Analysis Overview
SHA256
05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Threat Level: Shows suspicious behavior
The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Modifies file permissions
Detected potential entity reuse from brand microsoft.
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-05 03:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 03:52
Reported
2024-05-05 03:54
Platform
win7-20240221-en
Max time kernel
117s
Max time network
117s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-05 03:52
Reported
2024-05-05 03:54
Platform
win10v2004-20240419-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
C:\Windows\SYSTEM32\reg.exe
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?scope=XboxLive.signin%20offline_access&response_type=code&redirect_uri=http://localhost:26669/relogin&prompt=select_account&client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff87a746f8,0x7fff87a74708,0x7fff87a74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4032853621574555722,16515001847002692685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4032853621574555722,16515001847002692685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4032853621574555722,16515001847002692685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4032853621574555722,16515001847002692685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4032853621574555722,16515001847002692685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4032853621574555722,16515001847002692685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4032853621574555722,16515001847002692685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4032853621574555722,16515001847002692685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | files.skmedix.pl | udp |
| US | 172.67.199.2:443 | files.skmedix.pl | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 2.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | launchermeta.mojang.com | udp |
| US | 13.107.246.64:443 | launchermeta.mojang.com | tcp |
| US | 8.8.8.8:53 | piston-meta.mojang.com | udp |
| US | 13.107.246.64:443 | piston-meta.mojang.com | tcp |
| US | 8.8.8.8:53 | resources.download.minecraft.net | udp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 8.8.8.8:53 | libraries.minecraft.net | udp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 8.8.8.8:53 | sessionserver.skmedix.pl | udp |
| US | 172.67.199.2:443 | sessionserver.skmedix.pl | tcp |
| US | 8.8.8.8:53 | textures.skmedix.pl | udp |
| US | 104.21.50.12:443 | textures.skmedix.pl | tcp |
| US | 8.8.8.8:53 | beta.skmedix.pl | udp |
| US | 172.67.199.2:443 | beta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | meta.skmedix.pl | udp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.50.21.104.in-addr.arpa | udp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | rsms.me | udp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.21.234.234:443 | rsms.me | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 234.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launchercontent.mojang.com | udp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 13.107.246.64:443 | launchercontent.mojang.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.14:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| N/A | 127.0.0.1:51687 | tcp | |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 104.208.16.92:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 172.67.199.2:443 | meta.skmedix.pl | tcp |
| US | 8.8.8.8:53 | api.mojang.com | udp |
| US | 13.107.246.64:443 | api.mojang.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.64:443 | sessionserver.mojang.com | tcp |
| US | 8.8.8.8:53 | piston-meta.mojang.com | udp |
| US | 13.107.246.64:443 | piston-meta.mojang.com | tcp |
| US | 8.8.8.8:53 | libraries.minecraft.net | udp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 13.107.246.64:443 | libraries.minecraft.net | tcp |
| US | 8.8.8.8:53 | piston-data.mojang.com | udp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 13.107.246.64:443 | piston-data.mojang.com | tcp |
| US | 8.8.8.8:53 | resources.download.minecraft.net | udp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | resources.download.minecraft.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
memory/4848-5-0x0000019E2E970000-0x0000019E2EBE0000-memory.dmp
memory/4848-15-0x0000019E2D180000-0x0000019E2D181000-memory.dmp
memory/4848-16-0x0000019E2E970000-0x0000019E2EBE0000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 8a73219674095344e303dfcb85a67028 |
| SHA1 | 1c85646fe70722c6d4854a5242469c9094283580 |
| SHA256 | 8d052213155fe006df1a2ed257f97268f47c3e6293490ec0bcb69ac666cfff67 |
| SHA512 | eb98d4e751a44b2fec98fb19e70b3dbbb6d098511514dfc0fbc66f426758ed1f16409f7502161c18b60880284f2340b153f65152e766c9a8b3d00273c6e46e52 |
memory/5028-20-0x0000026FF0DD0000-0x0000026FF1040000-memory.dmp
memory/5028-30-0x0000026FEF380000-0x0000026FEF381000-memory.dmp
memory/5028-31-0x0000026FF0DD0000-0x0000026FF1040000-memory.dmp
memory/5064-34-0x0000000003280000-0x00000000034F0000-memory.dmp
memory/5064-45-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-49-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4547675607200.dll
| MD5 | dcd68a87b7e6edbcfde48150403b22eb |
| SHA1 | 28e4839a29725075772fccc39b44e194eb91e477 |
| SHA256 | ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c |
| SHA512 | ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71 |
memory/5064-81-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-121-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-124-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-139-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar
| MD5 | 5b0bfa78154b1c57ab68574af285fc6f |
| SHA1 | bf9f6b357352f81a2e4427c4e5d839b89b32d3b7 |
| SHA256 | 0e79303169cd0305c364885824b1ee91b15e6ede8b7eae02e808ad4c4c35a36f |
| SHA512 | 95dc94b13f82d61e5a168251665412c04710069a1b1679e9674d4a4dd2f824eff994e9ecd92f257a8abe1144239a8a4a6aa492c6b2e71d6faeb4d1e4a3c76d26 |
memory/5064-175-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-177-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-176-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-216-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-215-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-232-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-236-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-239-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-243-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-246-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-256-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-253-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
memory/5064-249-0x0000000002FE0000-0x0000000002FE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\+JXF1938949666506655081.tmp
| MD5 | fdb50e0d48cdcf775fa1ac0dc3c33bd4 |
| SHA1 | 5c95e5d66572aeca303512ba41a8dde0cea92c80 |
| SHA256 | 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123 |
| SHA512 | 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53 |
C:\Users\Admin\AppData\Local\Temp\e4j3D76.tmp_dir1714881140\SKlauncher-3.2.jar
| MD5 | 4d653e61ba01a521c56b9a70a9c9814e |
| SHA1 | de855dc3dbc914b497b58da92e0c21fff660796d |
| SHA256 | f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350 |
| SHA512 | e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def |
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna2143885942810687208.dll
| MD5 | 719d6ba1946c25aa61ce82f90d77ffd5 |
| SHA1 | 94d2191378cac5719daecc826fc116816284c406 |
| SHA256 | 69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44 |
| SHA512 | 119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b |
C:\Users\Admin\AppData\Local\Temp\+JXF7271586709911268250.tmp
| MD5 | 8f2869a84ad71f156a17bb66611ebe22 |
| SHA1 | 0325b9b3992fa2fdc9c715730a33135696c68a39 |
| SHA256 | 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1 |
| SHA512 | 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834 |
C:\Users\Admin\AppData\Local\Temp\+JXF3254956830132798438.tmp
| MD5 | ff5fdc6f42c720a3ebd7b60f6d605888 |
| SHA1 | 460c18ddf24846e3d8792d440fd9a750503aef1b |
| SHA256 | 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1 |
| SHA512 | d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3 |
memory/5064-858-0x0000000003280000-0x00000000034F0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fbe1ce4d182aaffb80de94263be1dd35 |
| SHA1 | bc6c9827aa35a136a7d79be9e606ff359e2ac3ea |
| SHA256 | 0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51 |
| SHA512 | 3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f |
\??\pipe\LOCAL\crashpad_4644_NQLULBGOCBCGGDMF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2a70f1bd4da893a67660d6432970788d |
| SHA1 | ddf4047e0d468f56ea0c0d8ff078a86a0bb62873 |
| SHA256 | c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561 |
| SHA512 | 26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f87880c1a900ea19a46d5b0471139137 |
| SHA1 | e03d4519a1d839ef4d99850f6821b4869e59e705 |
| SHA256 | a1801440ab5d095cab340f16151605dd6a9e6e59c91c2650306907c0feeacba5 |
| SHA512 | 38677ca29d0d7d6b563d6c32bbc689cd0bcb405c869c3c624ef3b3129c2de4b121d473f66da9494fb154299e0d953acfbd27e8ccda95e7f4fcec0f2ac3ec4d34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 96463c27f09ce369e40b5302087d70b0 |
| SHA1 | f9c90c2e3e56860709bf167b2835633c121737f8 |
| SHA256 | c04e0a28ede6ec8a8d44c7becb58b3610f25d6b3e5f4f16c95a5d0a40ee53691 |
| SHA512 | 730edbcf83a56e1d402fc4bbaa5f7b1384b899242e0266bc86bee480ffe56770f0d4970069fce732d0cb1154654f0a8a337bed4f3d9ff001ec0cdfa0744f8c9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ac76dc9df2c181741ff55094cd0b3d3 |
| SHA1 | cbb5269653733b3f82692a7dd2137c69c13b46b1 |
| SHA256 | 24ebf6ef2b034715f4e4bb840b084e5c33f618777cab3fa4ebc5089976a86347 |
| SHA512 | 306a12a9469bc9f810de045e195728ce9814da2b2f612061e6e84ff1e0b1f2070ef6f691ef26cdd277b8c653bf2865d1f6a1afd87f9a3c9cfd6433b960de8efe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a01615a64cfc82054f46f58999a4c3ea |
| SHA1 | 3c8d003b4e7a54f66634a16f204e5f1c038037d4 |
| SHA256 | 2b88ca72140696f00d19311ef36c3dd04096d36fa715ab001d12c9af839771f2 |
| SHA512 | 92d1a30b6ac4f5752063408a86ddbdf01fa12d263c40eb4ebd5f32461808acaaddbe9c00e8f9c2e5ac4efdc6b42b5484be112c835f0813bebc3e1f6ccd7b22af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 73025cb0adc7e797436358dfa6bb9425 |
| SHA1 | 6409567e882bf9d3df734cea9276a6885e0509ba |
| SHA256 | 67071c62dafe83222a4757032c95b4ecbadf34b870dccda8610bebc2a26319f9 |
| SHA512 | 325f12028e9a8aa41d9dcf10747db7e709106ebc46c8dac489d7644c2360a87a327eb0e6276cfa77a3435021f86bfdd4cd58d6ba128ada94128904ea0e81ebd1 |
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak
| MD5 | 3839af1aacf4b76ddd1d53487a93d419 |
| SHA1 | c57de9991b0a6b834e5aea499fd322e0c5c452c7 |
| SHA256 | c7230d8cd6275c81c3390bdfae5e5e48d40426df0219cec54ccacbcca4a60a78 |
| SHA512 | 6f5fa4af7179e31c0f2c255d22fd9ccb61dbadd6ad9afc9086d40d113be82b325db47b267e42828d7aba260c48b17142bdef15077e2ccaba8a1d128de43730f9 |
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.nio.mapmode\LICENSE
| MD5 | 663f71c746cc2002aa53b066b06c88ab |
| SHA1 | 12976a6c2b227cbac58969c1455444596c894656 |
| SHA256 | d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80 |
| SHA512 | 507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab |
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.management.jfr\ADDITIONAL_LICENSE_INFO
| MD5 | 512f151af02b6bd258428b784b457531 |
| SHA1 | 84d2102ad171863db04e7ee22a259d1f6c5de4a5 |
| SHA256 | d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83 |
| SHA512 | 1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129 |
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.jdeps\ASSEMBLY_EXCEPTION
| MD5 | bd468da51b15a9f09778545b00265f34 |
| SHA1 | c80e4bab46e34d02826eab226a4441d0970f2aba |
| SHA256 | 7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b |
| SHA512 | 2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93 |