masslogger | bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2

Resubmissions

31-10-2022 13:00

221031-p8sa3sahh7 8

31-10-2022 12:40

221031-pv9yzaahf9 8

27-09-2022 19:25

220927-x49nkafddn 10

Analysis

max time kernel
150s
max time network
158s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27-09-2022 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Skype-8.88.0.401.exe
Size

84.6MB
MD5

a354d5d832f5a63c996be3ba24f3793c
SHA1

0eeabbd3654bcb95615ede909eca7f1d8cb1465e
SHA256

bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2
SHA512

f745d04cae393227b344c4fe4ba1d9bdc36058527c1621fd38d19ccc6bdeb15dd4251e66e6db9a88ec41dd59ddf3de357920e58980ca089119416d92c9fc90fc
SSDEEP

1572864:KuEsMZ2eMCgMHNRZzU9P9X6TalSU3OTW+CnamF+U4wYVcnywmh0yyHXFK9auqj:KeM0MNQ6Ty3a3CT+amdwq0yyHXFoqj

Score

10^/10

masslogger zloader botnet discovery persistence spyware stealer trojan

Malware Config

Signatures

MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

Vidar log file 1 IoCs

Detects a log file produced by Vidar.

Processes:

resource	yara_rule
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar	vidar_log_file

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader
Executes dropped EXE 7 IoCs

Processes:

Skype-8.88.0.401.tmpSkype.exeSkype.exeSkype.exeSkype.exeSkype.exeSkype.exe

pid process

2016 Skype-8.88.0.401.tmp
768 Skype.exe
304 Skype.exe
948 Skype.exe
1676 Skype.exe
1056 Skype.exe
1384 Skype.exe

pid	process
2016	Skype-8.88.0.401.tmp
768	Skype.exe
304	Skype.exe
948	Skype.exe
1676	Skype.exe
1056	Skype.exe
1384	Skype.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Skype.exeSkype.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\International\Geo\Nation	Skype.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\International\Geo\Nation	Skype.exe

Loads dropped DLL 40 IoCs

Processes:

Skype-8.88.0.401.exeSkype-8.88.0.401.tmpSkype.exeSkype.exeSkype.exeSkype.exeSkype.exeSkype.exe

pid	process
1212	Skype-8.88.0.401.exe
2016	Skype-8.88.0.401.tmp
2016	Skype-8.88.0.401.tmp
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe
304	Skype.exe
948	Skype.exe
1676	Skype.exe
1056	Skype.exe
948	Skype.exe
948	Skype.exe
948	Skype.exe
1384	Skype.exe
1384	Skype.exe
1384	Skype.exe
1384	Skype.exe
1384	Skype.exe
1384	Skype.exe
1384	Skype.exe
1384	Skype.exe
1384	Skype.exe
1056	Skype.exe
1056	Skype.exe
1056	Skype.exe
1056	Skype.exe
1056	Skype.exe
1056	Skype.exe
1056	Skype.exe
1056	Skype.exe
768	Skype.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\Skype for Desktop = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe"	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Skype-8.88.0.401.tmp

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-BNA7B.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-T6VAS.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-LSUCI.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-R3SNU.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-VMNQ3.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-VCRA9.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-LOON2.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-AQ4RC.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-rtlsupport-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-profile-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-43PF6.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-LRKKC.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-77O7V.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-PVVFQ.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\ssScreenVVS2.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-RE12J.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-0FOH2.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-M3973.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-D38P6.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmCodecs.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-handle-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-FAIPN.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-4FM78.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\mac\is-D7H0N.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\vcruntime140.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-string-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-9BE0C.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-RPOCK.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-namedpipe-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-libraryloader-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-private-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-CJNBT.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-DB3U7.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\mac\is-4H0ET.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\vk_swiftshader.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-KFIBN.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-BH4TF.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-L2ADG.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processenvironment-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-environment-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-CFB4T.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-A0UIV.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-0UFN1.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-SQUE3.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-PI8EA.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\libEGL.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-LRG7A.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-7KVFJ.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processthreads-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-0FV9V.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-U0KGJ.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-RFC5V.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-97RGO.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-FCVM0.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\is-T0AR0.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\is-CH700.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.msg	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.dat	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-DP0UP.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-S2S8V.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-572M1.tmp	Skype-8.88.0.401.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Skype.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Skype.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Skype.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Skype.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

952 taskkill.exe

pid	process
952	taskkill.exe

Modifies registry class 27 IoCs

Processes:

Skype-8.88.0.401.tmp

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\callto\URL Protocol	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\URL Protocol	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\skype	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype\URL Protocol	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\callto\ = "URL:callto"	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\tel\ = "URL:tel"	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\DefaultIcon\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\""	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL\shell\open\command	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\MUIVerb = "@C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\SkypeContext.dll,-101"	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" \"%1\""	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype\ = "URL:skype"	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\icon = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe"	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\skype-meetnow	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\tel\URL Protocol	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\ = "URL:skype-meetnow"	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL\DefaultIcon	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\tel	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" --share-file=\"%V\""	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\callto	Skype-8.88.0.401.tmp

Modifies registry key 1 TTPs 2 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exe

pid process

1060 reg.exe
1564 reg.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Skype-8.88.0.401.tmpSkype.exe

pid process

2016 Skype-8.88.0.401.tmp
2016 Skype-8.88.0.401.tmp
768 Skype.exe
768 Skype.exe

pid	process
1060	reg.exe
1564	reg.exe

pid	process
2016	Skype-8.88.0.401.tmp
2016	Skype-8.88.0.401.tmp
768	Skype.exe
768	Skype.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskkill.exeSkype.exeSkype.exe

description	pid	process
Token: SeDebugPrivilege	952	taskkill.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	1056	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe
Token: SeShutdownPrivilege	768	Skype.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Skype-8.88.0.401.tmpSkype.exe

pid process

2016 Skype-8.88.0.401.tmp
768 Skype.exe
768 Skype.exe
768 Skype.exe
768 Skype.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

Skype.exe

pid process

768 Skype.exe
768 Skype.exe
768 Skype.exe
768 Skype.exe

pid	process
2016	Skype-8.88.0.401.tmp
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe

pid	process
768	Skype.exe
768	Skype.exe
768	Skype.exe
768	Skype.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Skype-8.88.0.401.exeSkype-8.88.0.401.tmpSkype.exe

description	pid	process	target process
PID 1212 wrote to memory of 2016	1212	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 1212 wrote to memory of 2016	1212	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 1212 wrote to memory of 2016	1212	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 1212 wrote to memory of 2016	1212	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 1212 wrote to memory of 2016	1212	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 1212 wrote to memory of 2016	1212	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 1212 wrote to memory of 2016	1212	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 2016 wrote to memory of 952	2016	Skype-8.88.0.401.tmp	taskkill.exe
PID 2016 wrote to memory of 952	2016	Skype-8.88.0.401.tmp	taskkill.exe
PID 2016 wrote to memory of 952	2016	Skype-8.88.0.401.tmp	taskkill.exe
PID 2016 wrote to memory of 952	2016	Skype-8.88.0.401.tmp	taskkill.exe
PID 2016 wrote to memory of 768	2016	Skype-8.88.0.401.tmp	Skype.exe
PID 2016 wrote to memory of 768	2016	Skype-8.88.0.401.tmp	Skype.exe
PID 2016 wrote to memory of 768	2016	Skype-8.88.0.401.tmp	Skype.exe
PID 2016 wrote to memory of 768	2016	Skype-8.88.0.401.tmp	Skype.exe
PID 768 wrote to memory of 304	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 304	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 304	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 304	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 1060	768	Skype.exe	reg.exe
PID 768 wrote to memory of 1060	768	Skype.exe	reg.exe
PID 768 wrote to memory of 1060	768	Skype.exe	reg.exe
PID 768 wrote to memory of 1060	768	Skype.exe	reg.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe
PID 768 wrote to memory of 948	768	Skype.exe	Skype.exe

C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe
"C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1212

C:\Users\Admin\AppData\Local\Temp\is-92EV1.tmp\Skype-8.88.0.401.tmp
"C:\Users\Admin\AppData\Local\Temp\is-92EV1.tmp\Skype-8.88.0.401.tmp" /SL5="$60120,88056815,404480,C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2016

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Skype.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:952

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=7cafb9c9-9412-42f8-b868-9271477fb52b&uid=7cafb9c9-9412-42f8-b868-9271477fb52b<##>aria://?_event=main_crashed&_token=a173030604a34bdcbf21ca59134c7430-2a34e3b5-60e1-4a11-ad6d-2e9eac9ac07c-6614&CrashType=native_crash&DeviceInfo.Id=7cafb9c994122f8b8689271477fb52b8&DeviceInfo.OsName=Windows_NT&DeviceInfo.OsVersion=6.1.7601&Platform_Id=1433&Platform_Uiversion=1433/8.88.0.401/ --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.88.0.401 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=19.0.9 --initial-client-data=0x340,0x344,0x348,0x33c,0x34c,0x85b9358,0x85b9368,0x85b9374
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:304

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1332 --field-trial-handle=1348,i,16021609977879788275,8139491300155609142,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:948

C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /f
4⤵
- Adds Run key to start application
- Modifies registry key
PID:1060

C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate
4⤵
- Modifies registry key
PID:1564

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=1512 --field-trial-handle=1348,i,16021609977879788275,8139491300155609142,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1676

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1872 --field-trial-handle=1348,i,16021609977879788275,8139491300155609142,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1
4⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1056

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1332 --field-trial-handle=1348,i,16021609977879788275,8139491300155609142,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1384

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Skype for Desktop\D3DCompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l1-2-0.dll
Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l2-1-0.dll
Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
c9a55de62e53d747c5a7fddedef874f9

SHA1
c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

SHA256
b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

SHA512
adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_100_percent.pak
Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_200_percent.pak
Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\icudtl.dat
Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
Filesize
373KB

MD5
fd5e529cd058c64d98ed30521d4778ef

SHA1
73224b31359656c19630c3fba6a4f09bf96080e3

SHA256
c36dda640ad3c0d031331176c033e0e895d25d852eddd2270e91a0f657817197

SHA512
afe3182949157c8d0f340ea9148c67523d3a7c0bf2f78cdfcc33e11edefdba3ee02d7175b5800c06f6e5dd6bde5be1c827657823bc1f1455e122febce7d5d160

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
Filesize
6.1MB

MD5
a5aad5d50ac63d1de48933a7709c1afb

SHA1
13402c0a27d2460bb1853a25f85ce256f0912157

SHA256
3a0ac12a20f61d541e08472f30e28ba82ba5824d36eacda0c291b0b777258191

SHA512
a8ed709806f75a517f515f5c71846bd29ec7f3432ace0f4220a6f57ab93c793c2f9e6fed421d0c76109cd741380c49c5588517ffeb98dfde0484b4f8d19dd14f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\en-US.pak
Filesize
112KB

MD5
a85c703969e69a5a6f7e379635fa42a5

SHA1
8c765404e54070c14ab49d2d1ef54d2a3a2f7ea6

SHA256
a9c5b333440a42b95b2ef043fecb95a2d2f4b2d0601be639643d01d86be3ba83

SHA512
8ab1106fd6f410164dece0e4f6cc67e57b8bfc72864b47a665f81d67d4028464e69f7c7f4e283956fe0556f71779cceb66466b0cd37f434dbdcb7d4f59492b82

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources.pak
Filesize
4.7MB

MD5
df68fa2bad8bc5d34aea8373122c2175

SHA1
084ff957974ec41b78069448851e8745bce8fbe2

SHA256
040683716db4a5cbff94493df6ec50f690eb5d37769028835ee5127f9aa4608f

SHA512
54e752893ab4f7c8f80b7272f97ac60c8762e8818ea4379e0713e3088fe56c63712fb9b2023782b0e717b8e7b85cd0e5c0c211aa458f0c74e5b0ae0ee81169a3

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar
Filesize
49.0MB

MD5
213553120cc5a9e687785760e4ff0b37

SHA1
99f150359227a77aa9c2a3d922d64a8792cbe733

SHA256
078e5c19293fc2dc3e4febb0a9656cae1a1fe6493e8e69e98a5b40443e476a77

SHA512
fc9703c96c515a791c95556e8d80c2329846a333be1cf2cb93d6c21c4fa1297e1e08141fc7fb230a001d747ef88329850a5f57e7166f021fe66d4aaf49236aea

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-away.png
Filesize
294B

MD5
9834fdf81fe65f1c19f9997c47b080cb

SHA1
629b1977648b6407632eebed3ff19f3f1520f305

SHA256
5f01da2a9b135f1c8879419874f87c2a662342188cfa836556f25c9557ca07d0

SHA512
0ccc33f143faf24f81cb079acb0ca7b6803ef88e6563c2acecbbeba9242ecf1853bed7a9e54196f0ad7c973ad2616e51ca271b298fb07c51b0dd31a7e61036ca

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-away@2x.png
Filesize
562B

MD5
767336bb72d1ee7103b8695e9fad1bd9

SHA1
0af45423d7e86a5ed09e0a64d82387af0d8fb397

SHA256
1b5ba46a18edce48949b08882036fbf6176cfaaec41e7ecf7b9a4cb8366db809

SHA512
39d93ba8e5bab26844ff379d16975813e598349d11e4271355e251f3f43cc1b513a2fbcd51c09f4e4c09ed5cd09a18e5123e7623feb950668af8cf8182842057

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-donotdisturb.png
Filesize
359B

MD5
324a5cab7741d3ec7fca3f6163be9bf8

SHA1
9d47b2078cc870efad4c208dedb6bd9fb127b0c7

SHA256
ba4ac732fa5011992fe17fe0e01e217f2ba92d3cd27c9b5d8139bada160f898b

SHA512
967cc72663b8fd9531f5708786ed2afeec702c01751f99407c4b8ae860a3b13467f2e187769ea632c160f2899efdea87719e5665f26c44adc52edbe64e669b8b

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-donotdisturb@2x.png
Filesize
685B

MD5
5da369f999ec7bb6f670fdba2f074422

SHA1
097620c947736f83744065a58ecda8aa3b0fbe07

SHA256
bff494b55ff74602fbb7181847035f22a82d30ac2a92a6a42dc6449ea6015066

SHA512
7a89b30d42f98f814e025668ec0247703c3e402aa7c14b1cf818912cc3a74166d0cc662b418cadb82e922db6f61925b39163dc86012f174b63a8cc730ed7e4aa

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-hidden.png
Filesize
398B

MD5
f847bc40a4769792230765fd101b715e

SHA1
9753ce33252a0b6ca23f36a9d6f53202d148b900

SHA256
a8be87fc996f60e0c6a9b2991e7cd757198e4ac0db80132bf4eecaea626861ae

SHA512
ff7c9950324f0c7203312f28ddca26a490877ddd1453975c083b49d088abff5f8b7fe49e1460731a7ff5ebe650d059d9eeac067ca3c10c4dbb8eee3fe458f15b

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-hidden@2x.png
Filesize
872B

MD5
5b1c0544d938f7b90d02430c91776c4b

SHA1
b508a3f8dabe5d8071b5be41bbb628785dd0f6d6

SHA256
d666683821c01485b2a46cc40a9b6956903c12d8bf344224263005589fedf330

SHA512
a3e6b6fe5fe0922c20d11897b35ea2d17b8f18425f5d5d8b753e41d097413cc33aba68a243d1bc7af25435f2256a3f2bab8817ffc3ba4af9a102875fe4bb628d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-online.png
Filesize
331B

MD5
b6f201d0aa98781ed3c62d21f5180c2b

SHA1
8fae0048e6d699e0a8bbb411e553a91721712d6b

SHA256
532b6a446404d7bc0eaf25159099f070f13149c074dc96f5dfb5609a3025277b

SHA512
24e5f1996999ebe99693be2afebb89927c94dda7ec7d3bc40376e48de5a6a086d521eb0883712493c7c2b7798d3ae82f9d85311425b5e391818f2f27991c1cdf

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-online@2x.png
Filesize
629B

MD5
6fe4b2fae57b1d4c0417745fab16f96a

SHA1
a8c8057a4090f65d82e18624be751d2f2e6d552c

SHA256
e540a9dd19c7e999e8a0614dcc1c01b47542bfb1c45f4944f1748cce28e187f7

SHA512
f2be6edd9e4889948c04c250e72fa4e74a5544b8d3a848ccee2b70fb7b7dab68fadbcec343dd9d4032c4550116f6dfd104ccf8c1805cef87c38f4d300e39c77f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\tray-offlineTemplate.ico
Filesize
104KB

MD5
6829d32c8496b84cefa32e6030e356da

SHA1
5f2b0331147da4185ee21ac62b890c36c48329bf

SHA256
e437c7e735977ad406d9df0c9e1a956cd7a9f98f7b387a21b39d67447ad55b04

SHA512
e85b18790a8b521476b0610358c055f54e5c12b48687946df569eec0b5237a39dca3f3b4eecc44da2a17c4187ef3279b3087e2fa40357ce9bd311c5ab4de3bd2

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll
Filesize
115KB

MD5
9b6668f114410369cacb58f8feee0955

SHA1
b2d1e31e598ff4cfbff1d4a83fc88e408ab60d46

SHA256
b1eb94be95d9d9528e5eec0c57ae023ac6e76b6aa2a4c5b2c6d22649c091f2cf

SHA512
c429a55bb6b522d24cb1e1c8e3f5cdaf1189946107358177e30444051858bd0ef1975a737ed3061343d75fd09ef6b0f5dadd193c42bae65da2ef68286e00f70d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll
Filesize
810KB

MD5
ba19390901659c6b16cdf63982c32270

SHA1
f425c25105890c483b2aeb2434cde64afe2689a6

SHA256
820d129d40a792c3545c12d27f6ad86b712a2c2589b2a119938f4f27dc58c6ec

SHA512
74f7b6c8558623fc81148a738ee71bf3426b94bde53695abd4b41cc08729a3b70c419dbc1424dbc2f066a75206df1b16c2b5c80c3a66cd850474d0cc7f3346a3

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\electron_utility.node
Filesize
825KB

MD5
072a51c6af202698ed8d6f048b983302

SHA1
746f49ba9e3b9f1894d25b3ed4e608b9d6417690

SHA256
e5a551fe3ce173d0d960b2188c6918a69caad5cd555eb7c6bff4295f68247e7f

SHA512
5f1fcc7acaa0d653923748b4792b1fda978bd023290c71377c0edf4b2e99d853e4206392fae22989d32ab8f4fdc1b097836ee1d4798da9d360dd37d9ca9e39e1

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\sharing-indicator.node
Filesize
104KB

MD5
9e05fd03af1d0d866814005b1eaa9ef1

SHA1
3924c9687e17e51491fc8e1fb0ba78b254c634a5

SHA256
8d6811a9ba1d1284fcb91909e43072767a0c49006bab6d6e0ee309384e5fb053

SHA512
d4164b50fba3ab2b9bfa13d775748f38f12d2abb9776c0dad102f4fffeb9aa550bee98f8d1d256be51504b67116f1cf4567bde70591eb9e1c4ddd1a41f9dc97a

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll
Filesize
2.9MB

MD5
15df8a9ab82d8f7228dc1c15800ee95b

SHA1
07448c1fbacd3590c8c50c6a8ed9922db2a5c8dd

SHA256
a9d037467736c81fc7d14f8104f88b9bb97791c91525f87ef80f71fd512f5a1b

SHA512
1bdd6081302780e73906b4f88c108e778e799cfb69c5b88a608ad3da6ff208078a893e59d0ba09e27783e37f952f05fe6ec2092da255e2fe94b7bc8a886ef69f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ucrtbase.DLL
Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\v8_context_snapshot.bin
Filesize
596KB

MD5
9cf618687bbd261c2027bf10671a7b73

SHA1
c0231f7fd1fb116067478338c9d69bbe0ec57d0d

SHA256
9cd23cfe0e627d930127cf27442be319a5548aa4f039d04a9216371236fede9f

SHA512
eceb31bd6974d2c16b3cabbf821c058845ca8c02f1482caa95bf3c5acd41c6a25c3d7940dd8f0ff510c05b41d7b8e2246e3e9e9a17e84d31e504104a2a9c4239

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-92EV1.tmp\Skype-8.88.0.401.tmp
Filesize
1.4MB

MD5
42d7f6491cb9a07c4e25cac42a3b395b

SHA1
75b5c00ab9277bbe578502bfbef743e7c04564c1

SHA256
f58a9f68802fbc1cacdb07cc357136fb217ad47897355dac962a1e239fe9591d

SHA512
f9df478b4d2076a1ea2b09f711afb7425d0b9ea57c06d90749ca20ec9c4c110720061b62d9fff047d69e7214deb239673be3b33df77742bc64fbfce2014f3750

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-92EV1.tmp\Skype-8.88.0.401.tmp
Filesize
1.4MB

MD5
42d7f6491cb9a07c4e25cac42a3b395b

SHA1
75b5c00ab9277bbe578502bfbef743e7c04564c1

SHA256
f58a9f68802fbc1cacdb07cc357136fb217ad47897355dac962a1e239fe9591d

SHA512
f9df478b4d2076a1ea2b09f711afb7425d0b9ea57c06d90749ca20ec9c4c110720061b62d9fff047d69e7214deb239673be3b33df77742bc64fbfce2014f3750

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\settings.dat
Filesize
40B

MD5
09a74da85a4e23983be7068cc7ffdac5

SHA1
42b51e74c6e208fc0625cc0a636024698fdf8718

SHA256
87ad122c7184d4a97bcbfe043bb17063b7578225683d68a7f58db60eafe35013

SHA512
bd59ca5fafe550a2c2e2bb7621e13be4a73c5f764b46dc143760a26ee96171e61a208e0a48b70015dddde20976c78f1901193fd17ebb235fb0f364136be2099e

Download Submit
\??\pipe\crashpad_768_ANTQGKMGKUUUKUZG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l1-2-0.dll
Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l2-1-0.dll
Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
c9a55de62e53d747c5a7fddedef874f9

SHA1
c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

SHA256
b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

SHA512
adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\libEGL.dll
Filesize
373KB

MD5
fd5e529cd058c64d98ed30521d4778ef

SHA1
73224b31359656c19630c3fba6a4f09bf96080e3

SHA256
c36dda640ad3c0d031331176c033e0e895d25d852eddd2270e91a0f657817197

SHA512
afe3182949157c8d0f340ea9148c67523d3a7c0bf2f78cdfcc33e11edefdba3ee02d7175b5800c06f6e5dd6bde5be1c827657823bc1f1455e122febce7d5d160

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\libGLESv2.dll
Filesize
6.1MB

MD5
a5aad5d50ac63d1de48933a7709c1afb

SHA1
13402c0a27d2460bb1853a25f85ce256f0912157

SHA256
3a0ac12a20f61d541e08472f30e28ba82ba5824d36eacda0c291b0b777258191

SHA512
a8ed709806f75a517f515f5c71846bd29ec7f3432ace0f4220a6f57ab93c793c2f9e6fed421d0c76109cd741380c49c5588517ffeb98dfde0484b4f8d19dd14f

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll
Filesize
115KB

MD5
9b6668f114410369cacb58f8feee0955

SHA1
b2d1e31e598ff4cfbff1d4a83fc88e408ab60d46

SHA256
b1eb94be95d9d9528e5eec0c57ae023ac6e76b6aa2a4c5b2c6d22649c091f2cf

SHA512
c429a55bb6b522d24cb1e1c8e3f5cdaf1189946107358177e30444051858bd0ef1975a737ed3061343d75fd09ef6b0f5dadd193c42bae65da2ef68286e00f70d

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll
Filesize
810KB

MD5
ba19390901659c6b16cdf63982c32270

SHA1
f425c25105890c483b2aeb2434cde64afe2689a6

SHA256
820d129d40a792c3545c12d27f6ad86b712a2c2589b2a119938f4f27dc58c6ec

SHA512
74f7b6c8558623fc81148a738ee71bf3426b94bde53695abd4b41cc08729a3b70c419dbc1424dbc2f066a75206df1b16c2b5c80c3a66cd850474d0cc7f3346a3

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\electron_utility.node
Filesize
825KB

MD5
072a51c6af202698ed8d6f048b983302

SHA1
746f49ba9e3b9f1894d25b3ed4e608b9d6417690

SHA256
e5a551fe3ce173d0d960b2188c6918a69caad5cd555eb7c6bff4295f68247e7f

SHA512
5f1fcc7acaa0d653923748b4792b1fda978bd023290c71377c0edf4b2e99d853e4206392fae22989d32ab8f4fdc1b097836ee1d4798da9d360dd37d9ca9e39e1

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\sharing-indicator.node
Filesize
104KB

MD5
9e05fd03af1d0d866814005b1eaa9ef1

SHA1
3924c9687e17e51491fc8e1fb0ba78b254c634a5

SHA256
8d6811a9ba1d1284fcb91909e43072767a0c49006bab6d6e0ee309384e5fb053

SHA512
d4164b50fba3ab2b9bfa13d775748f38f12d2abb9776c0dad102f4fffeb9aa550bee98f8d1d256be51504b67116f1cf4567bde70591eb9e1c4ddd1a41f9dc97a

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll
Filesize
2.9MB

MD5
15df8a9ab82d8f7228dc1c15800ee95b

SHA1
07448c1fbacd3590c8c50c6a8ed9922db2a5c8dd

SHA256
a9d037467736c81fc7d14f8104f88b9bb97791c91525f87ef80f71fd512f5a1b

SHA512
1bdd6081302780e73906b4f88c108e778e799cfb69c5b88a608ad3da6ff208078a893e59d0ba09e27783e37f952f05fe6ec2092da255e2fe94b7bc8a886ef69f

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ucrtbase.dll
Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
\Users\Admin\AppData\Local\Temp\is-92EV1.tmp\Skype-8.88.0.401.tmp
Filesize
1.4MB

MD5
42d7f6491cb9a07c4e25cac42a3b395b

SHA1
75b5c00ab9277bbe578502bfbef743e7c04564c1

SHA256
f58a9f68802fbc1cacdb07cc357136fb217ad47897355dac962a1e239fe9591d

SHA512
f9df478b4d2076a1ea2b09f711afb7425d0b9ea57c06d90749ca20ec9c4c110720061b62d9fff047d69e7214deb239673be3b33df77742bc64fbfce2014f3750

Download Submit
memory/304-99-0x0000000000000000-mapping.dmp

Download
memory/768-68-0x0000000000000000-mapping.dmp

Download
memory/948-146-0x0000000000000000-mapping.dmp

Download
memory/952-62-0x0000000000000000-mapping.dmp

Download
memory/1056-160-0x0000000000000000-mapping.dmp

Download
memory/1060-132-0x0000000000000000-mapping.dmp

Download
memory/1212-61-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1212-54-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download
memory/1212-65-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1212-102-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1212-55-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1384-211-0x0000000000000000-mapping.dmp

Download
memory/1564-158-0x0000000000000000-mapping.dmp

Download
memory/1676-147-0x0000000000000000-mapping.dmp

Download
memory/2016-58-0x0000000000000000-mapping.dmp

Download
memory/2016-63-0x0000000074EE1000-0x0000000074EE3000-memory.dmp

Filesize
8KB

Download