05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Resubmissions

31/05/2024, 21:27 UTC

240531-1avt4aeg77 7

31/05/2024, 21:23 UTC

240531-z8y4qsdh2s 7

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 21:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.exe
Size

1.6MB
MD5

b63468dd118dfbca5ef7967ba344e0e3
SHA1

2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512

007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
SSDEEP

49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4404	SKlauncher-3.2.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1240	icacls.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4404	SKlauncher-3.2.exe
4404	SKlauncher-3.2.exe
4404	SKlauncher-3.2.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 3516	4404	SKlauncher-3.2.exe	82
PID 4404 wrote to memory of 3516	4404	SKlauncher-3.2.exe	82
PID 3516 wrote to memory of 1240	3516	java.exe	85
PID 3516 wrote to memory of 1240	3516	java.exe	85
PID 4404 wrote to memory of 2924	4404	SKlauncher-3.2.exe	87
PID 4404 wrote to memory of 2924	4404	SKlauncher-3.2.exe	87
PID 4404 wrote to memory of 996	4404	SKlauncher-3.2.exe	95
PID 4404 wrote to memory of 996	4404	SKlauncher-3.2.exe	95

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4404
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3516
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:1240
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:2924
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
  2⤵
  PID:996

Network

DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

files.skmedix.pl

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

files.skmedix.pl

IN A

Response

files.skmedix.pl

IN A

104.21.50.12

files.skmedix.pl

IN A

172.67.199.2
DNS

files.skmedix.pl

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

files.skmedix.pl

IN A
DNS

files.skmedix.pl

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

files.skmedix.pl

IN A
DNS

12.50.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.50.21.104.in-addr.arpa

IN PTR

Response
DNS

piston-meta.mojang.com

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

piston-meta.mojang.com

IN A

Response

piston-meta.mojang.com

IN CNAME

launcher-meta-cdn.azureedge.net

launcher-meta-cdn.azureedge.net

IN CNAME

launcher-meta-cdn.afd.azureedge.net

launcher-meta-cdn.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

meta.skmedix.pl

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

meta.skmedix.pl

IN A

Response

meta.skmedix.pl

IN A

104.21.50.12

meta.skmedix.pl

IN A

172.67.199.2
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR
DNS

beta.skmedix.pl

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

beta.skmedix.pl

IN A

Response

beta.skmedix.pl

IN A

172.67.199.2

beta.skmedix.pl

IN A

104.21.50.12
DNS

2.199.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.199.67.172.in-addr.arpa

IN PTR

Response
DNS

rsms.me

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

rsms.me

IN A

Response

rsms.me

IN A

104.21.234.234

rsms.me

IN A

104.21.234.235
DNS

static.cloudflareinsights.com

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.79.73

static.cloudflareinsights.com

IN A

104.16.80.73
DNS

234.234.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.234.21.104.in-addr.arpa

IN PTR

Response
DNS

104.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.201.58.216.in-addr.arpa

IN PTR

Response

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1041e100net

104.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f8�J

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f8�J
DNS

73.79.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.79.16.104.in-addr.arpa

IN PTR

Response
DNS

launchercontent.mojang.com

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

launchercontent.mojang.com

IN A

Response

launchercontent.mojang.com

IN CNAME

launchercontent.azureedge.net

launchercontent.azureedge.net

IN CNAME

launchercontent.afd.azureedge.net

launchercontent.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

stats.g.doubleclick.net

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

74.125.71.154

stats.g.doubleclick.net

IN A

74.125.71.157

stats.g.doubleclick.net

IN A

74.125.71.156

stats.g.doubleclick.net

IN A

74.125.71.155
DNS

analytics.google.com

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

analytics.google.com

IN A

Response

analytics.google.com

IN CNAME

analytics-alv.google.com

analytics-alv.google.com

IN A

216.239.36.181

analytics-alv.google.com

IN A

216.239.38.181

analytics-alv.google.com

IN A

216.239.32.181

analytics-alv.google.com

IN A

216.239.34.181
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

154.71.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.71.125.74.in-addr.arpa

IN PTR

Response

154.71.125.74.in-addr.arpa

IN PTR

wn-in-f1541e100net
DNS

181.36.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.36.239.216.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

sessionserver.skmedix.pl

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

sessionserver.skmedix.pl

IN A

Response

sessionserver.skmedix.pl

IN A

104.21.50.12

sessionserver.skmedix.pl

IN A

172.67.199.2
DNS

textures.skmedix.pl

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

textures.skmedix.pl

IN A

Response

textures.skmedix.pl

IN A

172.67.199.2

textures.skmedix.pl

IN A

104.21.50.12
DNS

piston-meta.mojang.com

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

piston-meta.mojang.com

IN A

Response

piston-meta.mojang.com

IN CNAME

launcher-meta-cdn.azureedge.net

launcher-meta-cdn.azureedge.net

IN CNAME

launcher-meta-cdn.afd.azureedge.net

launcher-meta-cdn.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

libraries.minecraft.net

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

libraries.minecraft.net

IN A

Response

libraries.minecraft.net

IN CNAME

mojang-librariesminecraftnet.azureedge.net

mojang-librariesminecraftnet.azureedge.net

IN CNAME

mojang-librariesminecraftnet.afd.azureedge.net

mojang-librariesminecraftnet.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

105.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.83.221.88.in-addr.arpa

IN PTR

Response

105.83.221.88.in-addr.arpa

IN PTR

a88-221-83-105deploystaticakamaitechnologiescom
DNS

105.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.83.221.88.in-addr.arpa

IN PTR
DNS

105.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.83.221.88.in-addr.arpa

IN PTR
DNS

piston-data.mojang.com

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

piston-data.mojang.com

IN A

Response

piston-data.mojang.com

IN CNAME

launcher-cdn.azureedge.net

launcher-cdn.azureedge.net

IN CNAME

launcher-cdn.afd.azureedge.net

launcher-cdn.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

resources.download.minecraft.net

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

resources.download.minecraft.net

IN A

Response

resources.download.minecraft.net

IN CNAME

mojang-resourcesdownloadminecra.azureedge.net

mojang-resourcesdownloadminecra.azureedge.net

IN CNAME

mojang-resourcesdownloadminecra.afd.azureedge.net

mojang-resourcesdownloadminecra.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

resources.download.minecraft.net

SKlauncher-3.2.exe

Remote address:

8.8.8.8:53

Request

resources.download.minecraft.net

IN A

Response

resources.download.minecraft.net

IN CNAME

mojang-resourcesdownloadminecra.azureedge.net

mojang-resourcesdownloadminecra.azureedge.net

IN CNAME

mojang-resourcesdownloadminecra.afd.azureedge.net

mojang-resourcesdownloadminecra.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

28.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.73.42.20.in-addr.arpa

IN PTR

Response

104.21.50.12:443

files.skmedix.pl

tls

SKlauncher-3.2.exe

526.5kB
14.7MB
8232
10562
104.21.50.12:443

meta.skmedix.pl

tls

SKlauncher-3.2.exe

85.4kB
3.0MB
1513
2145
104.21.50.12:443

meta.skmedix.pl

tls

SKlauncher-3.2.exe

74.6kB
2.5MB
1366
1774
13.107.246.64:443

piston-meta.mojang.com

tls

SKlauncher-3.2.exe

7.5kB
242.0kB
136
182
172.67.199.2:443

beta.skmedix.pl

tls

SKlauncher-3.2.exe

1.6kB
7.9kB
14
13
172.67.199.2:443

beta.skmedix.pl

tls

SKlauncher-3.2.exe

6.0kB
79.8kB
53
74
172.67.199.2:443

beta.skmedix.pl

tls

SKlauncher-3.2.exe

1.7kB
10.9kB
15
15
104.21.234.234:443

rsms.me

tls

SKlauncher-3.2.exe

1.6kB
7.3kB
14
12
104.16.79.73:443

static.cloudflareinsights.com

tls

SKlauncher-3.2.exe

1.8kB
13.2kB
16
19
13.107.246.64:443

launchercontent.mojang.com

tls

SKlauncher-3.2.exe

5.7kB
159.9kB
71
124
74.125.71.154:443

stats.g.doubleclick.net

tls

SKlauncher-3.2.exe

1.7kB
5.4kB
13
10
216.239.36.181:443

analytics.google.com

tls

SKlauncher-3.2.exe

2.0kB
7.8kB
14
13
13.107.246.64:443

launchercontent.mojang.com

tls

SKlauncher-3.2.exe

3.7kB
129.2kB
58
101
13.107.246.64:443

launchercontent.mojang.com

tls

SKlauncher-3.2.exe

3.5kB
108.7kB
51
87
13.107.246.64:443

launchercontent.mojang.com

tls

SKlauncher-3.2.exe

2.2kB
38.6kB
25
36
104.21.50.12:443

sessionserver.skmedix.pl

tls

SKlauncher-3.2.exe

1.6kB
5.7kB
14
13
172.67.199.2:443

textures.skmedix.pl

tls

SKlauncher-3.2.exe

1.5kB
5.8kB
13
12
13.107.246.64:443

piston-meta.mojang.com

tls

SKlauncher-3.2.exe

16.4kB
685.4kB
295
502
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

22.9kB
1.1MB
457
808
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

39.4kB
1.8MB
757
1306
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

29.4kB
1.5MB
599
1092
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

25.0kB
1.2MB
466
841
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

47.6kB
2.3MB
924
1628
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

64.9kB
2.8MB
1233
2051
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

34.5kB
1.6MB
677
1140
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

46.1kB
2.3MB
935
1680
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

522.9kB
27.6MB
10834
19802
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

49.2kB
2.2MB
940
1568
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

58.4kB
3.1MB
1221
2258
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

36.2kB
1.6MB
670
1144
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

283.9kB
15.0MB
5897
10764
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

27.0kB
1.2MB
523
902
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

54.5kB
2.3MB
1016
1695
13.107.246.64:443

libraries.minecraft.net

tls

SKlauncher-3.2.exe

27.2kB
1.2MB
507
873
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

495.4kB
27.4MB
10509
19616
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

178.7kB
9.7MB
3705
6984
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

36.1kB
431.4kB
228
349
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

23.5kB
212.0kB
130
183
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

29.8kB
535.3kB
249
415
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

31.9kB
431.0kB
224
346
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

24.7kB
533.4kB
239
408
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

96.1kB
5.3MB
1980
3789
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

37.8kB
526.8kB
281
417
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

973.9kB
54.1MB
20667
38735
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

76.4kB
4.0MB
1522
2910
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

11.6kB
348.1kB
149
263
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

11.6kB
180.8kB
92
147
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

12.8kB
166.3kB
89
138
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

1.7kB
8.1kB
14
14
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

17.4kB
338.9kB
177
263
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

9.5kB
169.2kB
88
136
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

14.8kB
515.1kB
243
379
13.107.246.64:443

piston-data.mojang.com

tls

SKlauncher-3.2.exe

4.5kB
19.3kB
24
25
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

756.8kB
40.0MB
15411
28689
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

16.9kB
709.8kB
288
519
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

33.2kB
1.4MB
592
991
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

644.4kB
30.2MB
11762
21745
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

8.5kB
212.0kB
96
165
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

703.9kB
28.0MB
10980
20244
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

672.8kB
34.4MB
13306
24730
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

876.8kB
47.6MB
18175
34116
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

677.7kB
32.4MB
12578
23304
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

707.5kB
32.4MB
12651
23420
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

774.3kB
38.5MB
14907
27630
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

761.5kB
39.5MB
15155
28353
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

745.3kB
36.7MB
14182
26397
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

784.2kB
38.5MB
15017
27638
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

628.0kB
26.3MB
10350
19040
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

657.4kB
31.5MB
12206
22689
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

546.7kB
25.2MB
9651
18166
13.107.246.64:443

resources.download.minecraft.net

tls

SKlauncher-3.2.exe

531.0kB
24.9MB
9707
17891

8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

files.skmedix.pl

dns

SKlauncher-3.2.exe

186 B
94 B
3
1

DNS Request

files.skmedix.pl

DNS Request

files.skmedix.pl

DNS Request

files.skmedix.pl

DNS Response

104.21.50.12

172.67.199.2
8.8.8.8:53

12.50.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

12.50.21.104.in-addr.arpa
8.8.8.8:53

piston-meta.mojang.com

dns

SKlauncher-3.2.exe

68 B
281 B
1
1

DNS Request

piston-meta.mojang.com

DNS Response

13.107.246.64
8.8.8.8:53

meta.skmedix.pl

dns

SKlauncher-3.2.exe

61 B
93 B
1
1

DNS Request

meta.skmedix.pl

DNS Response

104.21.50.12

172.67.199.2
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

64.246.107.13.in-addr.arpa

DNS Request

64.246.107.13.in-addr.arpa
8.8.8.8:53

beta.skmedix.pl

dns

SKlauncher-3.2.exe

61 B
93 B
1
1

DNS Request

beta.skmedix.pl

DNS Response

172.67.199.2

104.21.50.12
8.8.8.8:53

2.199.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.199.67.172.in-addr.arpa
8.8.8.8:53

rsms.me

dns

SKlauncher-3.2.exe

53 B
85 B
1
1

DNS Request

rsms.me

DNS Response

104.21.234.234

104.21.234.235
8.8.8.8:53

static.cloudflareinsights.com

dns

SKlauncher-3.2.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.79.73

104.16.80.73
8.8.8.8:53

234.234.21.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

234.234.21.104.in-addr.arpa
8.8.8.8:53

104.201.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

104.201.58.216.in-addr.arpa
8.8.8.8:53

73.79.16.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.79.16.104.in-addr.arpa
8.8.8.8:53

launchercontent.mojang.com

dns

SKlauncher-3.2.exe

72 B
281 B
1
1

DNS Request

launchercontent.mojang.com

DNS Response

13.107.246.64
8.8.8.8:53

stats.g.doubleclick.net

dns

SKlauncher-3.2.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

74.125.71.154

74.125.71.157

74.125.71.156

74.125.71.155
8.8.8.8:53

analytics.google.com

dns

SKlauncher-3.2.exe

66 B
158 B
1
1

DNS Request

analytics.google.com

DNS Response

216.239.36.181

216.239.38.181

216.239.32.181

216.239.34.181
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

154.71.125.74.in-addr.arpa

dns

72 B
106 B
1
1

DNS Request

154.71.125.74.in-addr.arpa
8.8.8.8:53

181.36.239.216.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

181.36.239.216.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

sessionserver.skmedix.pl

dns

SKlauncher-3.2.exe

70 B
102 B
1
1

DNS Request

sessionserver.skmedix.pl

DNS Response

104.21.50.12

172.67.199.2
8.8.8.8:53

textures.skmedix.pl

dns

SKlauncher-3.2.exe

65 B
97 B
1
1

DNS Request

textures.skmedix.pl

DNS Response

172.67.199.2

104.21.50.12
8.8.8.8:53

piston-meta.mojang.com

dns

SKlauncher-3.2.exe

68 B
281 B
1
1

DNS Request

piston-meta.mojang.com

DNS Response

13.107.246.64
8.8.8.8:53

libraries.minecraft.net

dns

SKlauncher-3.2.exe

69 B
301 B
1
1

DNS Request

libraries.minecraft.net

DNS Response

13.107.246.64
8.8.8.8:53

105.83.221.88.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

105.83.221.88.in-addr.arpa

DNS Request

105.83.221.88.in-addr.arpa

DNS Request

105.83.221.88.in-addr.arpa
8.8.8.8:53

piston-data.mojang.com

dns

SKlauncher-3.2.exe

68 B
271 B
1
1

DNS Request

piston-data.mojang.com

DNS Response

13.107.246.64
8.8.8.8:53

resources.download.minecraft.net

dns

SKlauncher-3.2.exe

78 B
316 B
1
1

DNS Request

resources.download.minecraft.net

DNS Response

13.107.246.64
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

resources.download.minecraft.net

dns

SKlauncher-3.2.exe

78 B
316 B
1
1

DNS Request

resources.download.minecraft.net

DNS Response

13.107.246.64
8.8.8.8:53

28.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

28.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
34c54203dc26f97bf20ee31095eb3926

SHA1
395a98fc911738b46963a830235be0aca4be619d

SHA256
e679d3c73c024bb90d94f3d8881ecb00ddcc1afe962c2840d67ad6bf7f799e71

SHA512
4c15e875a29e92d4c22e47d400bf73a09de73f59e2ea9ba1b102baab286bac112f2bc2b20290d671ed3a595c9c88e2dde0536d91a8ab135f6f3db5b0cadcc27c

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF1337749269612244474.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF4513574062861803808.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF74008788615945911.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j4853.tmp_dir1717190858\SKlauncher-3.2.jar

Filesize
1.1MB

MD5
4d653e61ba01a521c56b9a70a9c9814e

SHA1
de855dc3dbc914b497b58da92e0c21fff660796d

SHA256
f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350

SHA512
e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4583219637600.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak

Filesize
559B

MD5
a35de960013f925b564bf3981923f75d

SHA1
ee48d21680d14250dc21d8179c8df50c72993c7d

SHA256
120abdd8b429fd0e43d344742a390c8cf540a16cea1ca7164da5fff03680644c

SHA512
db241da29f4f2c2bb5c184fecf5d3af962e8026c20c925b7a410acfaad5cd826039893f28b7f955d55b7eccc357a75957262b085bcc92bc2b452835c5de05f1d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\java.scripting\ASSEMBLY_EXCEPTION

Filesize
43B

MD5
bd468da51b15a9f09778545b00265f34

SHA1
c80e4bab46e34d02826eab226a4441d0970f2aba

SHA256
7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b

SHA512
2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.incubator.vector\ADDITIONAL_LICENSE_INFO

Filesize
48B

MD5
512f151af02b6bd258428b784b457531

SHA1
84d2102ad171863db04e7ee22a259d1f6c5de4a5

SHA256
d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83

SHA512
1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.internal.opt\LICENSE

Filesize
32B

MD5
663f71c746cc2002aa53b066b06c88ab

SHA1
12976a6c2b227cbac58969c1455444596c894656

SHA256
d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80

SHA512
507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
14.1MB

MD5
ac8b9c127c61312f910e7b03623dd371

SHA1
8c646ae823bb4446300cb6818cc0c31e607c688c

SHA256
f4cd3f5c38ef14a95e5a1ff84151fc4e84e3ca26d4b0cbdbc711d5c60adc5ea7

SHA512
bf9fec51dbbba852450f202cf355c0810c09a4a0912c810a69e7b516cfaba0066b61adc6fafd25a0eac102409089133168b3eb29700c7c6a5a1cd3fcedf77864

Download Submit
memory/2924-31-0x00000115B3F30000-0x00000115B41A0000-memory.dmp

Filesize
2.4MB

Download
memory/2924-30-0x00000115B2700000-0x00000115B2701000-memory.dmp

Filesize
4KB

Download
memory/2924-20-0x00000115B3F30000-0x00000115B41A0000-memory.dmp

Filesize
2.4MB

Download
memory/3516-5-0x000002C5A26A0000-0x000002C5A2910000-memory.dmp

Filesize
2.4MB

Download
memory/3516-16-0x000002C5A26A0000-0x000002C5A2910000-memory.dmp

Filesize
2.4MB

Download
memory/3516-15-0x000002C5A2680000-0x000002C5A2681000-memory.dmp

Filesize
4KB

Download
memory/4404-34-0x0000000003050000-0x00000000032C0000-memory.dmp

Filesize
2.4MB

Download
memory/4404-202-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-207-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-219-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-181-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-179-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-154-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-136-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-778-0x0000000003050000-0x00000000032C0000-memory.dmp

Filesize
2.4MB

Download
memory/4404-131-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-83-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-49-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-45-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.