URL:

tlauncher.com

Full analysis: https://app.any.run/tasks/faefa520-3a27-407b-aca4-08fd8edc3019
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: January 27, 2026, 15:33:24
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
payload
stealer
java
cve-2025-35250
lua
upx
Indicators:
MD5:

DB61C2F0255F0B5D152E510372730B34

SHA1:

6FEB4E0B078E7BB28E30CBE9B0C80B0A3160337E

SHA256:

D7BEE7CE08281DEF34C7212D73CEFA689B6D84CCBBD12812D712A5AD4347671A

SSDEEP:

3:ceLiT:ce2T

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • irsetup.exe (PID: 4604)
      • irsetup.exe (PID: 4964)
      • irsetup.exe (PID: 6172)

    • CVE-2025-35250 has been detected

      • dxdiag.exe (PID: 10204)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8340)
      • irsetup.exe (PID: 4604)
      • TLauncher-Installer-1.9.5.5.exe (PID: 3952)
      • irsetup.exe (PID: 6172)
      • irsetup.exe (PID: 4964)
      • BrowserInstaller.exe (PID: 9360)
      • BrowserInstaller.exe (PID: 10212)
      • javaw.exe (PID: 9868)
      • java.exe (PID: 552)

    • Checks for Java to be installed

      • irsetup.exe (PID: 4604)
      • irsetup.exe (PID: 4964)
      • irsetup.exe (PID: 6172)
      • TLauncher.exe (PID: 9852)

    • Reads Microsoft Outlook installation path

      • irsetup.exe (PID: 4604)
      • irsetup.exe (PID: 4964)
      • irsetup.exe (PID: 6172)

    • Reads Internet Explorer settings

      • irsetup.exe (PID: 4604)
      • irsetup.exe (PID: 6172)
      • irsetup.exe (PID: 4964)

    • Process drops legitimate windows executable

      • javaw.exe (PID: 9868)
      • java.exe (PID: 552)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7040)
      • cmd.exe (PID: 9996)
      • cmd.exe (PID: 8024)
      • cmd.exe (PID: 9196)

    • Uses WMIC.EXE to obtain CPU information

      • cmd.exe (PID: 7040)

    • The process drops C-runtime libraries

      • javaw.exe (PID: 9868)
      • java.exe (PID: 552)

    • Creates/Modifies COM task schedule object

      • dxdiag.exe (PID: 10204)

    • Starts CMD.EXE for commands execution

      • java.exe (PID: 552)

    • The process creates files with name similar to system file names

      • java.exe (PID: 552)

    • Uses WMIC.EXE to obtain quick Fix Engineering (patches) data

      • cmd.exe (PID: 8024)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 5180)

    • Drops script file

      • msedge.exe (PID: 5180)
      • msedge.exe (PID: 9108)
      • javaw.exe (PID: 9868)

    • Checks supported languages

      • identity_helper.exe (PID: 7460)
      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • irsetup.exe (PID: 4604)
      • irsetup.exe (PID: 4964)
      • TLauncher-Installer-1.9.5.5.exe (PID: 3952)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8340)
      • irsetup.exe (PID: 6172)
      • BrowserInstaller.exe (PID: 9360)
      • javaw.exe (PID: 9868)
      • TLauncher.exe (PID: 9852)
      • BrowserInstaller.exe (PID: 10212)
      • irsetup.exe (PID: 9404)
      • GameBar.exe (PID: 6912)
      • irsetup.exe (PID: 8104)
      • java.exe (PID: 552)
      • chcp.com (PID: 8900)
      • chcp.com (PID: 10176)
      • chcp.com (PID: 936)
      • chcp.com (PID: 8292)

    • Reads Environment values

      • identity_helper.exe (PID: 7460)

    • Create files in a temporary directory

      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • irsetup.exe (PID: 4604)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8340)
      • TLauncher-Installer-1.9.5.5.exe (PID: 3952)
      • irsetup.exe (PID: 4964)
      • irsetup.exe (PID: 6172)
      • BrowserInstaller.exe (PID: 9360)
      • irsetup.exe (PID: 9404)
      • javaw.exe (PID: 9868)
      • BrowserInstaller.exe (PID: 10212)
      • irsetup.exe (PID: 8104)
      • java.exe (PID: 552)

    • Reads the computer name

      • identity_helper.exe (PID: 7460)
      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • irsetup.exe (PID: 4604)
      • TLauncher-Installer-1.9.5.5.exe (PID: 3952)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8340)
      • irsetup.exe (PID: 6172)
      • irsetup.exe (PID: 4964)
      • BrowserInstaller.exe (PID: 9360)
      • irsetup.exe (PID: 9404)
      • javaw.exe (PID: 9868)
      • BrowserInstaller.exe (PID: 10212)
      • irsetup.exe (PID: 8104)
      • GameBar.exe (PID: 6912)
      • java.exe (PID: 552)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 5180)

    • The sample compiled with english language support

      • msedge.exe (PID: 5180)
      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • irsetup.exe (PID: 4604)
      • TLauncher-Installer-1.9.5.5.exe (PID: 3952)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8340)
      • irsetup.exe (PID: 6172)
      • irsetup.exe (PID: 4964)
      • javaw.exe (PID: 9868)
      • java.exe (PID: 552)

    • Process checks computer location settings

      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8340)
      • TLauncher-Installer-1.9.5.5.exe (PID: 3952)
      • irsetup.exe (PID: 6172)
      • BrowserInstaller.exe (PID: 9360)
      • irsetup.exe (PID: 4964)
      • BrowserInstaller.exe (PID: 10212)
      • java.exe (PID: 552)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 5180)

    • The sample compiled with portuguese language support

      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8340)
      • TLauncher-Installer-1.9.5.5.exe (PID: 3952)
      • BrowserInstaller.exe (PID: 9360)
      • irsetup.exe (PID: 6172)
      • BrowserInstaller.exe (PID: 10212)

    • Reads security settings of Internet Explorer

      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8340)
      • TLauncher-Installer-1.9.5.5.exe (PID: 3952)
      • irsetup.exe (PID: 4964)
      • irsetup.exe (PID: 4604)
      • irsetup.exe (PID: 6172)
      • BrowserInstaller.exe (PID: 9360)
      • javaw.exe (PID: 9868)
      • BrowserInstaller.exe (PID: 10212)
      • java.exe (PID: 552)
      • GameBar.exe (PID: 6912)
      • WMIC.exe (PID: 9988)
      • dxdiag.exe (PID: 10204)
      • WMIC.exe (PID: 6904)

    • Checks proxy server information

      • irsetup.exe (PID: 4604)
      • irsetup.exe (PID: 4964)
      • irsetup.exe (PID: 6172)
      • slui.exe (PID: 5868)

    • Reads the machine GUID from the registry

      • irsetup.exe (PID: 4604)
      • irsetup.exe (PID: 4964)
      • irsetup.exe (PID: 6172)
      • javaw.exe (PID: 9868)
      • java.exe (PID: 552)

    • Creates files or folders in the user directory

      • irsetup.exe (PID: 6172)
      • javaw.exe (PID: 9868)
      • java.exe (PID: 552)
      • dxdiag.exe (PID: 10204)

    • Creates a software uninstall entry

      • irsetup.exe (PID: 6172)

    • Application based on Java

      • javaw.exe (PID: 9868)

    • Creates files in the program directory

      • javaw.exe (PID: 9868)
      • irsetup.exe (PID: 6172)

    • There is functionality for taking screenshot (YARA)

      • TLauncher-Installer-1.9.5.5.exe (PID: 2096)
      • irsetup.exe (PID: 4604)

    • UPX packer has been detected

      • irsetup.exe (PID: 4604)

    • Reads CPU info

      • java.exe (PID: 552)

    • The process uses Lua

      • irsetup.exe (PID: 4604)

    • Changes the display of characters in the console

      • cmd.exe (PID: 7040)
      • cmd.exe (PID: 9996)
      • cmd.exe (PID: 9196)
      • cmd.exe (PID: 8024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
243
Monitored processes
82
Malicious processes
6
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe tlauncher-installer-1.9.5.5.exe no specs tlauncher-installer-1.9.5.5.exe irsetup.exe tlauncher-installer-1.9.5.5.exe no specs tlauncher-installer-1.9.5.5.exe tlauncher-installer-1.9.5.5.exe no specs irsetup.exe tlauncher-installer-1.9.5.5.exe irsetup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs browserinstaller.exe irsetup.exe no specs msedge.exe no specs tlauncher.exe no specs javaw.exe icacls.exe no specs conhost.exe no specs msedge.exe no specs browserinstaller.exe irsetup.exe no specs gamebarpresencewriter.exe no specs gamebar.exe no specs java.exe conhost.exe no specs svchost.exe msedge.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs #CVE-2025-35250 dxdiag.exe cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs tiworker.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
32"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1556,i,5841854050739466352,3304513310907862200,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=8108 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
552C:\Users\admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\java.exe -Dsun.java2d.uiScale.enabled=false -Xmx1536m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED --add-opens=javafx.web/javafx.scene.web=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.event=ALL-UNNAMED -cp C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\annotations-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\arns-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\auth-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\aws-core-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\aws-query-protocol-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\aws-xml-protocol-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\checksums-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\checksums-spi-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\crt-core-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.266.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\endpoints-spi-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\eventstream-1.0.1.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\http-auth-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\http-auth-aws-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\http-auth-aws-eventstream-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\http-auth-spi-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\http-client-spi-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.266.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\identity-spi-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\jackson-annotations-2.13.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-21.0.9-win.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-21.0.9.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-21.0.9-win.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-21.0.9.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-21.0.9-win.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-21.0.9.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-21.0.9-win.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-21.0.9.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-21.0.9-win.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-21.0.9.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-21.0.9-win.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-21.0.9.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\json-utils-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\metrics-spi-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.282.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\profiles-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\protocol-core-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\reactive-streams-1.0.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\regions-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\retries-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\retries-spi-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\s3-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\sdk-core-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-api-1.7.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\third-party-jackson-core-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\utils-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\utils-lite-2.40.4.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.9358.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.9358 -starterDomainAvailabilityV1=C:\Users\admin\AppData\Roaming\.tlauncher\starter\domainAvailability.json -country=${country} "-starterJVM=C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -starterWorkingDirectory=C:\Users\admin\Downloads -starterJarFile=C:\Users\admin\AppData\Roaming\.minecraft\TLauncher.exe -starterFileEncoding=windows-1252C:\Users\admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\java.exe
javaw.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
HIGH
Description:
Java(TM) Platform SE binary
Version:
21.0.9.0
Modules
Images
c:\users\admin\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\users\admin\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\jli.dll
c:\windows\system32\advapi32.dll
c:\users\admin\appdata\roaming\.tlauncher\starter\jre_default\jre-21.0.91-windows-x64\bin\vcruntime140.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
936chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1352"C:\Users\admin\Downloads\TLauncher-Installer-1.9.5.5.exe" C:\Users\admin\Downloads\TLauncher-Installer-1.9.5.5.exemsedge.exe
User:
admin
Company:
TL Inc.
Integrity Level:
MEDIUM
Description:
TL Setup
Exit code:
3221226540
Version:
1.9.5.5
Modules
Images
c:\users\admin\downloads\tlauncher-installer-1.9.5.5.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1692"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5240,i,5841854050739466352,3304513310907862200,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1708"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7360,i,5841854050739466352,3304513310907862200,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7236 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1868"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5588,i,5841854050739466352,3304513310907862200,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1868"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServerC:\Windows\System32\GameBarPresenceWriter.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Gamebar Presence Writer
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\gamebarpresencewriter.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
2096"C:\Users\admin\Downloads\TLauncher-Installer-1.9.5.5.exe" C:\Users\admin\Downloads\TLauncher-Installer-1.9.5.5.exe
msedge.exe
User:
admin
Company:
TL Inc.
Integrity Level:
HIGH
Description:
TL Setup
Exit code:
5
Version:
1.9.5.5
Modules
Images
c:\users\admin\downloads\tlauncher-installer-1.9.5.5.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2264"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6812,i,5841854050739466352,3304513310907862200,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
729
Read events
729
Write events
0
Delete events
0

Modification events

No data
Executable files
477
Suspicious files
5 835
Text files
3 187
Unknown types
5

Dropped files

PID
Process
Filename
Type
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1b41d8.TMP
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1b41e7.TMP
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1b41e7.TMP
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1b41e7.TMP
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1b41f7.TMP
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
5180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1b41f7.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
847
TCP/UDP connections
199
DNS requests
209
Threats
11

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8920
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
unknown
text
4.70 Kb
whitelisted
8920
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
text
295 b
whitelisted
8920
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
unknown
text
25 b
whitelisted
8920
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:4E03QE9d4zbVk96BxUtxi9rMZdmEK9L5EV62tyParOQ&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
8920
msedge.exe
GET
200
199.191.50.184:80
http://tlauncher.com/
unknown
unknown
8920
msedge.exe
GET
200
13.107.246.44:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
unknown
binary
82 b
whitelisted
8920
msedge.exe
GET
200
87.248.119.251:443
https://s.yimg.com/ds/scripts/selectTier-p1.1.0.js
unknown
text
12.5 Kb
unknown
8920
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeRuntime%2CEdgeRuntimeConfig%2CEdgeDomainActions&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
unknown
text
41.4 Kb
whitelisted
8920
msedge.exe
GET
200
199.191.50.144:443
https://find-searcher.com/sr/754870121/SAFEFRAME.html?ule=764&%21Q911=I&%21n0=&%29nnrp=I&0G=I68yq~XgI~y66Xqywg8&19.W1T=%29nnrp%3A%2F%2FnTNW%21m%2991embQ&4Mr1=I&4Mr1m%21pn=&9m1GM=&FM=&FP15=&GpGM=g&HMpr1=&Hj%21KmmK97r=&HrTr=&M9mQQQ=&MQ15=I&NM0=&NMbQNG%21=&NMnI=&NMn~=&Nmn=%28d3D5Bf7571wW%2Fww77%2F%21f4L.L5B74BfdLd7&NrlW=&PTpnr=g&Pp%29r=g&QprN=g&T~nHr9=MQbTN&W4M=w&Wpr9%215=g&_jGM=&bGM=NNNqy6jqSjwy~SwNIwSy~yqSj8qyqm~y~q9N&bTN5=b%219&htmlsrc=1&j9=g&jGM=D6wy~6&jM13M=&jN9=&kkdd=uW%7C3%7CA9nH%2A&m%29%21QD=y%28cwgDARZ&m%29%21Q~=bp0wKG%21nm&m1GM=8XDyIgXX~&mGM=Xls%2Aw~%288s&mM0=c~8XI&mm=3x&mnrGM=&npm9=uII~~&pGL9=IIqw78Xy&pjM13M=&pm=Bf&ppTM=%7B%22ppmm%22%3A%223x%22%2C%22ppmnH%22%3A%22%21NrT9p%22%2C%22ppGr%22%3A%22%22%2C%22pppm%22%3A%22Bf%22%7D&rGM=&tpid=&eobd=&eoac=RvYbkNvbY&ure=1
unknown
html
72.7 Kb
unknown
8920
msedge.exe
GET
200
13.107.213.44:443
https://msadsscale.microsoft.com/bingads/telemetryJS.js
unknown
text
71.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
8240
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8376
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.204.134:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
8920
msedge.exe
150.171.22.17:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8920
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8920
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8920
msedge.exe
13.107.246.44:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
www.bing.com
  • 2.16.204.134
  • 2.16.204.135
  • 2.16.204.157
  • 2.16.204.150
  • 2.16.204.156
  • 2.16.204.153
  • 2.16.204.151
  • 2.16.204.152
  • 2.16.204.160
  • 2.16.204.138
  • 2.16.204.142
  • 2.16.204.141
  • 2.16.204.146
  • 2.16.204.143
  • 2.16.204.148
  • 2.16.204.139
  • 2.16.204.145
  • 2.16.204.161
  • 2.16.204.155
  • 2.16.204.149
  • 2.16.204.158
  • 2.16.204.136
  • 2.16.204.147
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 13.107.246.44
  • 13.107.213.44
whitelisted
tlauncher.com
  • 199.191.50.184
unknown
api.edgeoffer.microsoft.com
  • 13.107.246.44
  • 13.107.213.44
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted
l.cdn-fileserver.com
  • 188.114.97.3
  • 188.114.96.3
whitelisted
find-searcher.com
  • 199.191.50.144
unknown
r13.i.lencr.org
  • 2.16.204.142
  • 2.16.204.138
whitelisted

Threats

PID
Process
Class
Message
8920
msedge.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] Possible Malicious CrossDomain (cdn-fileserver .com)
8920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
8920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
8920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
8920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
8920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
8920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
8920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Potentially Bad Traffic
PAYLOAD [ANY.RUN] XORed Windows executable has been loaded
9868
javaw.exe
Potentially Bad Traffic
ET INFO Vulnerable Java Version 1.8.x Detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
tlauncher.com