID: 3084)
      • javaw.exe (PID: 2352)

    • Checks proxy server information

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • irsetup.exe (PID: 3372)
      • irsetup.exe (PID: 3440)

    • Reads the machine GUID from the registry

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3196)
      • irsetup.exe (PID: 3372)
      • irsetup.exe (PID: 3440)
      • javaw.exe (PID: 3084)

    • Creates files or folders in the user directory

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3372)
      • javaw.exe (PID: 2352)
      • javaw.exe (PID: 3084)

    • Creates files in the program directory

      • irsetup.exe (PID: 2424)
      • irsetup.exe (PID: 3372)
      • javaw.exe (PID: 3084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
111
Monitored processes
58
Malicious processes
15
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe no specs iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs tlauncher-2.885-installer-1.1.3 (1).exe no specs tlauncher-2.885-installer-1.1.3 (1).exe irsetup.exe chrome.exe no specs chrome.exe no specs browserinstaller.exe no specs irsetup.exe tlauncher.exe no specs javaw.exe no specs tlauncher.exe no specs javaw.exe no specs explorer.exe no specs tlauncher-2.885-installer-1.1.3 (1).exe no specs tlauncher-2.885-installer-1.1.3 (1).exe irsetup.exe browserinstaller.exe no specs irsetup.exe tlauncher.exe no specs javaw.exe icacls.exe no specs cmd.exe no specs chcp.com no specs wmic.exe no specs tlauncher.exe no specs javaw.exe no specs cmd.exe no specs chcp.com no specs wmic.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
560"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2248 --field-trial-handle=1208,i,5614714107599738942,12366020625246581790,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
604chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Change CodePage Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
612"C:\Program Files\Internet Explorer\iexplore.exe" "https://tlauncher.org/en/"C:\Program Files\Internet Explorer\iexplore.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
948"C:\Users\admin\AppData\Roaming\.minecraft\TLauncher.exe" C:\Users\admin\AppData\Roaming\.minecraft\TLauncher.exeirsetup.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
HIGH
Description:
TLauncher
Exit code:
0
Version:
2.893
Modules
Images
c:\users\admin\appdata\roaming\.minecraft\tlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
1052cmd.exe /C chcp 437 & wmic os get osarchitectureC:\Windows\System32\cmd.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
1432"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3560 --field-trial-handle=1208,i,5614714107599738942,12366020625246581790,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1560"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3744 --field-trial-handle=1208,i,5614714107599738942,12366020625246581790,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1620"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4180 --field-trial-handle=1208,i,5614714107599738942,12366020625246581790,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1736"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4640 --field-trial-handle=1208,i,5614714107599738942,12366020625246581790,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1764"C:\Users\admin\Downloads\TLauncher-2.885-Installer-1.1.3 (1).exe" C:\Users\admin\Downloads\TLauncher-2.885-Installer-1.1.3 (1).exe
chrome.exe
User:
admin
Company:
TLauncher Inc.
Integrity Level:
HIGH
Description:
TLauncher Setup
Exit code:
0
Version:
1.1.3.0
Modules
Images
c:\users\admin\downloads\tlauncher-2.885-installer-1.1.3 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
36 192
Read events
35 791
Write events
400
Delete events
1

Modification events

(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(612) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
48
Suspicious files
211
Text files
956
Unknown types
0

Dropped files

PID
Process
Filename
Type
3424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_96EEC010953ED454BBCDFA69FC071E7Cbinary
MD5:8A77B81830E2018D24FFEC7AC6C3EFAD
SHA256:7F75B464B556A576E1814A5E837D8D9E9233FCED1E89E924CEA81D4831F216CC
3424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:CD019724C767B70D7BEF5B0E91BDCDE1
SHA256:253C8A1C4405F465CDF58C41FC78FF882FA47C1CB70AA49DD8B44C63F3A0D2F9
2140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF1527f4.TMP
MD5:
SHA256:
2140chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_96EEC010953ED454BBCDFA69FC071E7Cbinary
MD5:05FC12172CD8C0DBE4805EA23A76A33E
SHA256:DCFB1B44D643D2745514C990E46C173708D257304D0F5966BCCB5B21443F6F6D
3424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:D0A250A960F6D3C027B49A34D27A8DE6
SHA256:2C963F86CC92BE30FF2B2C62BD0DD2EF4A4B3F005634FEE683B025E619581681
3424iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\challenges[1].csstext
MD5:2C78B7F8FA496092BF41D5EDD51611E7
SHA256:2B0BD09C1CC7119D27E45353A59BF6C2721563E1689853FF704057A7439508D2
612iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.datbinary
MD5:07F9B7BFE91513888645110621FCEB41
SHA256:67DBF3360F17B7A489752ED886DC47F8E2C790E9668C13E919DAD681896D4841
3424iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27binary
MD5:FBD9B309407E0EC4B72357F6AEB4A481
SHA256:36C2D7979520D8736404B4D3F0280E91D6CB21E99A78AC512F26979D59C04BC4
612iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{24F8F826-63A6-11EE-B150-12A9866C77DE}.datbinary
MD5:F23CCA218FF613F6EBD6C21340812C24
SHA256:4063DA31D3A05486BD633AA28041B2A60658419699F15855A31C0C8A0A3E29AE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
65
DNS requests
61
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3084
javaw.exe
GET
302
78.46.66.120:80
http://res.tlauncher.org/b/libraries/org/tlauncher/picture-bundle/3.72/picture-bundle-3.72.jar
unknown
unknown
3084
javaw.exe
GET
302
78.46.66.120:80
http://res.tlauncher.org/b/client/jre/windows/jre-8u111-windows-i586.tar.gz
unknown
unknown
3424
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?717397429a10e56a
unknown
compressed
4.66 Kb
unknown
3424
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b79c52c977c97463
unknown
compressed
4.66 Kb
unknown
3424
iexplore.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEH1NQqkrQx1%2BZFPnwZqNWHc%3D
unknown
binary
1.41 Kb
unknown
3424
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
binary
1.47 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3424
iexplore.exe
104.20.235.70:443
tlauncher.org
CLOUDFLARENET
unknown
2656
svchost.exe
239.255.255.250:1900
whitelisted
3424
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3424
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3424
iexplore.exe
104.18.21.226:80
ocsp.globalsign.com
CLOUDFLARENET
shared
3424
iexplore.exe
104.16.56.101:443
static.cloudflareinsights.com
CLOUDFLARENET
unknown
3424
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4052
chrome.exe
142.250.185.227:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
2140
chrome.exe
239.255.255.250:1900
whitelisted
4052
chrome.exe
142.250.186.109:443
accounts.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 93.184.221.240
  • 209.197.3.8
whitelisted
ocsp.globalsign.com
  • 104.18.21.226
  • 104.18.20.226
whitelisted
static.cloudflareinsights.com
  • 104.16.56.101
  • 104.16.57.101
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
clientservices.googleapis.com
  • 142.250.185.227
whitelisted
accounts.google.com
  • 142.250.186.109
shared
www.google.com
  • 172.217.18.100
whitelisted
www.gstatic.com
  • 142.250.186.67
whitelisted
apis.google.com
  • 142.250.184.238
whitelisted
encrypted-tbn0.gstatic.com
  • 142.250.184.238
whitelisted

Threats

PID
Process
Class
Message
3084
javaw.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
3084
javaw.exe
Potentially Bad Traffic
ET POLICY Vulnerable Java Version 1.8.x Detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://tlauncher.org/en/