File name:

0041d82cc2a5bb2f447f9c40989292675232cb8404bbfa751c9b961e2f6149c7.7z

Full analysis: https://app.any.run/tasks/37907bd9-8c9e-4ad8-804f-4afc5591c93b
Verdict: Malicious activity
Analysis date: August 21, 2023, 07:34:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

6149828A6BA79C623C8162C77D980761

SHA1:

F9090D3F7F3CCC87B4256299B22B6FB406180F11

SHA256:

95074111B40C889773F454CDDAB91D9C098751E603F4958A3F06DE9BDD1111FE

SSDEEP:

3072:m6308JieKeonjTsCkg+jaxXmcFbjJiu0gWbQ+LsRB7D0N:rZiNZjIk+jkpFbjsQUsR5oN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Renames files like ransomware

      • explorer.exe (PID: 1024)

  • SUSPICIOUS

    • Application launched itself

      • Skype.exe (PID: 1576)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 1576)

    • Reads the Internet Settings

      • Skype.exe (PID: 1576)

    • Reads settings of System Certificates

      • Skype.exe (PID: 1576)

    • Detected use of alternative data streams (AltDS)

      • Skype.exe (PID: 1576)

    • Executable content was dropped or overwritten

      • explorer.exe (PID: 1024)

  • INFO

    • Reads the Internet Settings

      • explorer.exe (PID: 1024)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3556)

    • Manual execution by a user

      • Skype.exe (PID: 1576)

    • Creates files or folders in the user directory

      • Skype.exe (PID: 1576)
      • Skype.exe (PID: 2448)
      • Skype.exe (PID: 2692)

    • Checks supported languages

      • Skype.exe (PID: 1576)
      • Skype.exe (PID: 1444)
      • Skype.exe (PID: 2448)
      • Skype.exe (PID: 3876)
      • Skype.exe (PID: 2692)
      • Skype.exe (PID: 4004)
      • Skype.exe (PID: 1196)

    • Reads product name

      • Skype.exe (PID: 1576)
      • Skype.exe (PID: 2692)

    • Reads the computer name

      • Skype.exe (PID: 1576)
      • Skype.exe (PID: 1444)
      • Skype.exe (PID: 2448)
      • Skype.exe (PID: 2692)
      • Skype.exe (PID: 4004)

    • Reads CPU info

      • Skype.exe (PID: 1576)

    • Reads Environment values

      • Skype.exe (PID: 1576)
      • Skype.exe (PID: 2692)

    • Process checks computer location settings

      • Skype.exe (PID: 1576)
      • Skype.exe (PID: 2692)
      • Skype.exe (PID: 1196)

    • Reads the machine GUID from the registry

      • Skype.exe (PID: 1576)

    • Create files in a temporary directory

      • Skype.exe (PID: 1576)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
56
Monitored processes
16
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe skype.exe skype.exe no specs skype.exe no specs skype.exe reg.exe no specs skype.exe no specs reg.exe no specs skype.exe no specs skype.exe no specs explorer.exe svchost.exe no specs searchprotocolhost.exe no specs winword.exe no specs winword.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
868C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1024C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1196"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features --disable-blink-features --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2692 --field-trial-handle=1316,i,13697065031543061305,3669766986131676268,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1C:\Program Files\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1444"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 --field-trial-handle=1316,i,13697065031543061305,3669766986131676268,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Program Files\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
LOW
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
1576"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --share-file="C:\Users\admin\Desktop\0041d82cc2a5bb2f447f9c40989292675232cb8404bbfa751c9b961e2f6149c7"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
explorer.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2448"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=1516 --field-trial-handle=1316,i,13697065031543061305,3669766986131676268,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
Skype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\usp10.dll
2612"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
2680C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" /fC:\Windows\System32\reg.exeSkype.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2692"C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1832 --field-trial-handle=1316,i,13697065031543061305,3669766986131676268,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1C:\Program Files\Microsoft\Skype for Desktop\Skype.exeSkype.exe
User:
admin
Company:
Skype Technologies S.A.
Integrity Level:
MEDIUM
Description:
Skype
Exit code:
0
Version:
8.100.0.203
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\skype for desktop\skype.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\uiautomationcore.dll
c:\program files\microsoft\skype for desktop\ffmpeg.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2832"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
7 972
Read events
7 875
Write events
96
Delete events
1

Modification events

(PID) Process:(1024) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F6D6788197A75D498472ACE88906AC8D0000000002000000000010660000000100002000000075B0D7E28E2E17B576E141128F731FE5320CCA30C35292A435B65D5E91F3150B000000000E80000000020000200000000C791686155A322F498D360901A0BC88A787D4ADF186758AE2D9BB16BE317ECD30000000E07A76BA5A881A8B5FF9F7A7FE5833EB2B96D7A240E8CDC394ED7C494DEC5BF8E13DB07B279185F24F9C8B497FA4E70A400000008D71222A7DB9FE2EAB90303DA35140A5A9A6780343B0FFB0C4B233499C2F0735FA041306AFACB24F5B397960A2D4CBA893F7FF12508B7C84A5AE9013C2C0A092
(PID) Process:(3556) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1024) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
Operation:delete keyName:(default)
Value:
(PID) Process:(1024) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\JvaENE\JvaENE.rkr
Value:
000000000700000005000000408A0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFFA0B93321CCFAD80100000000
(PID) Process:(1024) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Operation:writeName:HRZR_PGYFRFFVBA
Value:
0000000091010000D90200007C2F61013F0000004A0000008E0F0D004D006900630072006F0073006F00660074002E0049006E007400650072006E00650074004500780070006C006F007200650072002E00440065006600610075006C007400000028003E004000A4E75102B8E651020000000000000000000000000000080274E45102000008026CE25102000000000000D26CFFFFFFFF705911750000000000000000A4E251027C900D75000400000000000008E35102FFFFFFFF38EA7000FFFFFFFF080A7400D80E740030EA7000D4E25102F7AF3D7680D0707614F05102081D3E76E4613E766820700008E351020000000071000000BBF2CB00E8E25102A1693E766820700008E351020000000014E551023F613E766820700008E3510200000400000000800400000026E4510298E351025DA5147726E45102D26E147779A51477D6794D7526E4510210E65102000100006400610072E3510226E451026F0061006D0069006E0067005C006D006900630072006F0073006F0066007400CCE351023400000080E35102DE70310033003300350033003800310030003000F8E551025A000000A0E351021DA71477D6610E02D4E351025A00000010E651025C00000011000000104F7000084F7000F8E55102C4E3510220E40000D7F3CB00D0E351025E903E7620E45102D4E3510203943E760000000064561802FCE35102A9933E7664561802A8E45102D8511802BD933E7600000000D8511802A8E4510204E45102010000007F000000130B63004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E0043006F006E00740072006F006C00500061006E0065006C000000000001000000514F1D7621D9E2138202000088D9FE010000000000000000000000002CE33A02C0E33A0298E53A02136822762575C567FEFFFFFF514F1D7662001B74880005008202000001000000000000000000000088D9FE018CFF1A748800050001000000FFFFFFFFFFFFFFFFE0C31D7691C41D764E00000000000000000000000000000064E33A02A8C01A74B8E73A021368227625FEC567BCD9FE014EC41D76FE501D760000000088F41A7488000500C11000000000000000000000E454F70001000000FFFFFFFFC11000000C00000088F41A748800050030281D0020E43A02EA531D76D054F7002051F7000000000020E43A0224CE1D76088000007D2F1D7650441A740880000088000500FCFFFFFF0D000000780CFD011100000048512100405121000C00000030C4E71378E43A02C0E40000F3DFE21374E43A025E903376C0E43A0264570000DFDFE21388E43A02929B337668570B024C060000A0E43A02D8520B02ACE43A02110000004851210040512100A0E43A02F8520B0210E5000007DFE213C0E43A025E90337610E53A02C4E43A02039433760000000064570B02ECE43A02A993337664570B0298E53A02D8520B02BD93337600000000D8520B0298E53A02F4E43A02010000007F000000130B63004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E0043006F006E00740072006F006C00500061006E0065006C000000000001000000514F1D7621D9E2138202000088D9FE010000000000000000000000002CE33A02C0E33A0298E53A02136822762575C567FEFFFFFF514F1D7662001B74880005008202000001000000000000000000000088D9FE018CFF1A748800050001000000FFFFFFFFFFFFFFFFE0C31D7691C41D764E00000000000000000000000000000064E33A02A8C01A74B8E73A021368227625FEC567BCD9FE014EC41D76FE501D760000000088F41A7488000500C11000000000000000000000E454F70001000000FFFFFFFFC11000000C00000088F41A748800050030281D0020E43A02EA531D76D054F7002051F7000000000020E43A0224CE1D76088000007D2F1D7650441A740880000088000500FCFFFFFF0D000000780CFD011100000048512100405121000C00000030C4E71378E43A02C0E40000F3DFE21374E43A025E903376C0E43A0264570000DFDFE21388E43A02929B337668570B024C060000A0E43A02D8520B02ACE43A02110000004851210040512100A0E43A02F8520B0210E5000007DFE213C0E43A025E90337610E53A02C4E43A02039433760000000064570B02ECE43A02A993337664570B0298E53A02D8520B02BD93337600000000D8520B0298E53A02F4E43A02
(PID) Process:(3556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
Executable files
6
Suspicious files
53
Text files
27
Unknown types
0

Dropped files

PID
Process
Filename
Type
1024explorer.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\290532160612e071.automaticDestinations-msbinary
MD5:85E927175CB6C68F4FC39FA7A93587F1
SHA256:E7F9CEB406351C8455AC95860D28FE52B1553D4123633F76F79878D8AC8E5515
1576Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\settings.datbinary
MD5:5D187988D1591D3FD80F3EEA284F3A4D
SHA256:ADACD52C6DAEA932EE305C540588D43B2FEE1A1307D7E98B84778A10D104646B
1576Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\705S7376WOLDVYFXM8Y7.tempbinary
MD5:47F942424BF006D023A0B4505A3711AB
SHA256:97CF99F6C785082A0041A08526239159508878AE85837993B4EE4C9AABF5C235
1576Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.oldtext
MD5:92E68A77C6CD60B43667539EF23EAFAC
SHA256:D26D0991363850F33C58E379D7999B351EB12436041463C4C7BC74F8158BBD19
3556WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3556.27781\0041d82cc2a5bb2f447f9c40989292675232cb8404bbfa751c9b961e2f6149c7executable
MD5:4499A07C65463AFE5387D59917E4CBB1
SHA256:0041D82CC2A5BB2F447F9C40989292675232CB8404BBFA751C9B961E2F6149C7
2692Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\CS_skylib\CS_shared.tmptext
MD5:99914B932BD37A50B983C5E7C90AE93B
SHA256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
2448Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\Cache_Data\f_000001binary
MD5:4604E676A0A7D18770853919E24EC465
SHA256:A075B01D9B015C616511A9E87DA77DA3D9881621DB32F584E4606DDABF1C1100
1576Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b916037c1e115fe0.customDestinations-msbinary
MD5:47F942424BF006D023A0B4505A3711AB
SHA256:97CF99F6C785082A0041A08526239159508878AE85837993B4EE4C9AABF5C235
1576Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b916037c1e115fe0.customDestinations-ms~RF10089d.TMPbinary
MD5:E4A1661C2C886EBB688DEC494532431C
SHA256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
1576Skype.exeC:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old~RF1007c2.TMPtext
MD5:A1EA7A8E1AC378157686EF73E11F2D18
SHA256:0B3DCC0BE1A2878A67EA4C90A82538B45B2F6210983184FB3F476E36DD9DE3F7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
18
DNS requests
34
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3284
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
2448
Skype.exe
216.58.204.78:443
redirector.gvt1.com
GOOGLE
US
whitelisted
2448
Skype.exe
20.190.159.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2448
Skype.exe
192.229.221.185:443
logincdn.msauth.net
EDGECAST
US
whitelisted
2448
Skype.exe
20.42.65.85:443
browser.pipe.aria.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
13.89.179.9:443
browser.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
1576
Skype.exe
20.44.10.123:443
pipe.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
2448
Skype.exe
13.107.246.42:443
gateway.bingviz.microsoftapp.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
1576
Skype.exe
2.16.228.136:443
download.skype.com
Akamai International B.V.
NL
unknown

DNS requests

Domain
IP
Reputation
get.skype.com
  • 52.174.193.75
whitelisted
a.config.skype.com
  • 52.123.255.71
whitelisted
redirector.gvt1.com
  • 216.58.204.78
whitelisted
pipe.skype.com
  • 20.44.10.123
whitelisted
r5---sn-5hnekn7k.gvt1.com
  • 209.85.226.74
whitelisted
download.skype.com
  • 2.16.228.136
whitelisted
gateway.bingviz.microsoftapp.net
  • 13.107.246.42
suspicious
login.live.com
  • 20.190.159.71
whitelisted
acctcdn.msauth.net
  • 13.107.246.42
whitelisted
logincdn.msauth.net
  • 192.229.221.185
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
0041d82cc2a5bb2f447f9c40989292675232cb8404bbfa751c9b961e2f6149c7.7z