File name: | http://r4---sn-5hne6nsr.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.4 |
Full analysis: | https://app.any.run/tasks/52088256-7742-4b50-8bfd-96e2927f19ad |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 12:44:28 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-chrome-extension |
File info: | Google Chrome extension, version 3 |
MD5: | 3C25A73F41438AFB76DFFF77DCE9EFB6 |
SHA1: | 96A36E43894EE9E746CF276F71E35C28D84DE5BE |
SHA256: | DE46D7FC153AEA4583FAA8A270741C473262D30F4C5575C670BC5D51DEF363DC |
SSDEEP: | 24576:Rkb8GiHduqm70Ya00rvB2zWbSKRH1JcPF:A8Gi6wv0YvBNtIt |
.crx | | | Google Chrome Extension (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3876 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\7519.4 | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3856 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | explorer.exe | |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Version: 8.29.0.50 | ||||
3564 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | Skype.exe | |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Version: 8.29.0.50 | ||||
3056 | C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" /f | C:\Windows\system32\reg.exe | Skype.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2576 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --ms-disable-indexeddb-transaction-timeout --no-sandbox --service-pipe-token=22D4C0DD8C1FDCA5BE9316AEA6A6D256 --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar" --node-integration=false --webview-tag=true --no-sandbox --preload="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar\Preload.js" --context-id=2 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=22D4C0DD8C1FDCA5BE9316AEA6A6D256 --renderer-client-id=3 --mojo-platform-channel-handle=1544 /prefetch:1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | — | Skype.exe |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Exit code: 0 Version: 8.29.0.50 | ||||
2532 | C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate | C:\Windows\system32\reg.exe | — | Skype.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3284 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | Skype.exe | |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Exit code: 2 Version: 8.29.0.50 | ||||
2020 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --ms-disable-indexeddb-transaction-timeout --no-sandbox --service-pipe-token=D3A8AB22038FD6DF6FD2D98E705BCA6B --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar" --node-integration=false --webview-tag=true --no-sandbox --preload="C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar\Preload.js" --context-id=1 --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=D3A8AB22038FD6DF6FD2D98E705BCA6B --renderer-client-id=4 --mojo-platform-channel-handle=2560 /prefetch:1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | — | Skype.exe |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Version: 8.29.0.50 | ||||
1036 | "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1 | C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | Skype.exe | |
User: admin Company: Skype Technologies S.A. Integrity Level: MEDIUM Description: Skype Exit code: 2 Version: 8.29.0.50 |
(PID) Process: | (3056) reg.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | Skype for Desktop |
Value: C:\Program Files\Microsoft\Skype for Desktop\Skype.exe | |||
(PID) Process: | (3856) Skype.exe | Key: | HKEY_CLASSES_ROOT\skype |
Operation: | write | Name: | URL Protocol |
Value: | |||
(PID) Process: | (3856) Skype.exe | Key: | HKEY_CLASSES_ROOT\skype |
Operation: | write | Name: | |
Value: URL:skype | |||
(PID) Process: | (3856) Skype.exe | Key: | HKEY_CLASSES_ROOT\skype\shell\open\command |
Operation: | write | Name: | |
Value: "C:\Program Files\Microsoft\Skype for Desktop\Skype.exe" -- "%1" | |||
(PID) Process: | (3856) Skype.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US |
PID | Process | Filename | Type | |
---|---|---|---|---|
3856 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P0RDAX3EPZ4JXMD3X3HE.temp | — | |
MD5:— | SHA256:— | |||
3856 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b916037c1e115fe0.customDestinations-ms | binary | |
MD5:59FD9178DD338752902ED5C456AD9EA3 | SHA256:6D231F4D38691A85FD387A1C3ED23AF91CFACD1CC226AB772C15C7AB9984246A | |||
3856 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log | binary | |
MD5:D0FD893EB1A10E93A364B25661BF5975 | SHA256:32F7EF85E263BFDBE7B6E4D404D1B40644FC18F225AA7F4E7C19A32587EDDF6F | |||
3856 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG | text | |
MD5:402D2647AEBDAE16957BA511DB80235B | SHA256:18FD80F9784F10ECBF77D858FB528E6AB9320EE82550A52884107EB11FEF2EF7 | |||
3856 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000020.ldb | binary | |
MD5:293E0F9B607CD2B0CDD018CF9D0CDA80 | SHA256:C5D2E32E6B4104D72815C2DD3FF491DC500A1BBD78FC2E2A44C211D340DE6D9B | |||
3856 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old | text | |
MD5:7F39B22308B34B4138A09991EC4D41C5 | SHA256:31C4D714AFBFAB8D23AE08F061F6A5F1E46A26B0AB20795EAC7D2134A55CCEB6 | |||
3856 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old~RFe51b5.TMP | text | |
MD5:0D8DB3D43BCB9F490169188E803314DE | SHA256:1A5CBD55803117484FA35A69D5535F9B6D9FB7D3272A585084C9F4B2FA3C4AC3 | |||
3856 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old | text | |
MD5:0D8DB3D43BCB9F490169188E803314DE | SHA256:1A5CBD55803117484FA35A69D5535F9B6D9FB7D3272A585084C9F4B2FA3C4AC3 | |||
3284 | Skype.exe | C:\Users\admin\AppData\Local\Temp\skype-preview Crashes\operation_log.txt | text | |
MD5:6DC22DB9423F36FB59243A20E174AA3B | SHA256:0D4D989C8EB1C8D333509762D9D26F5DCFE02F7CF2364645C76D31B2CC9CD598 | |||
2020 | Skype.exe | C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-1-614564229.blog | binary | |
MD5:E4BE1178DFBC0EA818374BF7E7C3D91C | SHA256:140D5F246B15E85B7B8B13E2598C6D0D23BB40EF2EC9E6E9ACB388E9C7C55513 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 172.217.16.202:443 | www.googleapis.com | Google Inc. | US | whitelisted |
— | — | 13.107.3.128:443 | a.config.skype.com | Microsoft Corporation | US | whitelisted |
3856 | Skype.exe | 13.107.3.128:443 | a.config.skype.com | Microsoft Corporation | US | whitelisted |
3856 | Skype.exe | 13.90.95.57:443 | get.skype.com | Microsoft Corporation | US | whitelisted |
— | — | 52.114.7.37:443 | pipe.skype.com | Microsoft Corporation | HK | unknown |
3856 | Skype.exe | 40.79.33.178:443 | avatar.skype.com | Microsoft Corporation | US | whitelisted |
3856 | Skype.exe | 52.114.76.34:443 | browser.pipe.aria.microsoft.com | Microsoft Corporation | IE | whitelisted |
Domain | IP | Reputation |
---|---|---|
get.skype.com |
| whitelisted |
a.config.skype.com |
| whitelisted |
pipe.skype.com |
| whitelisted |
b.config.skype.com |
| whitelisted |
www.googleapis.com |
| whitelisted |
avatar.skype.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
browser.pipe.aria.microsoft.com |
| whitelisted |
Process | Message |
---|---|
Skype.exe | [3284:988:0717/134507.621:VERBOSE1:crash_service_main.cc(78)] Session start. cmdline is [--reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1]
|
Skype.exe | [3284:988:0717/134507.622:VERBOSE1:crash_service.cc(145)] window handle is 000401A8
|
Skype.exe | [3284:988:0717/134507.624:VERBOSE1:crash_service.cc(300)] pipe name is \\.\pipe\skype-preview Crash Service
dumps at C:\Users\admin\AppData\Local\Temp\skype-preview Crashes
|
Skype.exe | [3284:988:0717/134507.625:VERBOSE1:crash_service.cc(304)] checkpoint is C:\Users\admin\AppData\Local\Temp\skype-preview Crashes\crash_checkpoint.txt
server is https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload
maximum 128 reports/day
reporter is electron-crash-service
|
Skype.exe | [3284:988:0717/134507.626:ERROR:crash_service.cc(311)] could not start dumper
|
Skype.exe | [1036:3832:0717/134512.442:VERBOSE1:crash_service_main.cc(78)] Session start. cmdline is [--reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\admin\AppData\Local\Temp\skype-preview Crashes" --v=1]
|
Skype.exe | [1036:3832:0717/134512.443:VERBOSE1:crash_service.cc(145)] window handle is 00050130
|
Skype.exe | [1036:3832:0717/134512.443:VERBOSE1:crash_service.cc(300)] pipe name is \\.\pipe\skype-preview Crash Service
dumps at C:\Users\admin\AppData\Local\Temp\skype-preview Crashes
|
Skype.exe | [1036:3832:0717/134512.446:VERBOSE1:crash_service.cc(304)] checkpoint is C:\Users\admin\AppData\Local\Temp\skype-preview Crashes\crash_checkpoint.txt
server is https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload
maximum 128 reports/day
reporter is electron-crash-service
|
Skype.exe | [1036:3832:0717/134512.446:ERROR:crash_service.cc(311)] could not start dumper
|