masslogger | 5b0dc5071cf7fdc13f1b2e10ef06c1161be85aec193ea7dd5ac8c60738fd6d5f

Analysis

max time kernel
601s
max time network
612s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16/08/2022, 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Skype-8.87.0.406.exe
Size

84.9MB
MD5

6a52b4efb00ea46c34f924acc2b2e289
SHA1

feecc09bf944b9e663acdd2aa07e36f4f3b2a5ce
SHA256

5b0dc5071cf7fdc13f1b2e10ef06c1161be85aec193ea7dd5ac8c60738fd6d5f
SHA512

0081cbab52198a6ce08c52da51138ad653614e131542d533c68d57ab36c7d3d816bad61f622b8c3cbaf519e074c695837c1a02efbad928cb917a3af93e696046

Score

10^/10

masslogger zloader botnet discovery persistence spyware stealer trojan

Malware Config

Signatures

MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

Vidar log file 1 IoCs

Detects a log file produced by Vidar.

resource	yara_rule
behavioral1/files/0x000500000001a422-77.dat	vidar_log_file

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Executes dropped EXE 8 IoCs

pid	Process
900	Skype-8.87.0.406.tmp
268	Skype.exe
1604	Skype.exe
1152	Skype.exe
1924	Skype.exe
2000	Skype.exe
1916	Skype.exe
872	Skype.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Control Panel\International\Geo\Nation	Skype.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Control Panel\International\Geo\Nation	Skype.exe

Loads dropped DLL 64 IoCs

pid	Process
1976	Skype-8.87.0.406.exe
900	Skype-8.87.0.406.tmp
900	Skype-8.87.0.406.tmp
900	Skype-8.87.0.406.tmp
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe
1604	Skype.exe
1152	Skype.exe
1924	Skype.exe
2000	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1152	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
1916	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe
872	Skype.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Windows\CurrentVersion\Run\Skype for Desktop = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe"	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-BDDIB.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-6Q229.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-EOALR.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-localization-l1-2-0.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-string-l1-1-0.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-interlocked-l1-1-0.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-7LFEC.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-CFFIO.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-5HASR.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-LRSJ8.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-32KGD.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\onnxruntime.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-6HVI8.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-6EBK2.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-libraryloader-l1-1-0.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RTMPLTFM.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-MFAEF.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-B58GB.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-1K6M0.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-20319.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-ROTA7.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-PMHH9.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\is-9HPKP.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\rtmbwe.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-time-l1-1-0.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-JEAMB.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-6RN1V.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-QLUC9.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-locale-l1-1-0.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-math-l1-1-0.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-DF7SU.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-LN5IB.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-TL1UV.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-heap-l1-1-0.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-convert-l1-1-0.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-6IOEH.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-JMDMK.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-stdio-l1-1-0.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-7JQFF.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-TJVSP.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-DG2F9.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-GD4HS.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-44KVK.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-UMSRB.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\msvcp140.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processthreads-l1-1-1.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-CDV1S.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-KJTAO.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-QC4AR.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-OEQDQ.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-7TB5V.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmMediaManager.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-QBQPL.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\is-BCBPV.tmp	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\mac\is-C1RIQ.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-17LGK.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l2-1-0.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-7MISN.tmp	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-synch-l1-2-0.dll	Skype-8.87.0.406.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-util-l1-1-0.dll	Skype-8.87.0.406.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-KDGSD.tmp	Skype-8.87.0.406.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Skype.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Skype.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1556	taskkill.exe

Modifies registry class 27 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\icon = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe"	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL\DefaultIcon	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\skype-meetnow	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\callto\URL Protocol	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" --share-file=\"%V\""	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\skype	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype\ = "URL:skype"	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\callto\ = "URL:callto"	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype\URL Protocol	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\tel\ = "URL:tel"	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\ = "URL:skype-meetnow"	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\URL Protocol	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\tel\URL Protocol	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\DefaultIcon\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\""	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL\shell\open\command	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\tel	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\MUIVerb = "@C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\SkypeContext.dll,-101"	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open	Skype-8.87.0.406.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" \"%1\""	Skype-8.87.0.406.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\callto	Skype-8.87.0.406.tmp

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
872	reg.exe
1736	reg.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
900	Skype-8.87.0.406.tmp
900	Skype-8.87.0.406.tmp
268	Skype.exe
268	Skype.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1556	taskkill.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe
Token: SeShutdownPrivilege	268	Skype.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
900	Skype-8.87.0.406.tmp
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
268	Skype.exe
268	Skype.exe
268	Skype.exe
268	Skype.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 900	1976	Skype-8.87.0.406.exe	27
PID 1976 wrote to memory of 900	1976	Skype-8.87.0.406.exe	27
PID 1976 wrote to memory of 900	1976	Skype-8.87.0.406.exe	27
PID 1976 wrote to memory of 900	1976	Skype-8.87.0.406.exe	27
PID 1976 wrote to memory of 900	1976	Skype-8.87.0.406.exe	27
PID 1976 wrote to memory of 900	1976	Skype-8.87.0.406.exe	27
PID 1976 wrote to memory of 900	1976	Skype-8.87.0.406.exe	27
PID 900 wrote to memory of 1556	900	Skype-8.87.0.406.tmp	28
PID 900 wrote to memory of 1556	900	Skype-8.87.0.406.tmp	28
PID 900 wrote to memory of 1556	900	Skype-8.87.0.406.tmp	28
PID 900 wrote to memory of 1556	900	Skype-8.87.0.406.tmp	28
PID 900 wrote to memory of 268	900	Skype-8.87.0.406.tmp	31
PID 900 wrote to memory of 268	900	Skype-8.87.0.406.tmp	31
PID 900 wrote to memory of 268	900	Skype-8.87.0.406.tmp	31
PID 900 wrote to memory of 268	900	Skype-8.87.0.406.tmp	31
PID 268 wrote to memory of 1604	268	Skype.exe	33
PID 268 wrote to memory of 1604	268	Skype.exe	33
PID 268 wrote to memory of 1604	268	Skype.exe	33
PID 268 wrote to memory of 1604	268	Skype.exe	33
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 872	268	Skype.exe	35
PID 268 wrote to memory of 872	268	Skype.exe	35
PID 268 wrote to memory of 872	268	Skype.exe	35
PID 268 wrote to memory of 872	268	Skype.exe	35
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34
PID 268 wrote to memory of 1152	268	Skype.exe	34

C:\Users\Admin\AppData\Local\Temp\Skype-8.87.0.406.exe
"C:\Users\Admin\AppData\Local\Temp\Skype-8.87.0.406.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\is-3DL8I.tmp\Skype-8.87.0.406.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3DL8I.tmp\Skype-8.87.0.406.tmp" /SL5="$60120,88396875,404480,C:\Users\Admin\AppData\Local\Temp\Skype-8.87.0.406.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:900
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im Skype.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1556
- - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:268
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=3b971919-d9cd-48bb-d641-46a5b8e32319&uid=3b971919-d9cd-48bb-d641-46a5b8e32319 --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.87.0.406 --annotation=prod=Electron --annotation=ver=18.3.5 --initial-client-data=0x338,0x33c,0x340,0x334,0x344,0x830ee00,0x830ee10,0x830ee1c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1604
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1276 --field-trial-handle=1368,i,17940492839916798279,16655490512625546007,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1152
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:872
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=1464 --field-trial-handle=1368,i,17940492839916798279,16655490512625546007,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1924
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate
      4⤵
      Modifies registry key
      PID:1736
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1864 --field-trial-handle=1368,i,17940492839916798279,16655490512625546007,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1
      4⤵
      Executes dropped EXE
      Checks computer location settings
      Loads dropped DLL
      PID:2000
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 --field-trial-handle=1368,i,17940492839916798279,16655490512625546007,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1916
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1368,i,17940492839916798279,16655490512625546007,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:872

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Skype for Desktop\D3DCompiler_47.dll

Filesize
3.5MB

MD5
cd8a3be4d5871171fd0b107132d97be8

SHA1
415258c10477a49d0c046a12123ff7abe957612e

SHA256
4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0

SHA512
4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l1-2-0.dll

Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l2-1-0.dll

Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
c9a55de62e53d747c5a7fddedef874f9

SHA1
c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

SHA256
b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

SHA512
adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-string-l1-1-0.dll

Filesize
23KB

MD5
ad99c2362f64cde7756b16f9a016a60f

SHA1
07c9a78ee658bfa81db61dab039cffc9145cc6cb

SHA256
73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa

SHA512
9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_100_percent.pak

Filesize
145KB

MD5
237ca1be894f5e09fd1ccb934229c33b

SHA1
f0dfcf6db1481315054efb690df282ffe53e9fa1

SHA256
f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2

SHA512
1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_200_percent.pak

Filesize
214KB

MD5
7059af03603f93898f66981feb737064

SHA1
668e41a728d2295a455e5e0f0a8d2fee1781c538

SHA256
04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6

SHA512
435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
2.4MB

MD5
dd351db9692160684a6f2ae082c676c4

SHA1
47dac5ed57a4214473febed9feef4557e17b074f

SHA256
3c6667c3b3ecc27d5d604671b5162b1bee72e63111770e1ed9ea10dc43fc05a7

SHA512
432ead59700df625010534db0ddd916cb4fa6dba0200e21cc27cb571a86d80aeeb93aa0bec15a63db7e7265f7aace5e2762f9cf0973e5660916f874ce0dbee42

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\icudtl.dat

Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\en-US.pak

Filesize
111KB

MD5
fec26db7d8e63247e415a932289e004c

SHA1
b1fe91315ef7b8628ab531068834d953e58c03af

SHA256
8c662f1533292072e63241d15dcd19151879f7224746cdc408c6f75946e7f97a

SHA512
67e6fb4cbc36ae5004fe45c416fbac51c93bb8a06050beb65cead4972a3c346bd1ef6cd56b616e2131d9115c22ee349fdfaa824102ffd03b58deb05645c17b41

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources.pak

Filesize
4.7MB

MD5
b8665d13cf15680c5da696c7d16eb8e0

SHA1
88fbabeff814098c27d1c47cd57c55c4e6954a83

SHA256
02b1cff0154bd07866668feaa8fb78e5e68440ed5d97bb04efbebc98428d4443

SHA512
f5124d6800ba9de63c7e59bfd30e093ea9c19c296e6c504845f8ab52ab67486967ca2d8f0183551e1356229b804c5074f8338c53f54c5c907ed8e8d6fce1be9d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar

Filesize
48.3MB

MD5
fb73c0c791fab2e8a3a9b3a4d4ee9867

SHA1
47413043e892362080962bce865bd13795831bd3

SHA256
432d95c3bdc746d140a9182e67e27f3e163934d2c41eb4705d03caf162813670

SHA512
ae1b4a55084a3a75705693ed13c1d482572f9e4053c7cd6bc98238154e905ca0cd08753dfdca6e3670f386824df6a4f598fd718fbcf8c2e8653720f6613661a4

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-away.png

Filesize
294B

MD5
9834fdf81fe65f1c19f9997c47b080cb

SHA1
629b1977648b6407632eebed3ff19f3f1520f305

SHA256
5f01da2a9b135f1c8879419874f87c2a662342188cfa836556f25c9557ca07d0

SHA512
0ccc33f143faf24f81cb079acb0ca7b6803ef88e6563c2acecbbeba9242ecf1853bed7a9e54196f0ad7c973ad2616e51ca271b298fb07c51b0dd31a7e61036ca

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\[email protected]

Filesize
562B

MD5
767336bb72d1ee7103b8695e9fad1bd9

SHA1
0af45423d7e86a5ed09e0a64d82387af0d8fb397

SHA256
1b5ba46a18edce48949b08882036fbf6176cfaaec41e7ecf7b9a4cb8366db809

SHA512
39d93ba8e5bab26844ff379d16975813e598349d11e4271355e251f3f43cc1b513a2fbcd51c09f4e4c09ed5cd09a18e5123e7623feb950668af8cf8182842057

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-donotdisturb.png

Filesize
359B

MD5
324a5cab7741d3ec7fca3f6163be9bf8

SHA1
9d47b2078cc870efad4c208dedb6bd9fb127b0c7

SHA256
ba4ac732fa5011992fe17fe0e01e217f2ba92d3cd27c9b5d8139bada160f898b

SHA512
967cc72663b8fd9531f5708786ed2afeec702c01751f99407c4b8ae860a3b13467f2e187769ea632c160f2899efdea87719e5665f26c44adc52edbe64e669b8b

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\[email protected]

Filesize
685B

MD5
5da369f999ec7bb6f670fdba2f074422

SHA1
097620c947736f83744065a58ecda8aa3b0fbe07

SHA256
bff494b55ff74602fbb7181847035f22a82d30ac2a92a6a42dc6449ea6015066

SHA512
7a89b30d42f98f814e025668ec0247703c3e402aa7c14b1cf818912cc3a74166d0cc662b418cadb82e922db6f61925b39163dc86012f174b63a8cc730ed7e4aa

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-hidden.png

Filesize
398B

MD5
f847bc40a4769792230765fd101b715e

SHA1
9753ce33252a0b6ca23f36a9d6f53202d148b900

SHA256
a8be87fc996f60e0c6a9b2991e7cd757198e4ac0db80132bf4eecaea626861ae

SHA512
ff7c9950324f0c7203312f28ddca26a490877ddd1453975c083b49d088abff5f8b7fe49e1460731a7ff5ebe650d059d9eeac067ca3c10c4dbb8eee3fe458f15b

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\[email protected]

Filesize
872B

MD5
5b1c0544d938f7b90d02430c91776c4b

SHA1
b508a3f8dabe5d8071b5be41bbb628785dd0f6d6

SHA256
d666683821c01485b2a46cc40a9b6956903c12d8bf344224263005589fedf330

SHA512
a3e6b6fe5fe0922c20d11897b35ea2d17b8f18425f5d5d8b753e41d097413cc33aba68a243d1bc7af25435f2256a3f2bab8817ffc3ba4af9a102875fe4bb628d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-online.png

Filesize
331B

MD5
b6f201d0aa98781ed3c62d21f5180c2b

SHA1
8fae0048e6d699e0a8bbb411e553a91721712d6b

SHA256
532b6a446404d7bc0eaf25159099f070f13149c074dc96f5dfb5609a3025277b

SHA512
24e5f1996999ebe99693be2afebb89927c94dda7ec7d3bc40376e48de5a6a086d521eb0883712493c7c2b7798d3ae82f9d85311425b5e391818f2f27991c1cdf

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\[email protected]

Filesize
629B

MD5
6fe4b2fae57b1d4c0417745fab16f96a

SHA1
a8c8057a4090f65d82e18624be751d2f2e6d552c

SHA256
e540a9dd19c7e999e8a0614dcc1c01b47542bfb1c45f4944f1748cce28e187f7

SHA512
f2be6edd9e4889948c04c250e72fa4e74a5544b8d3a848ccee2b70fb7b7dab68fadbcec343dd9d4032c4550116f6dfd104ccf8c1805cef87c38f4d300e39c77f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\tray-offlineTemplate.ico

Filesize
104KB

MD5
6829d32c8496b84cefa32e6030e356da

SHA1
5f2b0331147da4185ee21ac62b890c36c48329bf

SHA256
e437c7e735977ad406d9df0c9e1a956cd7a9f98f7b387a21b39d67447ad55b04

SHA512
e85b18790a8b521476b0610358c055f54e5c12b48687946df569eec0b5237a39dca3f3b4eecc44da2a17c4187ef3279b3087e2fa40357ce9bd311c5ab4de3bd2

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll

Filesize
115KB

MD5
9476616d02cc7dca751984b6827056c9

SHA1
2fe9321464716436776802cf02c28862541fbc1d

SHA256
12c6991b9407814f8fa7110a0805de4ed65177cad6e18c85cab323b33b0615f1

SHA512
07809357415282beeaef19939b3772420cea3da37e25c2f39f01e4534ce0c3d0d18726143f74670cb5f5d1170ad1db2404be4a7d6c9ba2620366b66cd8abd4af

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll

Filesize
808KB

MD5
94aa552476cbac04b06d207e9ce1a822

SHA1
b9f5840d0e5163bfbbda47445e8b099ff0ac89ca

SHA256
d92621bb79b0359dc8a93b451fad70f6d89bf048cc11ec20fed689e737256087

SHA512
348e042f37ab8d59ea825527d2d07a9c5f04e403e18b67abcbfe83ddf4b6323295155197209268073321e71c4e80fb054e2ad6eb943a875adef6a6c57c4a663c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\electron_utility.node

Filesize
825KB

MD5
75e5d0f6f6084db4768dca2f4520458c

SHA1
c3c0cf13e229fc3f4aa91ea368884c14b40f7098

SHA256
8d996b60a2bef375a3c3d91b8ebc3fd49ed0cc2c59e424a3e5cbf8b00d92d351

SHA512
176cdfb0e51d8532c673e429aeca1ad1862f515d0de0c98484c86e8b3a2b0dfbeed2cc95bef10f219eb348c52230e715231d94b8ce9758eb9d36382adb42de42

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\sharing-indicator.node

Filesize
104KB

MD5
a4daf7663015955abe012b06b209b6d0

SHA1
4f487490c1f324ffed9882ff262d4579500486bf

SHA256
d0dbac1d376ec10b69acce3e2343b3c94af667d5075355f06ce0222fe3f04897

SHA512
3a2a18fea52da72aa64b40170e9ed922b185e18f14ae9a31879156ceaa02dfaf38bdbea672ed97388622d6f3ddabbf6cf9d6bd6be48c49040ea6b89fe99224c3

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll

Filesize
2.9MB

MD5
7dd825f983efe11e613c614b98b7465a

SHA1
548e9cca5dbc1ae75f43dde699aa16c1ef880eed

SHA256
1d49a77670bc63dc7bc50907a7d707bc95a524a67e30190cfcc6036b2cbf74b9

SHA512
5d6a36714fb1d2d71a13ef6c4b6843fe56f53d1b5193a344726afc761b9daa1f03a5b2ef4375dc5eb0ffd30b225e256fbff577feda19eb21481d8d71c1e03048

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ucrtbase.DLL

Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\v8_context_snapshot.bin

Filesize
593KB

MD5
1414b93414f8f3ffdce89c576e323408

SHA1
8300f1403640f6c4fa5087333ebec6d289a66962

SHA256
625e731c720b055874437d1e9fd336941efc46ed6061f6cd018c2e2105940b97

SHA512
8c066899d9372b2a69ab5a9b6a3952c1724e6315658cf826274ab8d588bd121804097955e771062566ef9ffba9f9a35c5274254e56bc63db6c841ac36628e6d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3DL8I.tmp\Skype-8.87.0.406.tmp

Filesize
1.4MB

MD5
4a5076a8fb16791787211b614d4fb9e8

SHA1
cfc1c4c9cc1a5b150d0b390cdc4cef3a6eb02006

SHA256
2f4cf46a9d3573f0083384d08c18c119a9ca29bc6e9ab5bee7abc1db0a2b773d

SHA512
897f8c49e63e9df627f390edea7ffe8bd21f8a4425101ae505257b274082e175631a5cfb73e6a0bea771716e2054389d93d5c63a5c0a19f087bd5f23fef40204

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3DL8I.tmp\Skype-8.87.0.406.tmp

Filesize
1.4MB

MD5
4a5076a8fb16791787211b614d4fb9e8

SHA1
cfc1c4c9cc1a5b150d0b390cdc4cef3a6eb02006

SHA256
2f4cf46a9d3573f0083384d08c18c119a9ca29bc6e9ab5bee7abc1db0a2b773d

SHA512
897f8c49e63e9df627f390edea7ffe8bd21f8a4425101ae505257b274082e175631a5cfb73e6a0bea771716e2054389d93d5c63a5c0a19f087bd5f23fef40204

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\settings.dat

Filesize
40B

MD5
dcac87a7448b52ef411cce77b2757c1a

SHA1
cf82a3e359fc4bf60f8329c88465b71d8379c548

SHA256
4904f99281726f2e9cf013e4eadff6bc3b097ed627ee0c898d27b2b631ab1349

SHA512
dc40ae225d905c2b318bee6cd7a777e9bb4ec4e6ca76ceada04449541ab325d42e6cdb41b0332cddc09d1f719d16c90d82f5c68ef37f163f3f6af91ca05e827e

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
116.9MB

MD5
fc68ee440f55d4d901cf0178ebd5ac7e

SHA1
57338968ca7764919400a61f9bfb8c3199bb1468

SHA256
bc5217a45691995ef5093b34e473d1ac447a7fbc183e6880b88872d3418292da

SHA512
09e09d8dbb01c4acf5ac33034adaf47e67214ae4ddc3995aa18e09cc70226b572d4409941a959e34ee9546bc8a799791c5c728cc3c66ae08c41746222185925c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l1-2-0.dll

Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l2-1-0.dll

Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
c9a55de62e53d747c5a7fddedef874f9

SHA1
c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

SHA256
b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

SHA512
adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-string-l1-1-0.dll

Filesize
23KB

MD5
ad99c2362f64cde7756b16f9a016a60f

SHA1
07c9a78ee658bfa81db61dab039cffc9145cc6cb

SHA256
73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa

SHA512
9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\d3dcompiler_47.dll

Filesize
3.5MB

MD5
cd8a3be4d5871171fd0b107132d97be8

SHA1
415258c10477a49d0c046a12123ff7abe957612e

SHA256
4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0

SHA512
4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
2.4MB

MD5
dd351db9692160684a6f2ae082c676c4

SHA1
47dac5ed57a4214473febed9feef4557e17b074f

SHA256
3c6667c3b3ecc27d5d604671b5162b1bee72e63111770e1ed9ea10dc43fc05a7

SHA512
432ead59700df625010534db0ddd916cb4fa6dba0200e21cc27cb571a86d80aeeb93aa0bec15a63db7e7265f7aace5e2762f9cf0973e5660916f874ce0dbee42

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
2.4MB

MD5
dd351db9692160684a6f2ae082c676c4

SHA1
47dac5ed57a4214473febed9feef4557e17b074f

SHA256
3c6667c3b3ecc27d5d604671b5162b1bee72e63111770e1ed9ea10dc43fc05a7

SHA512
432ead59700df625010534db0ddd916cb4fa6dba0200e21cc27cb571a86d80aeeb93aa0bec15a63db7e7265f7aace5e2762f9cf0973e5660916f874ce0dbee42

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
2.4MB

MD5
dd351db9692160684a6f2ae082c676c4

SHA1
47dac5ed57a4214473febed9feef4557e17b074f

SHA256
3c6667c3b3ecc27d5d604671b5162b1bee72e63111770e1ed9ea10dc43fc05a7

SHA512
432ead59700df625010534db0ddd916cb4fa6dba0200e21cc27cb571a86d80aeeb93aa0bec15a63db7e7265f7aace5e2762f9cf0973e5660916f874ce0dbee42

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
2.4MB

MD5
dd351db9692160684a6f2ae082c676c4

SHA1
47dac5ed57a4214473febed9feef4557e17b074f

SHA256
3c6667c3b3ecc27d5d604671b5162b1bee72e63111770e1ed9ea10dc43fc05a7

SHA512
432ead59700df625010534db0ddd916cb4fa6dba0200e21cc27cb571a86d80aeeb93aa0bec15a63db7e7265f7aace5e2762f9cf0973e5660916f874ce0dbee42

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
2.4MB

MD5
dd351db9692160684a6f2ae082c676c4

SHA1
47dac5ed57a4214473febed9feef4557e17b074f

SHA256
3c6667c3b3ecc27d5d604671b5162b1bee72e63111770e1ed9ea10dc43fc05a7

SHA512
432ead59700df625010534db0ddd916cb4fa6dba0200e21cc27cb571a86d80aeeb93aa0bec15a63db7e7265f7aace5e2762f9cf0973e5660916f874ce0dbee42

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll

Filesize
115KB

MD5
9476616d02cc7dca751984b6827056c9

SHA1
2fe9321464716436776802cf02c28862541fbc1d

SHA256
12c6991b9407814f8fa7110a0805de4ed65177cad6e18c85cab323b33b0615f1

SHA512
07809357415282beeaef19939b3772420cea3da37e25c2f39f01e4534ce0c3d0d18726143f74670cb5f5d1170ad1db2404be4a7d6c9ba2620366b66cd8abd4af

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll

Filesize
808KB

MD5
94aa552476cbac04b06d207e9ce1a822

SHA1
b9f5840d0e5163bfbbda47445e8b099ff0ac89ca

SHA256
d92621bb79b0359dc8a93b451fad70f6d89bf048cc11ec20fed689e737256087

SHA512
348e042f37ab8d59ea825527d2d07a9c5f04e403e18b67abcbfe83ddf4b6323295155197209268073321e71c4e80fb054e2ad6eb943a875adef6a6c57c4a663c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\electron_utility.node

Filesize
825KB

MD5
75e5d0f6f6084db4768dca2f4520458c

SHA1
c3c0cf13e229fc3f4aa91ea368884c14b40f7098

SHA256
8d996b60a2bef375a3c3d91b8ebc3fd49ed0cc2c59e424a3e5cbf8b00d92d351

SHA512
176cdfb0e51d8532c673e429aeca1ad1862f515d0de0c98484c86e8b3a2b0dfbeed2cc95bef10f219eb348c52230e715231d94b8ce9758eb9d36382adb42de42

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\sharing-indicator.node

Filesize
104KB

MD5
a4daf7663015955abe012b06b209b6d0

SHA1
4f487490c1f324ffed9882ff262d4579500486bf

SHA256
d0dbac1d376ec10b69acce3e2343b3c94af667d5075355f06ce0222fe3f04897

SHA512
3a2a18fea52da72aa64b40170e9ed922b185e18f14ae9a31879156ceaa02dfaf38bdbea672ed97388622d6f3ddabbf6cf9d6bd6be48c49040ea6b89fe99224c3

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll

Filesize
2.9MB

MD5
7dd825f983efe11e613c614b98b7465a

SHA1
548e9cca5dbc1ae75f43dde699aa16c1ef880eed

SHA256
1d49a77670bc63dc7bc50907a7d707bc95a524a67e30190cfcc6036b2cbf74b9

SHA512
5d6a36714fb1d2d71a13ef6c4b6843fe56f53d1b5193a344726afc761b9daa1f03a5b2ef4375dc5eb0ffd30b225e256fbff577feda19eb21481d8d71c1e03048

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ucrtbase.dll

Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ucrtbase.dll

Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
\Users\Admin\AppData\Local\Temp\is-3DL8I.tmp\Skype-8.87.0.406.tmp

Filesize
1.4MB

MD5
4a5076a8fb16791787211b614d4fb9e8

SHA1
cfc1c4c9cc1a5b150d0b390cdc4cef3a6eb02006

SHA256
2f4cf46a9d3573f0083384d08c18c119a9ca29bc6e9ab5bee7abc1db0a2b773d

SHA512
897f8c49e63e9df627f390edea7ffe8bd21f8a4425101ae505257b274082e175631a5cfb73e6a0bea771716e2054389d93d5c63a5c0a19f087bd5f23fef40204

Download Submit
memory/900-63-0x00000000743E1000-0x00000000743E3000-memory.dmp

Filesize
8KB

Download
memory/1976-61-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1976-55-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1976-72-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1976-54-0x0000000075801000-0x0000000075803000-memory.dmp

Filesize
8KB

Download