File name:

Geometry Dash.exe

Full analysis: https://app.any.run/tasks/9f2d31ea-7d58-468a-b780-8edebc77ebce
Verdict: Malicious activity
Analysis date: December 04, 2023, 21:21:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

0AC446A02B6AF73727C7B961E3E5108B

SHA1:

ECF22E3CB15187C3A107F09F1C48A50825EE0C6C

SHA256:

438F92E9B41DF0E41D56E8BDAEFC77A19AF195B294D220FFCF1BBA1F7801DC00

SSDEEP:

49152:W1dYUaVE1YrVJzern1UourQkZ959AaAyDFqL92w2U6VX0cUIVNXp+UZHfMQEQaQs:+SVhRRFA92w2vW8p+UZHf8p+UZHfnH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • Skype.exe (PID: 2412)
      • Skype.exe (PID: 1884)
      • Skype.exe (PID: 1860)
      • Skype.exe (PID: 4020)
      • Skype.exe (PID: 4000)
      • Skype.exe (PID: 2584)
      • Skype.exe (PID: 3472)
      • Skype.exe (PID: 1244)
      • Skype.exe (PID: 1416)
      • Skype.exe (PID: 4052)
      • Skype.exe (PID: 1356)
      • Skype.exe (PID: 2444)
      • Skype.exe (PID: 3636)
      • Skype.exe (PID: 3996)
      • Skype.exe (PID: 1784)
      • Skype.exe (PID: 3732)
      • Skype.exe (PID: 3700)
      • Skype.exe (PID: 2828)
      • Skype.exe (PID: 2056)
      • Skype.exe (PID: 2336)
      • Skype.exe (PID: 3856)
      • Skype.exe (PID: 2640)
      • Skype.exe (PID: 3156)
      • Skype.exe (PID: 3556)
      • Skype.exe (PID: 752)

    • Reads the Internet Settings

      • Skype.exe (PID: 2412)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 2412)

    • Reads settings of System Certificates

      • Skype.exe (PID: 2412)

    • Detected use of alternative data streams (AltDS)

      • Skype.exe (PID: 2412)

  • INFO

    • Reads product name

      • Skype.exe (PID: 2412)
      • Skype.exe (PID: 1884)
      • Skype.exe (PID: 1860)
      • Skype.exe (PID: 4000)
      • Skype.exe (PID: 4020)
      • Skype.exe (PID: 3472)
      • Skype.exe (PID: 4060)
      • Skype.exe (PID: 4052)
      • Skype.exe (PID: 2584)
      • Skype.exe (PID: 1244)
      • Skype.exe (PID: 1416)
      • Skype.exe (PID: 1356)
      • Skype.exe (PID: 3996)
      • Skype.exe (PID: 3636)
      • Skype.exe (PID: 2444)
      • Skype.exe (PID: 1784)
      • Skype.exe (PID: 3732)
      • Skype.exe (PID: 2056)
      • Skype.exe (PID: 3700)
      • Skype.exe (PID: 2828)
      • Skype.exe (PID: 3856)
      • Skype.exe (PID: 2336)
      • Skype.exe (PID: 3556)
      • Skype.exe (PID: 2640)
      • Skype.exe (PID: 3156)
      • Skype.exe (PID: 752)

    • Reads CPU info

      • Skype.exe (PID: 2412)

    • Manual execution by a user

      • Skype.exe (PID: 2412)
      • Skype.exe (PID: 1884)
      • Skype.exe (PID: 1860)
      • Skype.exe (PID: 4020)
      • Skype.exe (PID: 4000)
      • Skype.exe (PID: 2584)
      • Skype.exe (PID: 4052)
      • Skype.exe (PID: 3472)
      • Skype.exe (PID: 1244)
      • wmpnscfg.exe (PID: 988)
      • Skype.exe (PID: 1416)
      • Skype.exe (PID: 1356)
      • Skype.exe (PID: 2444)
      • Skype.exe (PID: 3636)
      • Skype.exe (PID: 3996)
      • Skype.exe (PID: 1784)
      • Skype.exe (PID: 3732)
      • Skype.exe (PID: 2056)
      • Skype.exe (PID: 2828)
      • Skype.exe (PID: 3856)
      • Skype.exe (PID: 2336)
      • Skype.exe (PID: 3700)
      • Skype.exe (PID: 3556)
      • Skype.exe (PID: 752)
      • Skype.exe (PID: 3156)
      • Skype.exe (PID: 2640)

    • Checks supported languages

      • Skype.exe (PID: 2412)
      • Skype.exe (PID: 1884)
      • Skype.exe (PID: 2628)
      • Skype.exe (PID: 1344)
      • Skype.exe (PID: 1152)
      • Skype.exe (PID: 1860)
      • Skype.exe (PID: 4060)
      • Skype.exe (PID: 3044)
      • Skype.exe (PID: 4000)
      • Skype.exe (PID: 3540)
      • Skype.exe (PID: 2584)
      • Skype.exe (PID: 3360)
      • Skype.exe (PID: 4020)
      • Skype.exe (PID: 3472)
      • Skype.exe (PID: 3484)
      • Skype.exe (PID: 4052)
      • wmpnscfg.exe (PID: 988)
      • Skype.exe (PID: 1244)
      • Skype.exe (PID: 1416)
      • Skype.exe (PID: 304)
      • Skype.exe (PID: 2140)
      • Skype.exe (PID: 1356)
      • Skype.exe (PID: 2444)
      • Skype.exe (PID: 3636)
      • Skype.exe (PID: 3996)
      • Skype.exe (PID: 3652)
      • Skype.exe (PID: 3736)
      • Skype.exe (PID: 1784)
      • Skype.exe (PID: 3732)
      • Skype.exe (PID: 2056)
      • Skype.exe (PID: 1508)
      • Skype.exe (PID: 2096)
      • Skype.exe (PID: 3888)
      • Skype.exe (PID: 3700)
      • Skype.exe (PID: 2828)
      • Skype.exe (PID: 3856)
      • Skype.exe (PID: 2336)
      • Skype.exe (PID: 240)
      • Skype.exe (PID: 3080)
      • Skype.exe (PID: 3556)
      • Skype.exe (PID: 3040)
      • Skype.exe (PID: 2640)
      • Skype.exe (PID: 752)
      • Skype.exe (PID: 3156)
      • Skype.exe (PID: 1508)

    • Reads the computer name

      • Skype.exe (PID: 2412)
      • Skype.exe (PID: 1344)
      • Skype.exe (PID: 1152)
      • Skype.exe (PID: 1884)
      • Skype.exe (PID: 3044)
      • Skype.exe (PID: 1860)
      • Skype.exe (PID: 4020)
      • Skype.exe (PID: 4000)
      • Skype.exe (PID: 3540)
      • Skype.exe (PID: 3360)
      • Skype.exe (PID: 3472)
      • Skype.exe (PID: 4060)
      • Skype.exe (PID: 2584)
      • Skype.exe (PID: 1244)
      • wmpnscfg.exe (PID: 988)
      • Skype.exe (PID: 1416)
      • Skype.exe (PID: 304)
      • Skype.exe (PID: 4052)
      • Skype.exe (PID: 1356)
      • Skype.exe (PID: 2444)
      • Skype.exe (PID: 3636)
      • Skype.exe (PID: 3996)
      • Skype.exe (PID: 1784)
      • Skype.exe (PID: 3732)
      • Skype.exe (PID: 1508)
      • Skype.exe (PID: 3700)
      • Skype.exe (PID: 2828)
      • Skype.exe (PID: 2056)
      • Skype.exe (PID: 3856)
      • Skype.exe (PID: 2336)
      • Skype.exe (PID: 2640)
      • Skype.exe (PID: 3556)
      • Skype.exe (PID: 3156)
      • Skype.exe (PID: 752)

    • Reads Environment values

      • Skype.exe (PID: 2412)
      • Skype.exe (PID: 1884)
      • Skype.exe (PID: 1860)
      • Skype.exe (PID: 4000)
      • Skype.exe (PID: 4020)
      • Skype.exe (PID: 2584)
      • Skype.exe (PID: 4060)
      • Skype.exe (PID: 3472)
      • Skype.exe (PID: 4052)
      • Skype.exe (PID: 1416)
      • Skype.exe (PID: 1244)
      • Skype.exe (PID: 1356)
      • Skype.exe (PID: 3636)
      • Skype.exe (PID: 2444)
      • Skype.exe (PID: 3996)
      • Skype.exe (PID: 3732)
      • Skype.exe (PID: 2056)
      • Skype.exe (PID: 1784)
      • Skype.exe (PID: 3700)
      • Skype.exe (PID: 2828)
      • Skype.exe (PID: 2336)
      • Skype.exe (PID: 3856)
      • Skype.exe (PID: 3156)
      • Skype.exe (PID: 2640)
      • Skype.exe (PID: 3556)
      • Skype.exe (PID: 752)

    • Creates files or folders in the user directory

      • Skype.exe (PID: 2412)
      • Skype.exe (PID: 1152)
      • Skype.exe (PID: 4060)

    • Reads the machine GUID from the registry

      • Skype.exe (PID: 2412)

    • Process checks computer location settings

      • Skype.exe (PID: 2412)
      • Skype.exe (PID: 4060)
      • Skype.exe (PID: 3888)

    • Create files in a temporary directory

      • Skype.exe (PID: 2412)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:11:21 00:21:48+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 2625024
InitializedDataSize: 4235776
UninitializedDataSize: -
EntryPoint: 0x26227b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
96
Monitored processes
59
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start geometry dash.exe no specs skype.exe skype.exe no specs skype.exe skype.exe no specs skype.exe reg.exe no specs skype.exe no specs skype.exe no specs reg.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs wmpnscfg.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs skype.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
240"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1008 --field-trial-handle=1060,i,4257483671979410538,3662026767867298435,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Program Files\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
LOW
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
304"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=992 --field-trial-handle=1120,i,4179993780868889,2185500657750028367,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Program Files\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
LOW
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
752"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" C:\Program Files\Microsoft\Skype for Desktop\Skype.exeexplorer.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
988"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1152"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=1516 --field-trial-handle=1312,i,8616911955494077737,3353387949934974918,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
Skype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1244"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" C:\Program Files\Microsoft\Skype for Desktop\Skype.exeexplorer.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1344"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 --field-trial-handle=1312,i,8616911955494077737,3353387949934974918,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Program Files\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
LOW
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1356"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" C:\Program Files\Microsoft\Skype for Desktop\Skype.exeexplorer.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1416"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" C:\Program Files\Microsoft\Skype for Desktop\Skype.exeexplorer.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1508"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=968 --field-trial-handle=1092,i,14852778838685582082,8590757462376120291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Program Files\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
LOW
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
10 622
Read events
10 610
Write events
12
Delete events
0

Modification events

(PID) Process:(2412) Skype.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
41
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
2412Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.oldtext
MD5:B4DCEF7068BF63E8D712B7528F1E9932
SHA256:87D49743322980F35B8BAFDA3A6CDE33CCF9F03C4610782DA596CFCEB7CD873B
2412Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HTQN0J3AHODVR1WCQJGH.tempbinary
MD5:47F942424BF006D023A0B4505A3711AB
SHA256:97CF99F6C785082A0041A08526239159508878AE85837993B4EE4C9AABF5C235
2412Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\settings.datbinary
MD5:5D187988D1591D3FD80F3EEA284F3A4D
SHA256:ADACD52C6DAEA932EE305C540588D43B2FEE1A1307D7E98B84778A10D104646B
4060Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\CS_skylib\CS_shared.tmpbinary
MD5:99914B932BD37A50B983C5E7C90AE93B
SHA256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
2412Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_1binary
MD5:1C5A4267A663675990A50EAA2678A4CD
SHA256:AD31759BA56047CAA6AA78B87C11FA8F5325A3A3F18B604040B45ACA26462081
1152Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\Cache_Data\f_000001binary
MD5:4604E676A0A7D18770853919E24EC465
SHA256:A075B01D9B015C616511A9E87DA77DA3D9881621DB32F584E4606DDABF1C1100
4060Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\CS_skylib\CS_shared.confbinary
MD5:99914B932BD37A50B983C5E7C90AE93B
SHA256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
2412Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\b73ca152-837c-4ffb-bf44-7836507a49bd\Code Cache\wasm\indexbinary
MD5:54CB446F628B2EA4A5BCE5769910512E
SHA256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
2412Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\b73ca152-837c-4ffb-bf44-7836507a49bd\Local Storage\leveldb\000001.dbtmptext
MD5:46295CAC801E5D4857D09837238A6394
SHA256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
2412Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\b73ca152-837c-4ffb-bf44-7836507a49bd\Code Cache\wasm\index-dir\the-real-indexbinary
MD5:3046724138A9C784C35658F4DEFE4E32
SHA256:89DB13B1B27C8AEA24807906EC08854D01EC88E21A3589B22789C98CEB3EEDD9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
16
DNS requests
18
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2412
Skype.exe
52.113.194.133:443
get.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2412
Skype.exe
13.107.43.16:443
a.config.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2412
Skype.exe
20.42.65.84:443
pipe.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1152
Skype.exe
142.250.184.206:443
redirector.gvt1.com
GOOGLE
US
whitelisted
2412
Skype.exe
23.35.236.139:443
download.skype.com
AKAMAI-AS
DE
unknown
1152
Skype.exe
95.168.222.205:443
r2---sn-n02xgoxufvg3-2gb6.gvt1.com
unknown

DNS requests

Domain
IP
Reputation
get.skype.com
  • 52.113.194.133
whitelisted
a.config.skype.com
  • 13.107.43.16
whitelisted
pipe.skype.com
  • 20.42.65.84
whitelisted
redirector.gvt1.com
  • 142.250.184.206
whitelisted
download.skype.com
  • 23.35.236.139
whitelisted
r2---sn-n02xgoxufvg3-2gb6.gvt1.com
  • 95.168.222.205
whitelisted
gateway.bingviz.microsoftapp.net
  • 13.107.246.45
  • 13.107.213.45
unknown
login.live.com
  • 40.126.31.73
  • 20.190.159.68
  • 40.126.31.71
  • 20.190.159.64
  • 20.190.159.23
  • 20.190.159.0
  • 20.190.159.71
  • 20.190.159.2
whitelisted
logincdn.msftauth.net
  • 192.229.221.185
whitelisted
acctcdn.msftauth.net
  • 152.199.21.175
whitelisted

Threats

No threats detected
Process
Message
Skype.exe
[1204/212204.766:ERROR:filesystem_win.cc(130)] GetFileAttributes C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\attachments\3a0ee62b-79ac-4cc3-bbd5-f65252e7a91f: The system cannot find the file specified. (0x2)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Geometry Dash.exe