URL:

tlauncher.org

Full analysis: https://app.any.run/tasks/04ed54a3-2a1c-41e6-85fe-944c1bb18cfc
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 07, 2026, 02:23:40
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
websocket
stealer
upx
lua
java
loader
Indicators:
MD5:

BBC528DE5026EBFE34500509055792B9

SHA1:

324E368D43A346BFF3E4F386C408F103C5D41619

SHA256:

E604DB46499A4CFC1BACC72E3A25C8A0E2C87ED2ED9A1BDE6B963A27FDD64916

SSDEEP:

3:ceLuS:ce6S

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 8364)
      • irsetup.exe (PID: 1948)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1868)
      • BrowserInstaller.exe (PID: 2688)
      • BrowserInstaller.exe (PID: 1684)
      • irsetup.exe (PID: 7932)
      • 360-installer-bro.exe (PID: 8552)
      • javaw.exe (PID: 4728)
      • TLauncher-Installer-1.9.5.5.exe (PID: 5204)
      • 360TS_Setup.exe (PID: 8472)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 8364)
      • BrowserInstaller.exe (PID: 8052)
      • irsetup.exe (PID: 6332)
      • 360-installer-bro.exe (PID: 5424)
      • 360TS_Setup.exe (PID: 3096)
      • 360TS_Setup.exe (PID: 2092)
      • java.exe (PID: 3236)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)
      • irsetup.exe (PID: 1948)

    • Checks for Java to be installed

      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1868)
      • TLauncher.exe (PID: 2780)
      • irsetup.exe (PID: 1836)
      • TLauncher.exe (PID: 8400)
      • irsetup.exe (PID: 1948)

    • Reads Internet Explorer settings

      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1836)
      • irsetup.exe (PID: 1948)

    • Reads Microsoft Outlook installation path

      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1836)
      • irsetup.exe (PID: 1948)

    • The process drops C-runtime libraries

      • javaw.exe (PID: 4728)
      • java.exe (PID: 3236)

    • Uses WMIC.EXE to obtain CPU information

      • cmd.exe (PID: 6808)
      • cmd.exe (PID: 272)

    • Starts CMD.EXE for commands execution

      • java.exe (PID: 3236)
      • java.exe (PID: 8020)

    • Starts application with an unusual extension

      • cmd.exe (PID: 2428)
      • cmd.exe (PID: 1400)
      • cmd.exe (PID: 6808)
      • cmd.exe (PID: 1188)
      • cmd.exe (PID: 2684)
      • cmd.exe (PID: 1352)
      • cmd.exe (PID: 7828)
      • cmd.exe (PID: 272)

    • Creates/Modifies COM task schedule object

      • dxdiag.exe (PID: 8296)
      • dxdiag.exe (PID: 5676)

    • Uses WMIC.EXE to obtain quick Fix Engineering (patches) data

      • cmd.exe (PID: 1188)
      • cmd.exe (PID: 7828)

    • Starts itself from another location

      • 360TS_Setup.exe (PID: 8472)
      • 360TS_Setup.exe (PID: 2092)

    • Creates file in the systems drive root

      • 360TS_Setup.exe (PID: 8364)
      • 360TS_Setup.exe (PID: 3096)

    • The process verifies whether the antivirus software is installed

      • 360TS_Setup.exe (PID: 8364)

    • Drops 7-zip archiver for unpacking

      • 360TS_Setup.exe (PID: 8364)

    • The process creates files with name similar to system file names

      • java.exe (PID: 3236)

    • Drops a system driver (possible attempt to evade defenses)

      • 360TS_Setup.exe (PID: 8364)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 7992)

    • Reads the computer name

      • identity_helper.exe (PID: 1524)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 2448)
      • BrowserInstaller.exe (PID: 2688)
      • irsetup.exe (PID: 9072)
      • javaw.exe (PID: 4728)
      • GameBar.exe (PID: 7576)
      • BrowserInstaller.exe (PID: 1684)
      • irsetup.exe (PID: 7932)
      • 360-installer-bro.exe (PID: 8552)
      • java.exe (PID: 3236)
      • TLauncher-Installer-1.9.5.5.exe (PID: 5204)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 8472)
      • 360TS_Setup.exe (PID: 8364)
      • BrowserInstaller.exe (PID: 8052)
      • 360-installer-bro.exe (PID: 5424)
      • irsetup.exe (PID: 6332)
      • 360TS_Setup.exe (PID: 2092)
      • 360TS_Setup.exe (PID: 3096)
      • javaw.exe (PID: 9200)
      • java.exe (PID: 8020)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)
      • irsetup.exe (PID: 1948)

    • Checks supported languages

      • identity_helper.exe (PID: 1524)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • irsetup.exe (PID: 1868)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • irsetup.exe (PID: 2448)
      • BrowserInstaller.exe (PID: 2688)
      • TLauncher.exe (PID: 2780)
      • javaw.exe (PID: 4728)
      • irsetup.exe (PID: 9072)
      • GameBar.exe (PID: 7576)
      • BrowserInstaller.exe (PID: 1684)
      • irsetup.exe (PID: 7932)
      • 360-installer-bro.exe (PID: 8552)
      • java.exe (PID: 3236)
      • chcp.com (PID: 5204)
      • chcp.com (PID: 3920)
      • chcp.com (PID: 2680)
      • chcp.com (PID: 8088)
      • TLauncher-Installer-1.9.5.5.exe (PID: 5204)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 8472)
      • 360TS_Setup.exe (PID: 8364)
      • BrowserInstaller.exe (PID: 8052)
      • irsetup.exe (PID: 6332)
      • 360-installer-bro.exe (PID: 5424)
      • 360TS_Setup.exe (PID: 2092)
      • TLauncher.exe (PID: 8400)
      • javaw.exe (PID: 9200)
      • 360TS_Setup.exe (PID: 3096)
      • chcp.com (PID: 2620)
      • chcp.com (PID: 8872)
      • chcp.com (PID: 1868)
      • chcp.com (PID: 8140)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)
      • irsetup.exe (PID: 1948)
      • java.exe (PID: 8020)

    • The sample compiled with english language support

      • msedge.exe (PID: 6640)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1868)
      • BrowserInstaller.exe (PID: 2688)
      • BrowserInstaller.exe (PID: 1684)
      • irsetup.exe (PID: 7932)
      • 360-installer-bro.exe (PID: 8552)
      • javaw.exe (PID: 4728)
      • TLauncher-Installer-1.9.5.5.exe (PID: 5204)
      • irsetup.exe (PID: 1836)
      • BrowserInstaller.exe (PID: 8052)
      • 360TS_Setup.exe (PID: 8364)
      • irsetup.exe (PID: 6332)
      • 360-installer-bro.exe (PID: 5424)
      • java.exe (PID: 3236)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)
      • irsetup.exe (PID: 1948)

    • The sample compiled with portuguese language support

      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • BrowserInstaller.exe (PID: 2688)
      • irsetup.exe (PID: 2448)
      • BrowserInstaller.exe (PID: 1684)
      • TLauncher-Installer-1.9.5.5.exe (PID: 5204)
      • BrowserInstaller.exe (PID: 8052)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)

    • Reads Environment values

      • identity_helper.exe (PID: 1524)

    • Create files in a temporary directory

      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 2448)
      • BrowserInstaller.exe (PID: 2688)
      • javaw.exe (PID: 4728)
      • irsetup.exe (PID: 9072)
      • BrowserInstaller.exe (PID: 1684)
      • irsetup.exe (PID: 7932)
      • 360-installer-bro.exe (PID: 8552)
      • java.exe (PID: 3236)
      • TLauncher-Installer-1.9.5.5.exe (PID: 5204)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 8472)
      • 360TS_Setup.exe (PID: 8364)
      • BrowserInstaller.exe (PID: 8052)
      • irsetup.exe (PID: 6332)
      • 360-installer-bro.exe (PID: 5424)
      • 360TS_Setup.exe (PID: 2092)
      • 360TS_Setup.exe (PID: 3096)
      • javaw.exe (PID: 9200)
      • java.exe (PID: 8020)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)
      • irsetup.exe (PID: 1948)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7992)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6640)
      • msedge.exe (PID: 7992)

    • Process checks computer location settings

      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • irsetup.exe (PID: 2448)
      • BrowserInstaller.exe (PID: 2688)
      • BrowserInstaller.exe (PID: 1684)
      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 7932)
      • java.exe (PID: 3236)
      • TLauncher-Installer-1.9.5.5.exe (PID: 5204)
      • 360-installer-bro.exe (PID: 8552)
      • 360TS_Setup.exe (PID: 8364)
      • irsetup.exe (PID: 1836)
      • BrowserInstaller.exe (PID: 8052)
      • irsetup.exe (PID: 6332)
      • 360-installer-bro.exe (PID: 5424)
      • 360TS_Setup.exe (PID: 3096)
      • java.exe (PID: 8020)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)

    • Reads security settings of Internet Explorer

      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • irsetup.exe (PID: 1868)
      • BrowserInstaller.exe (PID: 2688)
      • irsetup.exe (PID: 2448)
      • javaw.exe (PID: 4728)
      • GameBar.exe (PID: 7576)
      • BrowserInstaller.exe (PID: 1684)
      • irsetup.exe (PID: 7932)
      • 360-installer-bro.exe (PID: 8552)
      • java.exe (PID: 3236)
      • WMIC.exe (PID: 6068)
      • dxdiag.exe (PID: 8296)
      • WMIC.exe (PID: 8364)
      • TLauncher-Installer-1.9.5.5.exe (PID: 5204)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 8364)
      • BrowserInstaller.exe (PID: 8052)
      • 360-installer-bro.exe (PID: 5424)
      • irsetup.exe (PID: 6332)
      • javaw.exe (PID: 9200)
      • java.exe (PID: 8020)
      • WMIC.exe (PID: 4352)
      • dxdiag.exe (PID: 5676)
      • WMIC.exe (PID: 6608)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)
      • irsetup.exe (PID: 1948)

    • Checks proxy server information

      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 7932)
      • 360-installer-bro.exe (PID: 8552)
      • slui.exe (PID: 5484)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 8364)
      • 360-installer-bro.exe (PID: 5424)
      • irsetup.exe (PID: 6332)
      • irsetup.exe (PID: 1948)

    • Reads the machine GUID from the registry

      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 2448)
      • javaw.exe (PID: 4728)
      • irsetup.exe (PID: 7932)
      • java.exe (PID: 3236)
      • 360-installer-bro.exe (PID: 8552)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 8364)
      • irsetup.exe (PID: 6332)
      • 360-installer-bro.exe (PID: 5424)
      • javaw.exe (PID: 9200)
      • java.exe (PID: 8020)
      • irsetup.exe (PID: 1948)

    • UPX packer has been detected

      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 7932)

    • There is functionality for taking screenshot (YARA)

      • TLauncher-Installer-1.9.5.5.exe (PID: 8156)
      • TLauncher-Installer-1.9.5.5.exe (PID: 8956)
      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1868)
      • javaw.exe (PID: 4728)
      • BrowserInstaller.exe (PID: 1684)

    • The process uses Lua

      • irsetup.exe (PID: 1868)
      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 7932)

    • Creates files or folders in the user directory

      • irsetup.exe (PID: 2448)
      • javaw.exe (PID: 4728)
      • irsetup.exe (PID: 7932)
      • java.exe (PID: 3236)
      • 360-installer-bro.exe (PID: 8552)
      • irsetup.exe (PID: 1868)
      • dxdiag.exe (PID: 8296)
      • 360TS_Setup.exe (PID: 8364)
      • irsetup.exe (PID: 1836)
      • 360-installer-bro.exe (PID: 5424)
      • java.exe (PID: 8020)

    • Creates files in the program directory

      • irsetup.exe (PID: 2448)
      • javaw.exe (PID: 4728)
      • irsetup.exe (PID: 1868)
      • 360TS_Setup.exe (PID: 8472)
      • 360TS_Setup.exe (PID: 8364)
      • irsetup.exe (PID: 1836)
      • 360TS_Setup.exe (PID: 2092)

    • Creates a software uninstall entry

      • irsetup.exe (PID: 2448)
      • irsetup.exe (PID: 1836)

    • Application based on Java

      • javaw.exe (PID: 4728)
      • javaw.exe (PID: 9200)

    • Disables trace logs

      • 360-installer-bro.exe (PID: 8552)
      • 360-installer-bro.exe (PID: 5424)

    • Reads CPU info

      • java.exe (PID: 3236)
      • java.exe (PID: 8020)

    • Changes the display of characters in the console

      • cmd.exe (PID: 2428)
      • cmd.exe (PID: 1400)
      • cmd.exe (PID: 1188)
      • cmd.exe (PID: 6808)
      • cmd.exe (PID: 2684)
      • cmd.exe (PID: 1352)
      • cmd.exe (PID: 7828)
      • cmd.exe (PID: 272)

    • The sample compiled with chinese language support

      • 360TS_Setup.exe (PID: 8472)
      • 360TS_Setup.exe (PID: 8364)
      • 360TS_Setup.exe (PID: 2092)
      • 360TS_Setup.exe (PID: 3096)

    • The sample compiled with turkish language support

      • 360TS_Setup.exe (PID: 8364)

    • Manual execution by a user

      • TLauncher-Installer-1.9.5.5.exe (PID: 7904)
      • TLauncher-Installer-1.9.5.5.exe (PID: 4364)

    • The sample compiled with russian language support

      • 360TS_Setup.exe (PID: 8364)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
266
Monitored processes
108
Malicious processes
5
Suspicious processes
14

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs tlauncher-installer-1.9.5.5.exe no specs tlauncher-installer-1.9.5.5.exe irsetup.exe tlauncher-installer-1.9.5.5.exe no specs tlauncher-installer-1.9.5.5.exe irsetup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs browserinstaller.exe irsetup.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs tlauncher.exe no specs javaw.exe icacls.exe no specs conhost.exe no specs gamebarpresencewriter.exe no specs gamebar.exe no specs browserinstaller.exe irsetup.exe msedge.exe no specs 360-installer-bro.exe java.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs dxdiag.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs tiworker.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs tlauncher-installer-1.9.5.5.exe no specs tlauncher-installer-1.9.5.5.exe irsetup.exe 360ts_setup.exe 360ts_setup.exe browserinstaller.exe irsetup.exe 360-installer-bro.exe 360ts_setup.exe 360ts_setup.exe msedge.exe no specs tlauncher.exe no specs javaw.exe gamebarpresencewriter.exe no specs java.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs dxdiag.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs msedge.exe no specs msedge.exe no specs tlauncher-installer-1.9.5.5.exe no specs tlauncher-installer-1.9.5.5.exe irsetup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
272cmd.exe /C chcp 437 & wmic CPU get NAMEC:\Windows\System32\cmd.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=5252,i,9577392043552300276,15726228661940022870,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1000"C:\Users\admin\Downloads\TLauncher-Installer-1.9.5.5.exe" C:\Users\admin\Downloads\TLauncher-Installer-1.9.5.5.exemsedge.exe
User:
admin
Company:
TL Inc.
Integrity Level:
MEDIUM
Description:
TL Setup
Exit code:
3221226540
Version:
1.9.5.5
Modules
Images
c:\users\admin\downloads\tlauncher-installer-1.9.5.5.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1068"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6128,i,9577392043552300276,15726228661940022870,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2012 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1188cmd.exe /C chcp 437 & wmic qfe get HotFixIDC:\Windows\System32\cmd.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1316"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7908,i,9577392043552300276,15726228661940022870,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1352cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txtC:\Windows\System32\cmd.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1400cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txtC:\Windows\System32\cmd.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1524"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6216,i,9577392043552300276,15726228661940022870,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1656"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7468,i,9577392043552300276,15726228661940022870,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7456 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
54 233
Read events
53 908
Write events
255
Delete events
70

Modification events

(PID) Process:(1868) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1868) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1868) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2448) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2448) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2448) irsetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2448) irsetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TLauncher
Operation:writeName:NoRepair
Value:
1
(PID) Process:(2448) irsetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TLauncher
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Roaming\.tlauncher\tl-uninstall.exe" "/U:C:\Users\admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml"
(PID) Process:(2448) irsetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TLauncher
Operation:writeName:Publisher
Value:
TLauncher Inc.
(PID) Process:(2448) irsetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TLauncher
Operation:writeName:URLInfoAbout
Value:
https://tlauncher.org/
Executable files
1 168
Suspicious files
6 137
Text files
4 030
Unknown types
1

Dropped files

PID
Process
Filename
Type
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e5b9b.TMP
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e5baa.TMP
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e5baa.TMP
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e5baa.TMP
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e5baa.TMP
MD5:
SHA256:
7992msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e5bd9.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
287
TCP/UDP connections
258
DNS requests
165
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6640
msedge.exe
GET
200
104.20.7.182:443
https://tlauncher.org/
US
html
49.5 Kb
unknown
6640
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
4.55 Kb
whitelisted
6640
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
446 b
whitelisted
6640
msedge.exe
GET
200
104.18.22.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
6640
msedge.exe
GET
200
104.20.7.182:443
https://tlauncher.org/assets/css/index.css?v=3.2.9
US
text
4.94 Kb
unknown
6640
msedge.exe
GET
200
104.20.7.182:443
https://tlauncher.org/assets/css/dpopup.css?v=3.2.9
US
text
6.89 Kb
unknown
6640
msedge.exe
GET
504
13.107.246.44:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
html
1.28 Kb
whitelisted
6640
msedge.exe
GET
200
104.20.7.182:443
https://tlauncher.org/assets/css/style.css?v=3.2.9
US
text
30.5 Kb
unknown
6640
msedge.exe
GET
200
104.20.7.182:443
https://tlauncher.org/assets/css/premium.css?v=3.2.9
US
text
5.79 Kb
unknown
6640
msedge.exe
GET
200
104.20.7.182:443
https://tlauncher.org/assets/css/registration.css?v=3.2.9
US
text
3.97 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
7544
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4876
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6640
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6640
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6640
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6640
msedge.exe
13.107.246.44:443
api.edgeoffer.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6640
msedge.exe
104.18.22.222:443
copilot.microsoft.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.201.78
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
tlauncher.org
  • 172.66.129.18
  • 104.20.7.182
whitelisted
api.edgeoffer.microsoft.com
  • 13.107.246.44
  • 13.107.213.44
whitelisted
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
www.bing.com
  • 2.16.204.141
  • 2.16.204.161
  • 2.16.241.218
  • 2.16.241.201
  • 184.86.251.22
  • 184.86.251.27
  • 23.3.89.91
  • 23.3.89.98
  • 23.11.206.97
  • 23.11.206.106
  • 23.11.206.112
  • 95.100.158.122
  • 23.3.89.113
  • 23.11.206.99
  • 23.3.89.97
whitelisted
challenges.cloudflare.com
  • 104.18.94.41
  • 104.18.95.41
whitelisted
s.tlauncher.org
  • 104.20.7.182
  • 172.66.129.18
whitelisted

Threats

PID
Process
Class
Message
6640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
6640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
6640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
6640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6640
msedge.exe
Generic Protocol Command Decode
SURICATA HTTP request field missing colon
6640
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Websocket Upgrade Request
6640
msedge.exe
Generic Protocol Command Decode
SURICATA HTTP request header invalid
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
tlauncher.org