bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2

Resubmissions

31-10-2022 13:00

221031-p8sa3sahh7 8

31-10-2022 12:40

221031-pv9yzaahf9 8

27-09-2022 19:25

220927-x49nkafddn 10

Analysis

max time kernel
86s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2022 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Skype-8.88.0.401.exe
Size

84.6MB
MD5

a354d5d832f5a63c996be3ba24f3793c
SHA1

0eeabbd3654bcb95615ede909eca7f1d8cb1465e
SHA256

bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2
SHA512

f745d04cae393227b344c4fe4ba1d9bdc36058527c1621fd38d19ccc6bdeb15dd4251e66e6db9a88ec41dd59ddf3de357920e58980ca089119416d92c9fc90fc
SSDEEP

1572864:KuEsMZ2eMCgMHNRZzU9P9X6TalSU3OTW+CnamF+U4wYVcnywmh0yyHXFK9auqj:KeM0MNQ6Ty3a3CT+amdwq0yyHXFoqj

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

Skype-8.88.0.401.tmpSkype.exeSkype.exeSkype.exeSkype.exe

pid process

4108 Skype-8.88.0.401.tmp
1016 Skype.exe
3940 Skype.exe
384 Skype.exe
4772 Skype.exe

pid	process
4108	Skype-8.88.0.401.tmp
1016	Skype.exe
3940	Skype.exe
384	Skype.exe
4772	Skype.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Skype-8.88.0.401.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	Skype-8.88.0.401.tmp

Loads dropped DLL 16 IoCs

Processes:

Skype.exeSkype.exeSkype.exeSkype.exe

pid	process
1016	Skype.exe
1016	Skype.exe
1016	Skype.exe
1016	Skype.exe
1016	Skype.exe
1016	Skype.exe
3940	Skype.exe
1016	Skype.exe
1016	Skype.exe
384	Skype.exe
4772	Skype.exe
384	Skype.exe
384	Skype.exe
384	Skype.exe
384	Skype.exe
384	Skype.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Skype for Desktop = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe"	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Skype-8.88.0.401.tmp

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-106S1.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-GDDV5.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\is-1E92R.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-IFDLJ.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-Q254N.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-util-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-time-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\rtmbwe.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-8VV3F.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-GOG3G.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-077AL.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-synch-l1-2-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-Q3IAS.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-5Q3EH.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-9NKJ8.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-LSM3T.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-RK0L2.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-libraryloader-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\API-MS-Win-core-xstate-l2-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-stdio-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-C6CA5.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-26U5U.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-CAPE9.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-DDBDD.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-H5IVK.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-8G2KF.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-F9BCH.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-6VVL2.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-2FUIA.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-DGTT2.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l1-2-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-AVNUQ.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-USQRG.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-3BEUB.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-EILR0.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-9P64A.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-8EA2V.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-console-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-memory-l1-1-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\TxNdi.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-HL73M.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\mac\is-02JTK.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-namedpipe-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-KNQVM.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-OES40.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\is-K6G0C.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-string-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-1FKLL.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-UGQV0.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-QFEIO.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-sysinfo-l1-1-0.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-K8FRH.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-NQFGS.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-9RMQH.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\ucrtbase.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-PO4DG.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-GOFO0.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-GPTG3.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-78PUK.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\mac\is-2QJA6.tmp	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-localization-l1-2-0.dll	Skype-8.88.0.401.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processthreads-l1-1-1.dll	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-AS11S.tmp	Skype-8.88.0.401.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-9V0HK.tmp	Skype-8.88.0.401.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Skype.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Skype.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Skype.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Skype.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

4832 taskkill.exe

pid	process
4832	taskkill.exe

Modifies registry class 27 IoCs

Processes:

Skype-8.88.0.401.tmp

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype\URL Protocol	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\callto\ = "URL:callto"	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\MUIVerb = "@C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\SkypeContext.dll,-101"	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL\shell\open\command	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\URL Protocol	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\skype-meetnow	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\callto	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\DefaultIcon\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\""	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" \"%1\""	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\skype	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\tel	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" --share-file=\"%V\""	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\SkypeURL\DefaultIcon	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\tel\URL Protocol	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\callto\URL Protocol	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\icon = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe"	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\ = "URL:skype-meetnow"	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\skype\ = "URL:skype"	Skype-8.88.0.401.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\tel\ = "URL:tel"	Skype-8.88.0.401.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype	Skype-8.88.0.401.tmp

Modifies registry key 1 TTPs 2 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exe

pid process

3476 reg.exe
2008 reg.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Skype-8.88.0.401.tmp

pid process

4108 Skype-8.88.0.401.tmp
4108 Skype-8.88.0.401.tmp
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

taskkill.exeSkype.exe

description pid process

Token: SeDebugPrivilege 4832 taskkill.exe
Token: SeShutdownPrivilege 1016 Skype.exe
Token: SeCreatePagefilePrivilege 1016 Skype.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Skype-8.88.0.401.tmp

pid process

4108 Skype-8.88.0.401.tmp

pid	process
3476	reg.exe
2008	reg.exe

pid	process
4108	Skype-8.88.0.401.tmp
4108	Skype-8.88.0.401.tmp

description	pid	process
Token: SeDebugPrivilege	4832	taskkill.exe
Token: SeShutdownPrivilege	1016	Skype.exe
Token: SeCreatePagefilePrivilege	1016	Skype.exe

pid	process
4108	Skype-8.88.0.401.tmp

Suspicious use of WriteProcessMemory 61 IoCs

Processes:

Skype-8.88.0.401.exeSkype-8.88.0.401.tmpSkype.exe

description	pid	process	target process
PID 2408 wrote to memory of 4108	2408	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 2408 wrote to memory of 4108	2408	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 2408 wrote to memory of 4108	2408	Skype-8.88.0.401.exe	Skype-8.88.0.401.tmp
PID 4108 wrote to memory of 4832	4108	Skype-8.88.0.401.tmp	taskkill.exe
PID 4108 wrote to memory of 4832	4108	Skype-8.88.0.401.tmp	taskkill.exe
PID 4108 wrote to memory of 4832	4108	Skype-8.88.0.401.tmp	taskkill.exe
PID 4108 wrote to memory of 1016	4108	Skype-8.88.0.401.tmp	Skype.exe
PID 4108 wrote to memory of 1016	4108	Skype-8.88.0.401.tmp	Skype.exe
PID 4108 wrote to memory of 1016	4108	Skype-8.88.0.401.tmp	Skype.exe
PID 1016 wrote to memory of 3940	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 3940	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 3940	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 384	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 4772	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 4772	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 4772	1016	Skype.exe	Skype.exe
PID 1016 wrote to memory of 3476	1016	Skype.exe	reg.exe
PID 1016 wrote to memory of 3476	1016	Skype.exe	reg.exe
PID 1016 wrote to memory of 3476	1016	Skype.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe
"C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408

C:\Users\Admin\AppData\Local\Temp\is-LURUI.tmp\Skype-8.88.0.401.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LURUI.tmp\Skype-8.88.0.401.tmp" /SL5="$C0182,88056815,404480,C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4108

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Skype.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4832

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1016

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=bfd6a1bc-88ba-4374-4d98-1c0be23c4eaa&uid=bfd6a1bc-88ba-4374-4d98-1c0be23c4eaa<##>aria://?_event=main_crashed&_token=a173030604a34bdcbf21ca59134c7430-2a34e3b5-60e1-4a11-ad6d-2e9eac9ac07c-6614&CrashType=native_crash&DeviceInfo.Id=bfd6a1bc88ba3744d981c0be23c4eaa6&DeviceInfo.OsName=Windows_NT&DeviceInfo.OsVersion=10.0.19041&Platform_Id=1433&Platform_Uiversion=1433/8.88.0.401/ --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.88.0.401 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=19.0.9 --initial-client-data=0x568,0x56c,0x570,0x564,0x574,0x7519358,0x7519368,0x7519374
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3940

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 --field-trial-handle=2164,i,13623222722498743039,6584698756292646683,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:384

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=2152 --field-trial-handle=2164,i,13623222722498743039,6584698756292646683,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4772

C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /f
4⤵
- Adds Run key to start application
- Modifies registry key
PID:3476

C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2900 --field-trial-handle=2164,i,13623222722498743039,6584698756292646683,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1
4⤵
PID:1224

C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate
4⤵
- Modifies registry key
PID:2008

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Skype for Desktop\D3DCompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
117.4MB

MD5
6654f969d7b52ad1fcdf6d2a2bc3157d

SHA1
53f78bd7b53180e8136c1713e5381d5bd06c5cdd

SHA256
24f03c87a51b352f6cebe7ef3d1e19293670876e277cf741fa9337358f516da3

SHA512
88ee4c97e688e839a34759f87831c2c59a386d12b4ce33a8279d3515fc2afd990f8789eed3ecd081c86afb350a45afa8f45b73f05f09227127b7990c8427ad70

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
110.3MB

MD5
607066a2655ea47102a21269ac705e72

SHA1
07f5a19334eb2a35537c0f8d0949991d519eb23c

SHA256
31ec81c6110ee846f5490351f8ce450f9a55776ed049f137572b7e9f85355dae

SHA512
229ff60e49df8254cba638fc44456f99048f2e81167d0d26229f73223e16f6a59121c4a3f5f8c90fa918ca8a400fa6694b98c3525023df2a4cbc587bbef6bd82

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
57.4MB

MD5
c74c82290996ab31bc6e6d177ab292b0

SHA1
f353959a4c31af2dc0b458e32d93b8e5e81a3c4e

SHA256
8ced8cb27617783e1b2d69b465d76033c2cb0f21dd0015c42e44b4ca1f65f486

SHA512
ddc25b4fa50d6c31acfe89e39ac5f21e6f1426a3023211390567929e5f18607e9ae1817cf3c550fccc23794339d7631893c17e28312cc441c474377790da8798

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
55.9MB

MD5
b0980ab50627f62954678fbfd4436dd3

SHA1
ec441c7aeeb45cda646e25d040f2e43e24706a05

SHA256
5867fed66be0c65a46d559ce7de521175d477f192c8fa8d3f953010710d92256

SHA512
b146cac8eaa40aec188a977b35aa8eb2469783fb363c3540d70de8168d02d15823de4265c5147a0b4145aa4bd6024a03361fb6c513f28982092a2e1c2e93812f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
Filesize
44.0MB

MD5
d0520623df026735d53d38d845c1f996

SHA1
496ff11b73c3a016fb412e140bc80b5f72f7078c

SHA256
ab561bbfd3e2895f217c61782133dcd908255121aec7e022c80952ee9c4e4c4d

SHA512
9639f6a1d40da319e8072700157b7fe8ac6cb6d62ae61f12a3e7dc3ff36b2aab79f4e6f902c828854c4ae6330500eb5a55f49a6fd88b56664236204744b200da

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_100_percent.pak
Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_200_percent.pak
Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
Filesize
2.4MB

MD5
56e7b0b0be922c473f0c4016a133f5f4

SHA1
1a6b850d8fef00b477e63638ea0bbaf841697fca

SHA256
8c54b5d78d6a00f6f108d247849ae9a38e03132968688ee090343cde6ddaac76

SHA512
0c353180001cb5cb1a17bcff10b38a004b59b1afb2a292de453e5f36479d76707ca0c70b145d38cd92b166ac8d107740a26e9b733f9970f0a7819b99925e5b2c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\icudtl.dat
Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\libEGL.dll
Filesize
373KB

MD5
fd5e529cd058c64d98ed30521d4778ef

SHA1
73224b31359656c19630c3fba6a4f09bf96080e3

SHA256
c36dda640ad3c0d031331176c033e0e895d25d852eddd2270e91a0f657817197

SHA512
afe3182949157c8d0f340ea9148c67523d3a7c0bf2f78cdfcc33e11edefdba3ee02d7175b5800c06f6e5dd6bde5be1c827657823bc1f1455e122febce7d5d160

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\libGLESv2.dll
Filesize
6.1MB

MD5
a5aad5d50ac63d1de48933a7709c1afb

SHA1
13402c0a27d2460bb1853a25f85ce256f0912157

SHA256
3a0ac12a20f61d541e08472f30e28ba82ba5824d36eacda0c291b0b777258191

SHA512
a8ed709806f75a517f515f5c71846bd29ec7f3432ace0f4220a6f57ab93c793c2f9e6fed421d0c76109cd741380c49c5588517ffeb98dfde0484b4f8d19dd14f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
Filesize
373KB

MD5
fd5e529cd058c64d98ed30521d4778ef

SHA1
73224b31359656c19630c3fba6a4f09bf96080e3

SHA256
c36dda640ad3c0d031331176c033e0e895d25d852eddd2270e91a0f657817197

SHA512
afe3182949157c8d0f340ea9148c67523d3a7c0bf2f78cdfcc33e11edefdba3ee02d7175b5800c06f6e5dd6bde5be1c827657823bc1f1455e122febce7d5d160

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
Filesize
6.1MB

MD5
a5aad5d50ac63d1de48933a7709c1afb

SHA1
13402c0a27d2460bb1853a25f85ce256f0912157

SHA256
3a0ac12a20f61d541e08472f30e28ba82ba5824d36eacda0c291b0b777258191

SHA512
a8ed709806f75a517f515f5c71846bd29ec7f3432ace0f4220a6f57ab93c793c2f9e6fed421d0c76109cd741380c49c5588517ffeb98dfde0484b4f8d19dd14f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\en-US.pak
Filesize
112KB

MD5
a85c703969e69a5a6f7e379635fa42a5

SHA1
8c765404e54070c14ab49d2d1ef54d2a3a2f7ea6

SHA256
a9c5b333440a42b95b2ef043fecb95a2d2f4b2d0601be639643d01d86be3ba83

SHA512
8ab1106fd6f410164dece0e4f6cc67e57b8bfc72864b47a665f81d67d4028464e69f7c7f4e283956fe0556f71779cceb66466b0cd37f434dbdcb7d4f59492b82

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources.pak
Filesize
4.7MB

MD5
df68fa2bad8bc5d34aea8373122c2175

SHA1
084ff957974ec41b78069448851e8745bce8fbe2

SHA256
040683716db4a5cbff94493df6ec50f690eb5d37769028835ee5127f9aa4608f

SHA512
54e752893ab4f7c8f80b7272f97ac60c8762e8818ea4379e0713e3088fe56c63712fb9b2023782b0e717b8e7b85cd0e5c0c211aa458f0c74e5b0ae0ee81169a3

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar
Filesize
49.0MB

MD5
213553120cc5a9e687785760e4ff0b37

SHA1
99f150359227a77aa9c2a3d922d64a8792cbe733

SHA256
078e5c19293fc2dc3e4febb0a9656cae1a1fe6493e8e69e98a5b40443e476a77

SHA512
fc9703c96c515a791c95556e8d80c2329846a333be1cf2cb93d6c21c4fa1297e1e08141fc7fb230a001d747ef88329850a5f57e7166f021fe66d4aaf49236aea

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-away.png
Filesize
294B

MD5
9834fdf81fe65f1c19f9997c47b080cb

SHA1
629b1977648b6407632eebed3ff19f3f1520f305

SHA256
5f01da2a9b135f1c8879419874f87c2a662342188cfa836556f25c9557ca07d0

SHA512
0ccc33f143faf24f81cb079acb0ca7b6803ef88e6563c2acecbbeba9242ecf1853bed7a9e54196f0ad7c973ad2616e51ca271b298fb07c51b0dd31a7e61036ca

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-away@2x.png
Filesize
562B

MD5
767336bb72d1ee7103b8695e9fad1bd9

SHA1
0af45423d7e86a5ed09e0a64d82387af0d8fb397

SHA256
1b5ba46a18edce48949b08882036fbf6176cfaaec41e7ecf7b9a4cb8366db809

SHA512
39d93ba8e5bab26844ff379d16975813e598349d11e4271355e251f3f43cc1b513a2fbcd51c09f4e4c09ed5cd09a18e5123e7623feb950668af8cf8182842057

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-donotdisturb.png
Filesize
359B

MD5
324a5cab7741d3ec7fca3f6163be9bf8

SHA1
9d47b2078cc870efad4c208dedb6bd9fb127b0c7

SHA256
ba4ac732fa5011992fe17fe0e01e217f2ba92d3cd27c9b5d8139bada160f898b

SHA512
967cc72663b8fd9531f5708786ed2afeec702c01751f99407c4b8ae860a3b13467f2e187769ea632c160f2899efdea87719e5665f26c44adc52edbe64e669b8b

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-donotdisturb@2x.png
Filesize
685B

MD5
5da369f999ec7bb6f670fdba2f074422

SHA1
097620c947736f83744065a58ecda8aa3b0fbe07

SHA256
bff494b55ff74602fbb7181847035f22a82d30ac2a92a6a42dc6449ea6015066

SHA512
7a89b30d42f98f814e025668ec0247703c3e402aa7c14b1cf818912cc3a74166d0cc662b418cadb82e922db6f61925b39163dc86012f174b63a8cc730ed7e4aa

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-hidden.png
Filesize
398B

MD5
f847bc40a4769792230765fd101b715e

SHA1
9753ce33252a0b6ca23f36a9d6f53202d148b900

SHA256
a8be87fc996f60e0c6a9b2991e7cd757198e4ac0db80132bf4eecaea626861ae

SHA512
ff7c9950324f0c7203312f28ddca26a490877ddd1453975c083b49d088abff5f8b7fe49e1460731a7ff5ebe650d059d9eeac067ca3c10c4dbb8eee3fe458f15b

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-hidden@2x.png
Filesize
872B

MD5
5b1c0544d938f7b90d02430c91776c4b

SHA1
b508a3f8dabe5d8071b5be41bbb628785dd0f6d6

SHA256
d666683821c01485b2a46cc40a9b6956903c12d8bf344224263005589fedf330

SHA512
a3e6b6fe5fe0922c20d11897b35ea2d17b8f18425f5d5d8b753e41d097413cc33aba68a243d1bc7af25435f2256a3f2bab8817ffc3ba4af9a102875fe4bb628d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-online.png
Filesize
331B

MD5
b6f201d0aa98781ed3c62d21f5180c2b

SHA1
8fae0048e6d699e0a8bbb411e553a91721712d6b

SHA256
532b6a446404d7bc0eaf25159099f070f13149c074dc96f5dfb5609a3025277b

SHA512
24e5f1996999ebe99693be2afebb89927c94dda7ec7d3bc40376e48de5a6a086d521eb0883712493c7c2b7798d3ae82f9d85311425b5e391818f2f27991c1cdf

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\dot-online@2x.png
Filesize
629B

MD5
6fe4b2fae57b1d4c0417745fab16f96a

SHA1
a8c8057a4090f65d82e18624be751d2f2e6d552c

SHA256
e540a9dd19c7e999e8a0614dcc1c01b47542bfb1c45f4944f1748cce28e187f7

SHA512
f2be6edd9e4889948c04c250e72fa4e74a5544b8d3a848ccee2b70fb7b7dab68fadbcec343dd9d4032c4550116f6dfd104ccf8c1805cef87c38f4d300e39c77f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\tray-offlineTemplate.ico
Filesize
104KB

MD5
6829d32c8496b84cefa32e6030e356da

SHA1
5f2b0331147da4185ee21ac62b890c36c48329bf

SHA256
e437c7e735977ad406d9df0c9e1a956cd7a9f98f7b387a21b39d67447ad55b04

SHA512
e85b18790a8b521476b0610358c055f54e5c12b48687946df569eec0b5237a39dca3f3b4eecc44da2a17c4187ef3279b3087e2fa40357ce9bd311c5ab4de3bd2

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll
Filesize
115KB

MD5
9b6668f114410369cacb58f8feee0955

SHA1
b2d1e31e598ff4cfbff1d4a83fc88e408ab60d46

SHA256
b1eb94be95d9d9528e5eec0c57ae023ac6e76b6aa2a4c5b2c6d22649c091f2cf

SHA512
c429a55bb6b522d24cb1e1c8e3f5cdaf1189946107358177e30444051858bd0ef1975a737ed3061343d75fd09ef6b0f5dadd193c42bae65da2ef68286e00f70d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll
Filesize
115KB

MD5
9b6668f114410369cacb58f8feee0955

SHA1
b2d1e31e598ff4cfbff1d4a83fc88e408ab60d46

SHA256
b1eb94be95d9d9528e5eec0c57ae023ac6e76b6aa2a4c5b2c6d22649c091f2cf

SHA512
c429a55bb6b522d24cb1e1c8e3f5cdaf1189946107358177e30444051858bd0ef1975a737ed3061343d75fd09ef6b0f5dadd193c42bae65da2ef68286e00f70d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll
Filesize
810KB

MD5
ba19390901659c6b16cdf63982c32270

SHA1
f425c25105890c483b2aeb2434cde64afe2689a6

SHA256
820d129d40a792c3545c12d27f6ad86b712a2c2589b2a119938f4f27dc58c6ec

SHA512
74f7b6c8558623fc81148a738ee71bf3426b94bde53695abd4b41cc08729a3b70c419dbc1424dbc2f066a75206df1b16c2b5c80c3a66cd850474d0cc7f3346a3

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll
Filesize
810KB

MD5
ba19390901659c6b16cdf63982c32270

SHA1
f425c25105890c483b2aeb2434cde64afe2689a6

SHA256
820d129d40a792c3545c12d27f6ad86b712a2c2589b2a119938f4f27dc58c6ec

SHA512
74f7b6c8558623fc81148a738ee71bf3426b94bde53695abd4b41cc08729a3b70c419dbc1424dbc2f066a75206df1b16c2b5c80c3a66cd850474d0cc7f3346a3

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\call_manager.node
Filesize
2.1MB

MD5
d30793abdae45463487ed8e420e80605

SHA1
88cabb835f1c8ccb8450bfea8b75123cf55ff966

SHA256
a39964c48b823f4cb523bb9eaa42cafb0bec2c5c0f7d47dc14300df4cdf89316

SHA512
ad62e96f9c1f2b8a4b6a22a253b9acbe5a8726909ab7abfe61a7252306da80139a74c95ab8644c9f03d206f203bdd7bf3653ef9a369c75b6601bdbcbef86ac81

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\call_manager.node
Filesize
2.1MB

MD5
d30793abdae45463487ed8e420e80605

SHA1
88cabb835f1c8ccb8450bfea8b75123cf55ff966

SHA256
a39964c48b823f4cb523bb9eaa42cafb0bec2c5c0f7d47dc14300df4cdf89316

SHA512
ad62e96f9c1f2b8a4b6a22a253b9acbe5a8726909ab7abfe61a7252306da80139a74c95ab8644c9f03d206f203bdd7bf3653ef9a369c75b6601bdbcbef86ac81

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\electron_utility.node
Filesize
825KB

MD5
072a51c6af202698ed8d6f048b983302

SHA1
746f49ba9e3b9f1894d25b3ed4e608b9d6417690

SHA256
e5a551fe3ce173d0d960b2188c6918a69caad5cd555eb7c6bff4295f68247e7f

SHA512
5f1fcc7acaa0d653923748b4792b1fda978bd023290c71377c0edf4b2e99d853e4206392fae22989d32ab8f4fdc1b097836ee1d4798da9d360dd37d9ca9e39e1

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\electron_utility.node
Filesize
825KB

MD5
072a51c6af202698ed8d6f048b983302

SHA1
746f49ba9e3b9f1894d25b3ed4e608b9d6417690

SHA256
e5a551fe3ce173d0d960b2188c6918a69caad5cd555eb7c6bff4295f68247e7f

SHA512
5f1fcc7acaa0d653923748b4792b1fda978bd023290c71377c0edf4b2e99d853e4206392fae22989d32ab8f4fdc1b097836ee1d4798da9d360dd37d9ca9e39e1

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\sharing-indicator.node
Filesize
104KB

MD5
9e05fd03af1d0d866814005b1eaa9ef1

SHA1
3924c9687e17e51491fc8e1fb0ba78b254c634a5

SHA256
8d6811a9ba1d1284fcb91909e43072767a0c49006bab6d6e0ee309384e5fb053

SHA512
d4164b50fba3ab2b9bfa13d775748f38f12d2abb9776c0dad102f4fffeb9aa550bee98f8d1d256be51504b67116f1cf4567bde70591eb9e1c4ddd1a41f9dc97a

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\sharing-indicator.node
Filesize
104KB

MD5
9e05fd03af1d0d866814005b1eaa9ef1

SHA1
3924c9687e17e51491fc8e1fb0ba78b254c634a5

SHA256
8d6811a9ba1d1284fcb91909e43072767a0c49006bab6d6e0ee309384e5fb053

SHA512
d4164b50fba3ab2b9bfa13d775748f38f12d2abb9776c0dad102f4fffeb9aa550bee98f8d1d256be51504b67116f1cf4567bde70591eb9e1c4ddd1a41f9dc97a

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll
Filesize
2.9MB

MD5
15df8a9ab82d8f7228dc1c15800ee95b

SHA1
07448c1fbacd3590c8c50c6a8ed9922db2a5c8dd

SHA256
a9d037467736c81fc7d14f8104f88b9bb97791c91525f87ef80f71fd512f5a1b

SHA512
1bdd6081302780e73906b4f88c108e778e799cfb69c5b88a608ad3da6ff208078a893e59d0ba09e27783e37f952f05fe6ec2092da255e2fe94b7bc8a886ef69f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll
Filesize
2.9MB

MD5
15df8a9ab82d8f7228dc1c15800ee95b

SHA1
07448c1fbacd3590c8c50c6a8ed9922db2a5c8dd

SHA256
a9d037467736c81fc7d14f8104f88b9bb97791c91525f87ef80f71fd512f5a1b

SHA512
1bdd6081302780e73906b4f88c108e778e799cfb69c5b88a608ad3da6ff208078a893e59d0ba09e27783e37f952f05fe6ec2092da255e2fe94b7bc8a886ef69f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll
Filesize
2.9MB

MD5
15df8a9ab82d8f7228dc1c15800ee95b

SHA1
07448c1fbacd3590c8c50c6a8ed9922db2a5c8dd

SHA256
a9d037467736c81fc7d14f8104f88b9bb97791c91525f87ef80f71fd512f5a1b

SHA512
1bdd6081302780e73906b4f88c108e778e799cfb69c5b88a608ad3da6ff208078a893e59d0ba09e27783e37f952f05fe6ec2092da255e2fe94b7bc8a886ef69f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\slimcore.node
Filesize
9.2MB

MD5
db1b2591b1ac951706c5fc35c0c7e39e

SHA1
527de61e4dee1f5f8d9523ce0e051072061ea92b

SHA256
95111ef73ade3e96c481abfc90ffc6444051d750ab72e68819c4e66bdb284b9c

SHA512
1ad3b34f01246c197d2894a11d83267e3bed024a6958da70157733aedf2657c9fe8735b8c4a0a5405c2c616bd89b4706fe548070a5bfb06cfdc7bf1b58ad773c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\slimcore.node
Filesize
9.2MB

MD5
db1b2591b1ac951706c5fc35c0c7e39e

SHA1
527de61e4dee1f5f8d9523ce0e051072061ea92b

SHA256
95111ef73ade3e96c481abfc90ffc6444051d750ab72e68819c4e66bdb284b9c

SHA512
1ad3b34f01246c197d2894a11d83267e3bed024a6958da70157733aedf2657c9fe8735b8c4a0a5405c2c616bd89b4706fe548070a5bfb06cfdc7bf1b58ad773c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\wam.node
Filesize
1.0MB

MD5
d71e3c4a9bf516ce3a75f94df83c6e4b

SHA1
14684e3852e9efc70c09b5f4bd395ab13fe0718a

SHA256
d61d4e753546a27a36f848178addd6ec065ef2e36e324a12b94fcc5b1643ab7e

SHA512
846b36a1e66fe368a9423cd074c3161bba3faabbbd0d4e1db016086d0bb584dfba5195711132d94992171fa92cdc7a997fb7e9344693db0146dcb1e27e6ecf68

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\wam.node
Filesize
1.0MB

MD5
d71e3c4a9bf516ce3a75f94df83c6e4b

SHA1
14684e3852e9efc70c09b5f4bd395ab13fe0718a

SHA256
d61d4e753546a27a36f848178addd6ec065ef2e36e324a12b94fcc5b1643ab7e

SHA512
846b36a1e66fe368a9423cd074c3161bba3faabbbd0d4e1db016086d0bb584dfba5195711132d94992171fa92cdc7a997fb7e9344693db0146dcb1e27e6ecf68

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\v8_context_snapshot.bin
Filesize
596KB

MD5
9cf618687bbd261c2027bf10671a7b73

SHA1
c0231f7fd1fb116067478338c9d69bbe0ec57d0d

SHA256
9cd23cfe0e627d930127cf27442be319a5548aa4f039d04a9216371236fede9f

SHA512
eceb31bd6974d2c16b3cabbf821c058845ca8c02f1482caa95bf3c5acd41c6a25c3d7940dd8f0ff510c05b41d7b8e2246e3e9e9a17e84d31e504104a2a9c4239

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\vk_swiftshader.dll
Filesize
4.0MB

MD5
44cf0fa694a210090100903452ea9b1d

SHA1
7002ecc287bd01d60b278b8fc3412fb564cb536e

SHA256
63b9d165da140d50ff11fe3d6f2671b93a49770f348f6d978835a17dfff4954b

SHA512
495a3eb03b0af6c2ada7730b379fa48f9f853c4a222a9b4481f4ae5a0946ac2874e4b2d4a37d6e14fb95b0acdf18c7ffddf55d27fe0821156a69d59d0f5be2e6

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\vk_swiftshader.dll
Filesize
4.0MB

MD5
44cf0fa694a210090100903452ea9b1d

SHA1
7002ecc287bd01d60b278b8fc3412fb564cb536e

SHA256
63b9d165da140d50ff11fe3d6f2671b93a49770f348f6d978835a17dfff4954b

SHA512
495a3eb03b0af6c2ada7730b379fa48f9f853c4a222a9b4481f4ae5a0946ac2874e4b2d4a37d6e14fb95b0acdf18c7ffddf55d27fe0821156a69d59d0f5be2e6

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\vulkan-1.dll
Filesize
752KB

MD5
47714ed52ed5ce8d22fe9741dfa428fb

SHA1
598f8889296be62387d642f38ddd6fa4c1583264

SHA256
d02d8c14c23158ac3830d4d70fe37770e329bf704e4806e1e5dae1b7d116386b

SHA512
0089ddd2b9e4077f3a656d4c1c49984045f421c4fe51b8058fdff14ebbeb30f587dac3868190847e02074c80308471182d288350e45120c610b334c636609569

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\vulkan-1.dll
Filesize
752KB

MD5
47714ed52ed5ce8d22fe9741dfa428fb

SHA1
598f8889296be62387d642f38ddd6fa4c1583264

SHA256
d02d8c14c23158ac3830d4d70fe37770e329bf704e4806e1e5dae1b7d116386b

SHA512
0089ddd2b9e4077f3a656d4c1c49984045f421c4fe51b8058fdff14ebbeb30f587dac3868190847e02074c80308471182d288350e45120c610b334c636609569

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LURUI.tmp\Skype-8.88.0.401.tmp
Filesize
1.4MB

MD5
42d7f6491cb9a07c4e25cac42a3b395b

SHA1
75b5c00ab9277bbe578502bfbef743e7c04564c1

SHA256
f58a9f68802fbc1cacdb07cc357136fb217ad47897355dac962a1e239fe9591d

SHA512
f9df478b4d2076a1ea2b09f711afb7425d0b9ea57c06d90749ca20ec9c4c110720061b62d9fff047d69e7214deb239673be3b33df77742bc64fbfce2014f3750

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LURUI.tmp\Skype-8.88.0.401.tmp
Filesize
1.4MB

MD5
42d7f6491cb9a07c4e25cac42a3b395b

SHA1
75b5c00ab9277bbe578502bfbef743e7c04564c1

SHA256
f58a9f68802fbc1cacdb07cc357136fb217ad47897355dac962a1e239fe9591d

SHA512
f9df478b4d2076a1ea2b09f711afb7425d0b9ea57c06d90749ca20ec9c4c110720061b62d9fff047d69e7214deb239673be3b33df77742bc64fbfce2014f3750

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad\settings.dat
Filesize
40B

MD5
8384dd49ff3b3a316aaa5518c4649933

SHA1
501cb51e3ae1188d951b8e9b5e6ba811e14faaf3

SHA256
21bc3e50ceb1a81463d19c103a1446860b2eb581601370e3bca6469e26245610

SHA512
e48280fd2e7208e5c980b48bf5e7a51f71cd709599fa5eae29d712a9e20d551ce016477265f977c70d221c3beac8e98b97710e1e19295df7e920ecf5a4514e44

Download Submit
\??\pipe\crashpad_1016_QFZXPCFPTVPXGEVG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/384-172-0x0000000000000000-mapping.dmp

Download
memory/1016-140-0x0000000000000000-mapping.dmp

Download
memory/1224-201-0x0000000000000000-mapping.dmp

Download
memory/2008-202-0x0000000000000000-mapping.dmp

Download
memory/2408-136-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2408-147-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2408-132-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/2408-137-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/3476-179-0x0000000000000000-mapping.dmp

Download
memory/3940-159-0x0000000000000000-mapping.dmp

Download
memory/4108-134-0x0000000000000000-mapping.dmp

Download
memory/4772-175-0x0000000000000000-mapping.dmp

Download
memory/4832-138-0x0000000000000000-mapping.dmp

Download