hxxp://www[.]skypeoot[.]top

Analysis

max time kernel
136s
max time network
203s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
03/06/2023, 09:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.skypeoot.top

Score

7^/10

vmprotect

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4928	updatey.exe
512	Skype-8.98.0.206.exe
5116	Skype-8.98.0.206.tmp

Loads dropped DLL 11 IoCs

pid	Process
1704	MsiExec.exe
1704	MsiExec.exe
1704	MsiExec.exe
1704	MsiExec.exe
1704	MsiExec.exe
1704	MsiExec.exe
4752	MsiExec.exe
4752	MsiExec.exe
4928	updatey.exe
1704	MsiExec.exe
1704	MsiExec.exe

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x000600000001af5d-479.dat	vmprotect
behavioral1/files/0x000600000001af5d-485.dat	vmprotect
behavioral1/memory/4928-491-0x0000000072DC0000-0x0000000073902000-memory.dmp	vmprotect
behavioral1/memory/4928-497-0x0000000072DC0000-0x0000000073902000-memory.dmp	vmprotect
behavioral1/memory/4928-632-0x0000000072DC0000-0x0000000073902000-memory.dmp	vmprotect

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4928	updatey.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Skype-8.98.0.206\Skype-8.98.0.206\Skype-8.98.0.206.exe	msiexec.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIC1C6.tmp	msiexec.exe
File created	C:\Windows\Installer\e58b7f1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBAEE.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{4615192E-1E42-4E50-A201-BDE3CF6DD422}	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b7f1.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBC47.tmp	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4284	taskkill.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133302565768114218"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
3420	reg.exe
1640	reg.exe
5072	reg.exe
4400	reg.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
1620	chrome.exe
1620	chrome.exe
2148	msiexec.exe
2148	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe
Token: SeShutdownPrivilege	3200	chrome.exe
Token: SeCreatePagefilePrivilege	3200	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe
3200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 3340	3200	chrome.exe	66
PID 3200 wrote to memory of 3340	3200	chrome.exe	66
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4492	3200	chrome.exe	69
PID 3200 wrote to memory of 4604	3200	chrome.exe	68
PID 3200 wrote to memory of 4604	3200	chrome.exe	68
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70
PID 3200 wrote to memory of 3628	3200	chrome.exe	70

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.skypeoot.top
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe2d499758,0x7ffe2d499768,0x7ffe2d499778
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2736 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2752 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4916 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:8
  2⤵
  PID:1116
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Skype-8.98.0.206.msi"
  2⤵
  - Enumerates connected drives
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4492 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4996 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 --field-trial-handle=1748,i,12295189766820210116,15877308097612912892,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3760

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:2148
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 30ACA3C05A9BFC916FAF8E593EBD271A C
  2⤵
  - Loads dropped DLL
  PID:1704
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4052
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BD6C07E2F9A8D92F8FCC28F383E5EAAE
  2⤵
  - Loads dropped DLL
  PID:4752
- C:\Users\Admin\Pictures\updatey.exe
  "C:\Users\Admin\Pictures\updatey.exe" 命令行
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4928

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1880

C:\Program Files (x86)\Skype-8.98.0.206\Skype-8.98.0.206\Skype-8.98.0.206.exe
"C:\Program Files (x86)\Skype-8.98.0.206\Skype-8.98.0.206\Skype-8.98.0.206.exe"
1⤵
- Executes dropped EXE
PID:512
- C:\Users\Admin\AppData\Local\Temp\is-JSULQ.tmp\Skype-8.98.0.206.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-JSULQ.tmp\Skype-8.98.0.206.tmp" /SL5="$901F8,88482053,404480,C:\Program Files (x86)\Skype-8.98.0.206\Skype-8.98.0.206\Skype-8.98.0.206.exe"
  2⤵
  - Executes dropped EXE
  PID:5116
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im Skype.exe
    3⤵
    - Kills process with taskkill
    PID:4284
- - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"
    3⤵
    PID:980
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=a0074a3f-8ac3-4d68-90bf-c61565b0b3ec&uid=a0074a3f-8ac3-4d68-90bf-c61565b0b3ec --annotation=IsOfficialBuild=1 --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.98.0.206 "--annotation=exe=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=19.1.8 --initial-client-data=0x518,0x51c,0x520,0x514,0x524,0x8003398,0x80033a8,0x80033b4
      4⤵
      PID:4028
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 --field-trial-handle=2028,i,2739195348954788841,1437972501747516070,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:1624
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /f
      4⤵
      Modifies registry key
      PID:3420
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=2168 --field-trial-handle=2028,i,2739195348954788841,1437972501747516070,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      PID:4952
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate
      4⤵
      Modifies registry key
      PID:1640
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2764 --field-trial-handle=2028,i,2739195348954788841,1437972501747516070,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1
      4⤵
      PID:1120
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice /v ProgId
      4⤵
      Modifies registry key
      PID:5072
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features --disable-blink-features --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2540 --field-trial-handle=2028,i,2739195348954788841,1437972501747516070,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      PID:3568
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\microsoft-edge\UserChoice /v ProgId
      4⤵
      Modifies registry key
      PID:4400

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
PID:428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58b7f2.rbs

Filesize
1KB

MD5
ba9de92735200a7263cf17ef56d69eaf

SHA1
30a0ae8152801be4c6f3570af7d7165f33fa7543

SHA256
6a9e965b646b3ef4f67715c6b2caa79c4aac8c9c1412898fbd01a11cd286dd17

SHA512
31a746203e255f59cb27c20ed08979e1911df6a2ea3cc17409390e4d30bfa03088795014551fdef495e0e05ff2c8ec84f904861076b0cbe4ff062c46709b0abc

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
95.1MB

MD5
029add4d8913299c1672aa55eced29c0

SHA1
bd4c1ee2a60c0d8cd32bf810cd578f4f8f3e1097

SHA256
2e787ae79051f0672d4343742fee55b1bdf08da64d89d86bf98ce03da3256aec

SHA512
4ea75e381ae899283e067fd2c2360702992ccd01c4c74955a661a4be77c2c2a6b9f7dfb5ad050cd60e5d40112abe828c7d5b8b309c3ac3af4c5cfae5f853538e

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
86.5MB

MD5
cb2036f8df269755dbd3247cd8a5c7e3

SHA1
c52a55ee3a9b5461311038a6a4c6cfacc75148fa

SHA256
7f418dfaa973d43e6cca42e3d01fe367d5c919efbb1124c949925236038a47d7

SHA512
c3bf07c205144f1386975d9e3a164b2fc03c367553c3387fdc9a2e5c32b0aef16a58ca6b6fa8172e88e69f69457c165c04f8f9288b92632db7417aed04fd1696

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

Filesize
59.6MB

MD5
b5a99d69e3409ce296e92c7faf42f0b6

SHA1
99967dab7fb9512dc46b6f0bdd4cc9c8062ff957

SHA256
6fb51a22761e80dc9c6c0d0503eb170fd5d5f01624ffc804f44c9656d683aa00

SHA512
344ffe7cdc8565397c63134ee05cdba7fa10bcd2bed692b7cf2659e49af16f9ca6662507e6f030e638b1903cd67ad3d6d07956c24c6a3d65759dfdec6bee00de

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
2.4MB

MD5
07b028b03161d193f49232cdfd9663c3

SHA1
c63a0c014d1dd989fed058007182482bb42caf9e

SHA256
174bd45ec7945dff159d41fb8c60a7eb88c2f6230a783a8f9d763817691246ed

SHA512
3c80b75bb9a11005908ad9b5e4d8e8a6c587b39b90f0d9dc34619d2e2144b36dc4d81f47c0854bd01a1e2664363376290c54741070dc35b7ba10d083ba96e65e

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\icudtl.dat

Filesize
9.9MB

MD5
d28641aac16f15b25a3370171299106f

SHA1
0aabe57f76173b2e21c8cd2d3ee6c9fe161425bc

SHA256
7de21b3192f4a99e3433dede998743ea9e896f5a70ce6c16bf159871fd5b0e00

SHA512
4a9afaecaf242812c788030efa59e9d8e57c361761a74399dbbff5869f00e37da18c0a3342353c38612455481b84b090aabae9caf58aa1302640ce308da4ba54

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar

Filesize
49.2MB

MD5
1f2af3cc6850ca4a7e86fb4162368574

SHA1
bf1badd2d6ba823096e133759f7a3f4831ec18b8

SHA256
5dc7f8f8bac20c87e8c0fdd822a8356e563e5b1dd1d153f8e583aec7133c010e

SHA512
8f85cadf5e54b5976b034822dfff4a44a97ad2555bef5992e2832fb9b1ce5195dcf00a412556fe66371b67aa899650625c415628873837c3906bf1a9ee8a7aac

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll

Filesize
118KB

MD5
c322839c14449874209a7534ad45a4ac

SHA1
84a5abd34e47344e015a6883cf40532c514858df

SHA256
d8227344843d7f5de324c85d99b728bad84e771553f0891a1a37983d5eb1d928

SHA512
fa0181f746eeefa48d5f52a32b90e58bc33d5528b679a12b8bdeb4a30d9eb52af47d57587d65c577fecb6fe76ec0f15c1f557ae8cf5d8570c9811810a750a862

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll

Filesize
954KB

MD5
19bd383beaff5b32f8b6b80b5496164c

SHA1
f4cca45b35b799155e9413cd329568549a0eec3e

SHA256
a9f5229a995021e3e7dc4eb37ed2dec7689b384e57b24379da8fdd9987c9cc44

SHA512
4b7d02c6d076eaaebe537bd046a70e717cc323d518adae92a391ac7ee5cf039cff6d2592207464bd6c0f3aaf720b5f7eccdbb24125a4dc74a8e5594da2d88e95

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\electron_utility.node

Filesize
825KB

MD5
3e146137835ffdc10e139fb0ea5536e6

SHA1
21ab924fe0f68a2db13aab800cf1638b5dacc927

SHA256
50950f25b60b078bbf7060ca6ba0a76b897ba9133f690b03b06e41443638abf9

SHA512
cafea8ed0552c05a77dc83316309d8aa5e2dea35284a5c850b66355889a400913b4aa44cf6fc4f881ea9fe1d4e6e5efb5ae6b10e14a3568a9937d7101b039e8b

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\sharing-indicator.node

Filesize
104KB

MD5
31d72228f6a9a10a91e5479ccbb38f68

SHA1
8290724ff8e8476ab757bf515b97736f6ccd843b

SHA256
7e764573922333b499f67bfa78aceb5f5e9acb1f5031fa95dffc83160ac4b40c

SHA512
9f3f4063711a6cf04fae03c5637e29dc705ef5d7c02e28abb1e87035254bdfb6bf128fff8d3d4729355d4ada166d5085fb1508f7250291e48dd48beccee09780

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll

Filesize
3.1MB

MD5
daa657b3fdf4257cc434b4ddc30ca0fa

SHA1
0823a8b74f1cb1b32d4f7f1975832c4cfc6a0ba2

SHA256
e9cc79c2c2528029e9ec48a2d2977d2d7cee125296f7e925fc7e107837839919

SHA512
d0babedbdc0c54ec9a1d9130a9e2931c480b1f467a71eebcf5e32b0cdaea97da98a0b6a3deb4643fde220defb5f3761b82756bbf88d1a44acfcdecd674216e2b

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\v8_context_snapshot.bin

Filesize
596KB

MD5
9cf618687bbd261c2027bf10671a7b73

SHA1
c0231f7fd1fb116067478338c9d69bbe0ec57d0d

SHA256
9cd23cfe0e627d930127cf27442be319a5548aa4f039d04a9216371236fede9f

SHA512
eceb31bd6974d2c16b3cabbf821c058845ca8c02f1482caa95bf3c5acd41c6a25c3d7940dd8f0ff510c05b41d7b8e2246e3e9e9a17e84d31e504104a2a9c4239

Download Submit
C:\Program Files (x86)\Skype-8.98.0.206\Skype-8.98.0.206\Skype-8.98.0.206.exe

Filesize
85.0MB

MD5
a414907b8ab71c14e0316492e1c3b7ce

SHA1
97f80ca6b1a5d8242d349fdfbf0f81d69c1a2610

SHA256
75ac2d06f9c3796b6f2eae28378aac9df5662f4fbd25fa355b826c8a8573c378

SHA512
65106bdb377fff9fa5c8ca171ffd0d7ba07aca20e040f86ff3977f734ecb112744d71dc654e2b4ea7279a31d74029aee12f17d3dbfb15ed11b1a82aeda0a4f2e

Download Submit
C:\Program Files (x86)\Skype-8.98.0.206\Skype-8.98.0.206\Skype-8.98.0.206.exe

Filesize
85.0MB

MD5
a414907b8ab71c14e0316492e1c3b7ce

SHA1
97f80ca6b1a5d8242d349fdfbf0f81d69c1a2610

SHA256
75ac2d06f9c3796b6f2eae28378aac9df5662f4fbd25fa355b826c8a8573c378

SHA512
65106bdb377fff9fa5c8ca171ffd0d7ba07aca20e040f86ff3977f734ecb112744d71dc654e2b4ea7279a31d74029aee12f17d3dbfb15ed11b1a82aeda0a4f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
74KB

MD5
212851964fd6b9e44cb2ab285631405a

SHA1
19e2aa2672aad97ab24d0e86a726534f3dad917f

SHA256
93f652f1cb5c915644a0b4c7c319ed700cc4568be7e01aa80d005adc38612f98

SHA512
0bab0e108a4a2e711c37e65ab87cf19858710795c9414300be34231ba1e7f9ebd3cd89f97f562667d51a2cc5445de2f701beb14c12565aa28edc2539d62fa41b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
6.7MB

MD5
7cc9085148999ad3e9e8504bc035f407

SHA1
d31797bcb36eab518603f50cc931c34326044feb

SHA256
60b9904889b3dd22cb44dcdc249cacf209f025f61a1cd6a5030eb348da7116c2

SHA512
5429c68fab0304b4730e7d69871800466076427199eaa1ee48a33fc65b418d164e86984f0f598b1ac1dff300b420cd4b04078ec0773c79c47939b8d41a2f4261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
552B

MD5
0aa5935d75f1d9f958eeec1d2b10ba37

SHA1
60cf20190faa829881494bec2e33f1df6295f587

SHA256
031eba5c21ba9cbd05dcf7396c7e62c1a670eeaf09f6fda375ae1b6f57258fba

SHA512
d766bc18d5fcec24cd338756f93cc934fc77d8515d444c6de1c212a0fffc3623fec15f99b140a60d12f27447ee53f4b77e8d33432ad6893e7020f6a49e194099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
a849e3df28988b4bf6d0c68c389e38f9

SHA1
df376936edd337a375bce5cdb08fdfa7cd5da9e7

SHA256
54e6c589220f427f48ebb5f59b6a56d706732fd823f1ada4f9dae435f476dbe9

SHA512
62c38ae74e454654ec794cee9d74f99531ecde1e640ea1970f06bbcd477b150761fe33dc61b0b07a10b39830ca2078197cb8d056accc2ff089b0243520a0e4c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
791e95739a565c296ad2547b7d51d05a

SHA1
d0317e1b85ec8226497ef41cc20049402f45f1a1

SHA256
881edfef9ddd67758fa384d0e29dd0fa45e7748e7dabe0925abd61aebc16b19e

SHA512
fc9caaaaa77170cc731a6bb3d76819bad0e38d4350af113fe7a582cb463beff3d3befb4f3f61ec4fa652bff640c6f69bcc4e26a7e4fdd893e76f74c079e601b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
729485dd5f3d480d21d269589b1c8a51

SHA1
d7a741a27db3d38acb3f022a099d041833f026da

SHA256
78d29577ef31b1e334a2ee494f111755e7ab127a44222ffb36b4afb75dd76c7c

SHA512
bb6144e0fe0251eafe718aedf62abf40503df814da5704ab31a7435ba67085588a19d6be3a57c619d5dd72b687b162779c5b0832509eb6a215188f51732ad5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5779062928aaeddaef272460679d2bea

SHA1
0a68dff277ba93c1d00f4bba64a636a4d92a596d

SHA256
4b270089016d965403d0e30bfc164c81c531071e5ed86d771c249eb21769486f

SHA512
262fe09b1419acaa27c14598017f9d32460fa2225f394b3153f486027bf0082ec99229135361de93826a9f83e99469ea9679bd89f8578e90235d3d2b275d202c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3beb480a87e3bc9670df5d26e57a4244

SHA1
4e7eae78809da79794a8c135eeab78e3e9d81131

SHA256
8596be253fc4d3ec68d4cd8145ed3da04e7197f50208b7df3e7c2c82b3b85bcd

SHA512
6f76f9aeb55d26dd7c5c1268c43173ba9858b592481fff9de14e22f70ffc08f676ee14de4990de197bb0f7b94892be89899c0ee0cd75492b321eb4d81cce782c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5ea0c64d7f12eb26cdebcd9eb472307d

SHA1
321b9aa82b465b639721ee339aafab4a7634981a

SHA256
f26a0fdd4a2fea59516639f36b46a6b80ee7020af358825a7544edb960da6897

SHA512
859b47e4d321aa3265afdaa9c3bdc6f01caa591fcd213ade149ef7c478d002b9dc97c0379475f31cf867ceef557ec3cd6e8df0ef5848b31a52b9018bc5adc110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ab17e6df1b0bdfb18f1afdca8f4cdea7

SHA1
9e95d7e9cadfd152737399ecc9289fb225e4b4b5

SHA256
0bbcefca67af37611cf27ef9ea19c5c5627191cee29269aa373c8142c4c4ed00

SHA512
b478e21eef782c726a9333c1cb66a50e8bc38a1d11593a8efa7f3f4f274a412555ecc7a820aa8af0d521e644fa77eb944c9cfa9667db0fbd2a602fd9935b3726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
da9a82e45315b8419478b2d7d23c64b4

SHA1
b26d83b6f7abde0ce1e11f5d576369238d6c2923

SHA256
c51637262b17bd1cccf846ad966dd0b934f5dfd03cff30a8b48ca7d3c8a5d270

SHA512
6eabeec2cd3f77ee6ffdf32c530ebbba40f2f9015975a46bf128e1d464e1ccbd734f255d73728f06879feac365443eb83655826cbf9dfacb69b1585ad409e597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
11bd088bd4f82bc2f62685a3f5c138c3

SHA1
55387b44ceaf92a3b592632f95e9e58bd36ef62b

SHA256
8342a0a05487576af463812be4acc41f0b8d128167c02930d58225782c7b5975

SHA512
9120f3da477f24ca7791ed205bba9ce4085a230d08358d2c7707f1fae798d8e46256563fe73cc9a805c3446cf05f88857fca48b98b3c984216674b7b72e5bb89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5db5268ddbae91d18bf033e747baef09

SHA1
3a09e56745f636622ee083b9d829fd628c18ed3a

SHA256
594de8dc87420cd68ee51c0d743bf4a728deff8ab7e616924a0526f157dad656

SHA512
becc442c8b3037ab45414033bafd157212fffbd6e99655f7e607d5380cba9ba1984d7e2b86d51d2bc2208ada0609db805307e7825faa77985b9b375dfd7bf9e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54e996e2d697102c47a021d760500ecc

SHA1
72c731b410a3e4a98c1d0f968a34a76fe970ebe4

SHA256
1034f39503b3b070a2943bac8467d703ddf902e9cc51225010d450c0a06b2cca

SHA512
15f50318849f15c8870a7f1de61bc4a62e12d8dd278e31581a267de37f73ffa74775278080a076802b71114e60d90282bad7ca2b86c312212e3c70f65325347d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f81b84c1156ffec910d389b4cce60b30

SHA1
d903bc466313081fe5c8f90a0620600dca36c870

SHA256
64dbd063c030f19648356e2bd215426ac79dcc10d27d5e0865f754171a71abd9

SHA512
2ae8ad93b7ae20fd6ec6f8da7483fe3e760557e26257980bbf6bf60438416cefca546cc150f3a18597dd8d840893f9b3c0a0498c25f14acbbfc2fb37a67a5a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
87126825cc392b15e07491b6d559726b

SHA1
6a216c34de6a4569f7da7298285b2b506e8eec1e

SHA256
3c47627a188a2bd835df1523b618f7e26df346be6bdacb7c277e3856171e6195

SHA512
c1b7dc00a38eff90bd8c51f438a16efb16e9daffae49d66de8077471dfab7df6833d6f8c5600df96eec452329062b70b346261534545b13869b4fe26c355a02c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
efd47aa9583602adfdbd8798b920861e

SHA1
d3b6dd135ea1497d584b037dd6a42e82fef690e7

SHA256
e78f2c398f1603f6f7d800dc2df17880c98de3315464adbaafbdd0ea524933ba

SHA512
95857fd6036ee9c397e2dfc24ba174d8ee019260565b1f103629e4fc403055f374da0af9f34f290a91d350a1c9838cd8cc0417d70dc0d2913763cf905c9b48f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
b914de832afbf45f6ed1e88af2581fc5

SHA1
f987c40793b45c4f119206d6e4ab70c17ffac0ad

SHA256
73e4a9370677a6663cab010cfbea42e632406035b82ce8ab724016837c9a1bb7

SHA512
b8f61d9812491b0118cc5d97ab3c4e3766c810ce26d54f38b106a0fbbcb738ac41fdc51a0735092a3564cc9d51824017f523fd8f5bd5016e948da05f307949e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
769f92d1e5e30da97f94b3ba14201ffc

SHA1
fad95464669dc86e8a483ec4ab7f555f30b88e88

SHA256
cf0a3be9f96d6c558f0c69e6335e68f8280554388d733a1347b83d7b8db7fb29

SHA512
2d2496930deebf43266657b217ac6b6a177e3a917bbb5e0c229346a9b92be0b754f6c0e84e977ec7ad214aa370c7b203cc4146d181e77e52bb63888e768b3381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
f6e3ce142b266203e0a32f306b9cb208

SHA1
fe0f8a152353932bb1f0b11d761f96b28bf252a9

SHA256
a053a8a6e1a4e9f66d34fab8b022ab250f1ef6ae49225ed0acf8761bc9380948

SHA512
2d9fb8eff13ea0350942474fc753e64062cc2adb0849b77b47a08616e25a907470ef1d9d7734eb54d0b4aea2e7fa360594a918f25ee3eddcd09f79273663b1ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
17db5b38fd810f675cd02a0b10f5cff0

SHA1
b30bab115bfb85d01616c7a05b32d2521d228ce4

SHA256
73d7744ece6b57af361115073300ada866a847a7736c1efe89c9b9f64aca9107

SHA512
636d195c73fd1445bbee993982d0ea3f6a8b19f3da7a98bd1ce742516ed8d7e00c3baf0aa1b4aef8e056c6371f352c9f33221d22a49140448e9ed2b3f0c0cb77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
b8991e8fb4b456c1fae6458b9f5374b3

SHA1
800a38389fed5e5fc8e674273982e6c0a4d2f809

SHA256
b175875a2f539e68be6d1b7e6ab51764ad46076b886ba77d4aba3f1c27f130ca

SHA512
ef425e93c7237037c0abcb833bddb06c9100b8e677c21b9751d7ecc915502d36e42b6848e9d694c32e9fc0e88b3d3552a6eb0bb5a0a4f0e13faa4752dddaf978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c1c9.TMP

Filesize
105KB

MD5
3a4f7c2702ac1a0458ba17b0256540fd

SHA1
8b420da68500d22c5bc5078a620dcda1af6c05ed

SHA256
fbbdf606596189f8fbdebc307541ff8834753ab0573750db2e3ac985551c1255

SHA512
2d44614f1862942f324ac36fd1a53ae5edc3813950e69f82299af5e1846f28883d73c3b5704b2a9ddce67f37bf4a3334bf606ef75764a713553243ef4eef3545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA642.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB518.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB613.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB613.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB876.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBDC6.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBF4E.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICE4E.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICF49.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JSULQ.tmp\Skype-8.98.0.206.tmp

Filesize
1.4MB

MD5
aa685812eee2fdda956d42d979a09f16

SHA1
31311d16fd34bee27aff999b1351268575348ed1

SHA256
f1c04f3ab2fdd4126f7fa805cf62f599c6867436be2b92d116edf10a1152001a

SHA512
af1aa20869a3da83d59a17fb2c9a19ff3d10e5b94b4eb216d522b515c414e1e0f7ce435fd30aa215123e840c1b0caf7507907f08d93cc935cbe1615d89141798

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JSULQ.tmp\Skype-8.98.0.206.tmp

Filesize
1.4MB

MD5
aa685812eee2fdda956d42d979a09f16

SHA1
31311d16fd34bee27aff999b1351268575348ed1

SHA256
f1c04f3ab2fdd4126f7fa805cf62f599c6867436be2b92d116edf10a1152001a

SHA512
af1aa20869a3da83d59a17fb2c9a19ff3d10e5b94b4eb216d522b515c414e1e0f7ce435fd30aa215123e840c1b0caf7507907f08d93cc935cbe1615d89141798

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\0be40f80-19c1-4059-b5a4-32a441e96f3e\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\Skype-8.98.0.206.msi

Filesize
92.6MB

MD5
a2ff27d8a507a8a3ed2964a32ec1c084

SHA1
c8861dd6ed97bbc36ba8527fa75f95ece417b9fd

SHA256
4bb5fb56cf52fe5493a36df229e1504c153d9b0d538bf7786232b9cf19cd1a24

SHA512
7ece56ca42dc4512e6df7b36d39cea6a4d7d642c8395ddf8bf45ee199d568ac3c79f91338fa07e8ca98218e51e0727682a3b74fb6bc18e6932d90739e9c1e2ee

Download Submit
C:\Users\Admin\Pictures\info.txt

Filesize
2.4MB

MD5
c5763ad7a3a5650c0148a24ba66ec6b0

SHA1
0193ec2ee03836c918b3d19f57337b1f375dc111

SHA256
79edc63a085c5b589147edbede8c9430e5a60fc85739cdb84f863c2b58869fcf

SHA512
cabf87a13f7989a464e0d2484c8284e298af6ddf9e2787b4f8a13af5c979658745a3dffa380f78f988a766f7269b02fc0476200257f0e4dbb9ecdc0c86ca0908

Download Submit
C:\Users\Admin\Pictures\nss3.dll

Filesize
11.2MB

MD5
b75e9f13d80ea520b53c57db3bde5906

SHA1
d48621c433743aaa42b7b10f7ba72d5a47f18481

SHA256
42fad034895469b635602251ecc313df01fca2cb56fbffbb29d6bf024e4d4677

SHA512
e4d5ab6b127dbdba414912f8d53f0df1a175207d2b36b22207b1419782ac7838f03eebf40c14fdeb55f9f689f298d76d9c4b1296d78e1831238f8bf7ee0c617c

Download Submit
C:\Users\Admin\Pictures\updatey.exe

Filesize
445KB

MD5
c4a5bee4ecd1ab142c944b66e1e90b83

SHA1
8c232b58426726f1190890273e1cc6fe804e411a

SHA256
bed999dd31a38c316627eddd7e387c459f47037a74f11d2dc4dca9612b3a61a5

SHA512
47001e43f71266046f17db5d5efc4cfc4fab92832acaa87ceaad46cfc0a8810f938ebc301eac3d30ae66a5cb815c9a00ef5dc0f9b0e306d77540ec0bc82a6ce6

Download Submit
C:\Users\Admin\Pictures\updatey.exe

Filesize
445KB

MD5
c4a5bee4ecd1ab142c944b66e1e90b83

SHA1
8c232b58426726f1190890273e1cc6fe804e411a

SHA256
bed999dd31a38c316627eddd7e387c459f47037a74f11d2dc4dca9612b3a61a5

SHA512
47001e43f71266046f17db5d5efc4cfc4fab92832acaa87ceaad46cfc0a8810f938ebc301eac3d30ae66a5cb815c9a00ef5dc0f9b0e306d77540ec0bc82a6ce6

Download Submit
C:\Windows\Installer\MSIBAEE.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
C:\Windows\Installer\MSIBC47.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
25.0MB

MD5
de56c566ee4e9583c727c8c15974190d

SHA1
9533da0faa754ce75e3e3fcee60ea3986fc6af73

SHA256
d7b3a9b7786ce698770c871c048c26e7ab70ba9f742d6ebebba208eef991a3e8

SHA512
5cc8ecf211e0810c7e98d79f649c1c1b8ed9503a9ed1986fd113989e1e3b7221101d15f974d41659a8d4f388c58085a586e8fb899a756d69c7968c9e75fd730e

Download Submit
\??\Volume{d9ac1e8a-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{7d3dd7f7-253e-41aa-9c9f-f9057e6c1221}_OnDiskSnapshotProp

Filesize
5KB

MD5
9a7358fd28d14f0ea72c566cbb625982

SHA1
e936f8a5431807cc542b0c3b77519220c79abc2d

SHA256
947997e753d8477fd77335a8d09389d2cf1e8e7809e0299f47e2b735bf5944ec

SHA512
d19fc2e747e9ab35d548b1e1f89ddb2f9f6961e0e711b18ca0cc7ff13f9a56ee2a810b52b519913fbb88a6c624931be23cab17c4efb46faeba0bc47a2d7f7b0d

Download Submit
\??\c:\program files (x86)\microsoft\skype for desktop\skype.exe

Filesize
86.6MB

MD5
b0b90de7136422c51c213424e2b0fcce

SHA1
4ecf778d6f47a6eccff1d786c06d549e3d80a5f8

SHA256
4c0ff7a5c6b58a9e969b46e9b45949fd96c26ed614bcad1b876d78c12edf5e78

SHA512
0741ce07b3cf7497fe6ab0131c2d0683fc233db48f7648d08cb388818063fb505f471d27ed92e130572ba73d2dc61ebcee422b209c46740ff41dec390f3bc4b4

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
2.4MB

MD5
07b028b03161d193f49232cdfd9663c3

SHA1
c63a0c014d1dd989fed058007182482bb42caf9e

SHA256
174bd45ec7945dff159d41fb8c60a7eb88c2f6230a783a8f9d763817691246ed

SHA512
3c80b75bb9a11005908ad9b5e4d8e8a6c587b39b90f0d9dc34619d2e2144b36dc4d81f47c0854bd01a1e2664363376290c54741070dc35b7ba10d083ba96e65e

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmControl.dll

Filesize
118KB

MD5
c322839c14449874209a7534ad45a4ac

SHA1
84a5abd34e47344e015a6883cf40532c514858df

SHA256
d8227344843d7f5de324c85d99b728bad84e771553f0891a1a37983d5eb1d928

SHA512
fa0181f746eeefa48d5f52a32b90e58bc33d5528b679a12b8bdeb4a30d9eb52af47d57587d65c577fecb6fe76ec0f15c1f557ae8cf5d8570c9811810a750a862

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll

Filesize
954KB

MD5
19bd383beaff5b32f8b6b80b5496164c

SHA1
f4cca45b35b799155e9413cd329568549a0eec3e

SHA256
a9f5229a995021e3e7dc4eb37ed2dec7689b384e57b24379da8fdd9987c9cc44

SHA512
4b7d02c6d076eaaebe537bd046a70e717cc323d518adae92a391ac7ee5cf039cff6d2592207464bd6c0f3aaf720b5f7eccdbb24125a4dc74a8e5594da2d88e95

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\electron_utility.node

Filesize
825KB

MD5
3e146137835ffdc10e139fb0ea5536e6

SHA1
21ab924fe0f68a2db13aab800cf1638b5dacc927

SHA256
50950f25b60b078bbf7060ca6ba0a76b897ba9133f690b03b06e41443638abf9

SHA512
cafea8ed0552c05a77dc83316309d8aa5e2dea35284a5c850b66355889a400913b4aa44cf6fc4f881ea9fe1d4e6e5efb5ae6b10e14a3568a9937d7101b039e8b

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\sharing-indicator.node

Filesize
104KB

MD5
31d72228f6a9a10a91e5479ccbb38f68

SHA1
8290724ff8e8476ab757bf515b97736f6ccd843b

SHA256
7e764573922333b499f67bfa78aceb5f5e9acb1f5031fa95dffc83160ac4b40c

SHA512
9f3f4063711a6cf04fae03c5637e29dc705ef5d7c02e28abb1e87035254bdfb6bf128fff8d3d4729355d4ada166d5085fb1508f7250291e48dd48beccee09780

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\skypert.dll

Filesize
3.1MB

MD5
daa657b3fdf4257cc434b4ddc30ca0fa

SHA1
0823a8b74f1cb1b32d4f7f1975832c4cfc6a0ba2

SHA256
e9cc79c2c2528029e9ec48a2d2977d2d7cee125296f7e925fc7e107837839919

SHA512
d0babedbdc0c54ec9a1d9130a9e2931c480b1f467a71eebcf5e32b0cdaea97da98a0b6a3deb4643fde220defb5f3761b82756bbf88d1a44acfcdecd674216e2b

Download Submit
\Users\Admin\AppData\Local\Temp\MSIA642.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB518.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB613.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB876.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Users\Admin\AppData\Local\Temp\MSIBDC6.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Users\Admin\AppData\Local\Temp\MSIBF4E.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Users\Admin\AppData\Local\Temp\MSICE4E.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Users\Admin\AppData\Local\Temp\MSICF49.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Users\Admin\Pictures\nss3.dll

Filesize
11.2MB

MD5
b75e9f13d80ea520b53c57db3bde5906

SHA1
d48621c433743aaa42b7b10f7ba72d5a47f18481

SHA256
42fad034895469b635602251ecc313df01fca2cb56fbffbb29d6bf024e4d4677

SHA512
e4d5ab6b127dbdba414912f8d53f0df1a175207d2b36b22207b1419782ac7838f03eebf40c14fdeb55f9f689f298d76d9c4b1296d78e1831238f8bf7ee0c617c

Download Submit
\Windows\Installer\MSIBAEE.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
\Windows\Installer\MSIBC47.tmp

Filesize
557KB

MD5
e1423fc5ddaedc0152a09f4796243e31

SHA1
c92cec1fb6093d6922fe64719e583048fca12153

SHA256
3042d947f0e3accd3307d4d983aba352c4b01f6ca10aa45dbe660ca0a0a107de

SHA512
fc21fadb5b86dc0c4fc8fea5d166b9b8a500df2b662c201626a8bcf6d3f7bd590b8ec3bae31f2f558b74ccb49ca74f51ee48b19bd047a27ef0c794b21cc84b39

Download Submit
memory/512-528-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/512-508-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/512-1026-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4928-497-0x0000000072DC0000-0x0000000073902000-memory.dmp

Filesize
11.3MB

Download
memory/4928-632-0x0000000072DC0000-0x0000000073902000-memory.dmp

Filesize
11.3MB

Download
memory/4928-491-0x0000000072DC0000-0x0000000073902000-memory.dmp

Filesize
11.3MB

Download
memory/5116-1023-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/5116-516-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/5116-971-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/5116-529-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/5116-650-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download