File name: | Ce PC 17_05_2020 18_21_43.png |
Full analysis: | https://app.any.run/tasks/173a1279-31f9-4a3c-a21b-253a36760880 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 06:54:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | image/png |
File info: | PNG image data, 271 x 83, 8-bit/color RGBA, non-interlaced |
MD5: | B9C7E8A428273E0BB67A962ABAEC151F |
SHA1: | D973E3AD1C6A38216770B8ECEA688F5B2FA771BC |
SHA256: | C661E53761CF4CD83D895415767829E5703FDB3B8D5605D7042B149E3A786CF2 |
SSDEEP: | 96:wjejkbbQQSUSSdICfMLdPu1xW/pvqJ92aFeHdUn6l1WhXSkmowsZpFCtXsgW2+lB:A48rMLhuTAaCUUMXSknpctXsD2+lCb8H |
.png | | | Portable Network Graphics (100) |
---|
ImageWidth: | 271 |
---|---|
ImageHeight: | 83 |
BitDepth: | 8 |
ColorType: | RGB with Alpha |
Compression: | Deflate/Inflate |
Filter: | Adaptive |
Interlace: | Noninterlaced |
SRGBRendering: | Perceptual |
Gamma: | 2.2 |
PixelsPerUnitX: | 3780 |
PixelsPerUnitY: | 3780 |
PixelUnits: | meters |
MicrosoftGameDVRId: | 00904eea-1144-4741-a87b-8114131237c7 |
MicrosoftGameDVRTitle: | Ce PC |
MicrosoftGameDVRAuthor: | Microsoft Game DVR |
MicrosoftGameDVRBasic: | 0!!!!!!0!!0!!1337!! |
MicrosoftGameDVRBasicHash: | 3a3df139ec3e4eb10f35dc1e265e6b5bb0069d90cd9817ff2ce4e27e8bac8c1b |
MicrosoftGameDVRExtended: | {"localId":"00904eea-1144-4741-a87b-8114131237c7","processName":"explorer.exe","version":1,"startTime":"2020-05-17T16:21:43Z","endTime":"2020-05-17T16:21:43Z","mediaDurationInSeconds":0,"metadata":[]} |
MicrosoftGameDVRHash: | 96079d361600cc9c136009b2100e7a071fef105bc48ad86261ce7433ad71735d |
ImageSize: | 271x83 |
---|---|
Megapixels: | 0.022 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2784 | "C:\Windows\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\AppData\Local\Temp\Ce PC 17_05_2020 18_21_43.png | C:\Windows\System32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3628 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | explorer.exe | |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Version: 8.29.0.50 | ||||
3772 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | Skype.exe | |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Version: 8.29.0.50 | ||||
2824 | C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" /f | C:\Windows\system32\reg.exe | Skype.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2360 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --ms-disable-indexeddb-transaction-timeout --no-sandbox --service-pipe-token=93EA3DAEB6AE2C71F153A6BB8C27D312 --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar" --node-integration=false --webview-tag=true --no-sandbox --preload="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar\Preload.js" --context-id=2 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=93EA3DAEB6AE2C71F153A6BB8C27D312 --renderer-client-id=3 --mojo-platform-channel-handle=1584 /prefetch:1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | — | Skype.exe |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Exit code: 0 Version: 8.29.0.50 | ||||
2560 | C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate | C:\Windows\system32\reg.exe | — | Skype.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3068 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | Skype.exe | |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Exit code: 2 Version: 8.29.0.50 | ||||
3700 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --ms-disable-indexeddb-transaction-timeout --no-sandbox --service-pipe-token=49835F06410B3CA69EA7C5C198E8A83A --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar" --node-integration=false --webview-tag=true --no-sandbox --preload="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar\Preload.js" --context-id=1 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=49835F06410B3CA69EA7C5C198E8A83A --renderer-client-id=4 --mojo-platform-channel-handle=2676 /prefetch:1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | — | Skype.exe |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Version: 8.29.0.50 | ||||
4080 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | Skype.exe | |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Exit code: 2 Version: 8.29.0.50 | ||||
2536 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --ms-disable-indexeddb-transaction-timeout --no-sandbox --disable-databases --service-pipe-token=C77443922E6F01B0271E387C6D86A751 --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar" --node-integration=false --webview-tag=true --no-sandbox --preload="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar\WebViewPreload.js" --guest-instance-id=1 --enable-blink-features --disable-blink-features --context-id=2 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=C77443922E6F01B0271E387C6D86A751 --renderer-client-id=6 --mojo-platform-channel-handle=1616 /prefetch:1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | — | Skype.exe |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Exit code: 0 Version: 8.29.0.50 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3628 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BYWLHJM1Y9L7QE2KZB11.temp | — | |
MD5:— | SHA256:— | |||
3628 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe | — | |
MD5:— | SHA256:— | |||
3628 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b916037c1e115fe0.customDestinations-ms | binary | |
MD5:12DED934CA345F4EA133C5C4F428A8CE | SHA256:C71FF32B1A37BC22417B72CA4C61228BB8B43922FCF2B7F703310BB7B806BD5C | |||
3628 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json | text | |
MD5:674DE831B24CA53A92F89637A7C4FABA | SHA256:DA32FC1D8625780C4BE6079BFAFDF505E466DC919B4961B55AA2EACFC8B4FC1A | |||
3068 | Skype.exe | C:\Users\admin\AppData\Local\Temp\skype-preview Crashes\operation_log.txt | text | |
MD5:3F08ACF05CB92B03093592296CC1A265 | SHA256:27D5E499514CAC67C84A74BE5111F8EEA9E4D9752F07302CDB8BB1034BC95118 | |||
3628 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG | text | |
MD5:F04A525759788B2EDAB10956A7CF6F86 | SHA256:64988ADAD1248A7FBD351608778BADF84B54072E4750EF5B1846D61ABB685DC4 | |||
3628 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log | binary | |
MD5:A6CF8573154E2E026077B83A5221C505 | SHA256:85E4E90BFE6EBD8112797169B198EDCDB821D0A4A17A1223FFE285E8F737C3F2 | |||
3628 | Skype.exe | C:\Users\admin\AppData\Local\Temp\189952f0-8af2-42bc-a633-43c5ac983ad8.tmp.ico | image | |
MD5:75A3D7765F2F4F8712775B10E1D18003 | SHA256:28854F198091126B6E3A57FE312A3B77C1074CD0B111AED6F7604A2467F52166 | |||
2360 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-1743461740.blog | binary | |
MD5:F448825031468F8FB8BC397BC93B5D39 | SHA256:F5370166CAD8A4C4D52776564A2C91E7AC22BF76AB886041E80E4F803D2FF84B | |||
3628 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000020.ldb | binary | |
MD5:293E0F9B607CD2B0CDD018CF9D0CDA80 | SHA256:C5D2E32E6B4104D72815C2DD3FF491DC500A1BBD78FC2E2A44C211D340DE6D9B |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3628 | Skype.exe | 2.18.233.81:443 | download.skype.com | Akamai International B.V. | — | whitelisted |
3628 | Skype.exe | 216.58.207.42:443 | www.googleapis.com | Google Inc. | US | whitelisted |
3628 | Skype.exe | 52.174.193.75:443 | get.skype.com | Microsoft Corporation | NL | whitelisted |
3628 | Skype.exe | 13.107.42.23:443 | a.config.skype.com | Microsoft Corporation | US | suspicious |
3628 | Skype.exe | 52.233.180.130:443 | avatar.skype.com | Microsoft Corporation | NL | unknown |
3628 | Skype.exe | 40.90.22.184:443 | login.live.com | Microsoft Corporation | US | malicious |
3628 | Skype.exe | 152.199.19.160:443 | bot-framework.azureedge.net | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3628 | Skype.exe | 192.229.221.185:443 | logincdn.msauth.net | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3628 | Skype.exe | 40.122.160.14:443 | browser.pipe.aria.microsoft.com | Microsoft Corporation | US | unknown |
3628 | Skype.exe | 52.114.159.112:443 | pipe.skype.com | Microsoft Corporation | US | unknown |
Domain | IP | Reputation |
---|---|---|
get.skype.com |
| whitelisted |
a.config.skype.com |
| whitelisted |
download.skype.com |
| whitelisted |
www.googleapis.com |
| whitelisted |
avatar.skype.com |
| whitelisted |
bot-framework.azureedge.net |
| whitelisted |
config.edge.skype.com |
| whitelisted |
login.live.com |
| whitelisted |
logincdn.msauth.net |
| whitelisted |
browser.pipe.aria.microsoft.com |
| whitelisted |
Process | Message |
---|---|
Skype.exe | [3068:3072:0530/075453.903:VERBOSE1:crash_service_main.cc(78)] Session start. cmdline is [--reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1]
|
Skype.exe | [3068:3072:0530/075453.905:VERBOSE1:crash_service.cc(145)] window handle is 00020150
|
Skype.exe | [3068:3072:0530/075453.905:VERBOSE1:crash_service.cc(300)] pipe name is \\.\pipe\skype-preview Crash Service
dumps at C:\Users\admin\AppData\Local\Temp\skype-preview Crashes
|
Skype.exe | [3068:3072:0530/075453.905:VERBOSE1:crash_service.cc(304)] checkpoint is C:\Users\admin\AppData\Local\Temp\skype-preview Crashes\crash_checkpoint.txt
server is https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload
maximum 128 reports/day
reporter is electron-crash-service
|
Skype.exe | [3068:3072:0530/075453.905:ERROR:crash_service.cc(311)] could not start dumper
|
Skype.exe | [4080:4048:0530/075458.151:VERBOSE1:crash_service_main.cc(78)] Session start. cmdline is [--reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1]
|
Skype.exe | [4080:4048:0530/075458.152:VERBOSE1:crash_service.cc(145)] window handle is 00020140
|
Skype.exe | [4080:4048:0530/075458.153:VERBOSE1:crash_service.cc(300)] pipe name is \\.\pipe\skype-preview Crash Service
dumps at C:\Users\admin\AppData\Local\Temp\skype-preview Crashes
|
Skype.exe | [4080:4048:0530/075458.154:VERBOSE1:crash_service.cc(304)] checkpoint is C:\Users\admin\AppData\Local\Temp\skype-preview Crashes\crash_checkpoint.txt
server is https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload
maximum 128 reports/day
reporter is electron-crash-service
|
Skype.exe | [4080:4048:0530/075458.154:ERROR:crash_service.cc(311)] could not start dumper
|