380c905f4dcfc336d42852f63ac8beba879300b26ef4f30ccb34018798087c18

Analysis

max time kernel
131s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03/06/2024, 17:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

skype_8.54.0.91.exe
Size

65.8MB
MD5

bf593256fd9faafe68a507a8151b1f29
SHA1

342731c618e3cdbbd03b66d51c1dd5283d62928f
SHA256

380c905f4dcfc336d42852f63ac8beba879300b26ef4f30ccb34018798087c18
SHA512

2f4fb80aaa8e5587133e13f239867438ea9c2290aeda84234a55db65e77d95f13a78d792bfa54f912b0bbef4f10cc40eb9c87700c81fcbc33ec5b43ff557eaf7
SSDEEP

1572864:QuiFyqpok1JIvf7zXTQZFtS1vqzwXWfH2FKQFFw9/regI33GDSgD:QJFzpHIvjU6Zq0G9yX3+Sg

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Skype.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Skype.exe

Executes dropped EXE 8 IoCs

pid	Process
364	skype_8.54.0.91.tmp
4924	Skype.exe
4640	Skype.exe
644	Skype.exe
4360	Skype.exe
3652	Skype.exe
1200	Skype.exe
3856	Skype.exe

Loads dropped DLL 20 IoCs

pid	Process
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4640	Skype.exe
644	Skype.exe
644	Skype.exe
644	Skype.exe
644	Skype.exe
4360	Skype.exe
3652	Skype.exe
4360	Skype.exe
4360	Skype.exe
4360	Skype.exe
4360	Skype.exe
1200	Skype.exe
4924	Skype.exe
3856	Skype.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Windows\CurrentVersion\Run\Skype for Desktop = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe"	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-CTJLQ.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-FLH66.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-private-l1-1-0.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-54Q1N.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-BM2O3.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-RN9JR.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-JA7LI.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-namedpipe-l1-1-0.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\uwp-credentials-fetcher\build\Release\is-IFT4O.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-P2E6C.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-SE8TA.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\is-U6D3B.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-6HSRH.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-JAKMS.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-multibyte-l1-1-0.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-0KQ9F.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-6M5TV.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-S4DVP.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-8LKH7.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\is-V0THM.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-FIVQ8.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-JPL4D.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-LVNQT.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-KP7AQ.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\is-01OH8.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-KEL2E.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-DV62T.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-1FUUC.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-J4613.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-util-l1-1-0.dll	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\ssScreenVVS2.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-TARKI.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-profile-l1-1-0.dll	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-utility-l1-1-0.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-I9OS9.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-GJPBQ.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\is-Q1NFD.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l1-1-0.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-R9CP7.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-PK73C.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-OUGBT.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-15619.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-LLB26.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@felixrieseberg\spellchecker\build\Release\is-9PEMR.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-E8B5N.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-IECH1.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\RtmMediaManager.dll	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-sysinfo-l1-1-0.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-BA12K.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-4IDDF.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-LBLUH.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-0TLBC.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\is-7J2JC.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-stdio-l1-1-0.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-N4P3H.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-SM21U.tmp	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processenvironment-l1-1-0.dll	skype_8.54.0.91.tmp
File opened for modification	C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-conio-l1-1-0.dll	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-DPITT.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\is-RNLL2.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\is-8R9VN.tmp	skype_8.54.0.91.tmp
File created	C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-VE5T0.tmp	skype_8.54.0.91.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Skype.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Skype.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Skype.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Skype.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Skype.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4140	taskkill.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\skype	Skype.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\skype\URL Protocol	Skype.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\skype\ = "URL:skype"	Skype.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\skype\shell\open\command	Skype.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\skype\shell	Skype.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\skype\shell\open	Skype.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\skype\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" -- \"%1\""	Skype.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
1908	reg.exe
4328	reg.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
364	skype_8.54.0.91.tmp
364	skype_8.54.0.91.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4140	taskkill.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
364	skype_8.54.0.91.tmp
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe
4924	Skype.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 164 wrote to memory of 364	164	skype_8.54.0.91.exe	74
PID 164 wrote to memory of 364	164	skype_8.54.0.91.exe	74
PID 164 wrote to memory of 364	164	skype_8.54.0.91.exe	74
PID 364 wrote to memory of 4140	364	skype_8.54.0.91.tmp	75
PID 364 wrote to memory of 4140	364	skype_8.54.0.91.tmp	75
PID 364 wrote to memory of 4140	364	skype_8.54.0.91.tmp	75
PID 364 wrote to memory of 4924	364	skype_8.54.0.91.tmp	79
PID 364 wrote to memory of 4924	364	skype_8.54.0.91.tmp	79
PID 364 wrote to memory of 4924	364	skype_8.54.0.91.tmp	79
PID 4924 wrote to memory of 4640	4924	Skype.exe	80
PID 4924 wrote to memory of 4640	4924	Skype.exe	80
PID 4924 wrote to memory of 4640	4924	Skype.exe	80
PID 4924 wrote to memory of 1908	4924	Skype.exe	81
PID 4924 wrote to memory of 1908	4924	Skype.exe	81
PID 4924 wrote to memory of 1908	4924	Skype.exe	81
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 644	4924	Skype.exe	83
PID 4924 wrote to memory of 4328	4924	Skype.exe	84
PID 4924 wrote to memory of 4328	4924	Skype.exe	84

C:\Users\Admin\AppData\Local\Temp\skype_8.54.0.91.exe
"C:\Users\Admin\AppData\Local\Temp\skype_8.54.0.91.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:164
- C:\Users\Admin\AppData\Local\Temp\is-G3Q31.tmp\skype_8.54.0.91.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-G3Q31.tmp\skype_8.54.0.91.tmp" /SL5="$7021C,68436592,404480,C:\Users\Admin\AppData\Local\Temp\skype_8.54.0.91.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:364
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /f /im Skype.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4140
- - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4924
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\Admin\AppData\Local\Temp\skype-preview Crashes" --v=1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4640
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:1908
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=9336067113527767406 --mojo-platform-channel-handle=2088 --ignored=" --type=renderer " /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:644
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate
      4⤵
      Modifies registry key
      PID:4328
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --disable-features=SpareRendererForSitePerProcess --service-pipe-token=3378772333171437695 --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --webview-tag --no-sandbox --no-zygote --native-window-open --preload="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar\Preload.js" --background-color=#fff --node-integration-in-subframes --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=3378772333171437695 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1 --skype-process-type=Main
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4360
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --reporter-url=https://rink.hockeyapp.net/api/2/apps/a741743329d94bc08826af367733939d/crashes/upload --application-name=skype-preview "--crashes-directory=C:\Users\Admin\AppData\Local\Temp\skype-preview Crashes" --v=1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3652
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --service-pipe-token=17058965389100979262 --lang=en-US --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=17058965389100979262 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1200
  - - C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
      "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4076119739359482998 --mojo-platform-channel-handle=2840 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_100_percent.pak

Filesize
176KB

MD5
6bc3c299d9e24718c066edad063619b8

SHA1
65ae83f994992d032fbdd7544280f5cd5e240103

SHA256
971698362570b8e7dd79e9eed8aeb28443535053787e7b5e8bbf0cb477b5f99d

SHA512
99ddd1af09588b8bac7c293e3598db498f7279711ad691c80072987d55cfbe53651458a61e820d75f3bec04f119aab0f0e700a52c4b56cca2c0e3bacac19da90

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\chrome_200_percent.pak

Filesize
287KB

MD5
1cc200bc1a1c416a0f5b34d138c49d85

SHA1
777a70499eb27bda881104b581de1a242caf49b2

SHA256
7afe6e166dc44329e99c218b3f783c14ff0c67b036806d6a5247dbae694a649a

SHA512
31c4f06814ef4361a72e7bae264e754d4398d92ed5b2306ebed8625118655e8feda1df2f40c2f1a630ca2b62ee7fd34f3373203265835e791ebb90e0f979e0b1

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\icudtl.dat

Filesize
9.8MB

MD5
65c6337820fbe9bf2498a9395e3b20f2

SHA1
5cc62646e6c73b4be276d08719bc5e257af972bb

SHA256
33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4

SHA512
4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\en-US.pak

Filesize
63KB

MD5
542df8e581c306511d5f8a9463724b84

SHA1
f0a0f22300151cd39f67e17043ef9f79ba57faa2

SHA256
52ece805cf288fdb16b60cf30ee0604583c1859d5986a7f5e42846eb5b83a7c2

SHA512
8577a4e2ee2078941816c816573bc1cfc296eaaa39ecb625783074bac47827fab3d2d0f757f528d1d556724388b15f0e10f1efb7ca1619db84fceca0471b41ef

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\natives_blob.bin

Filesize
81KB

MD5
e350965916554e65a47305a6ab27c2ba

SHA1
9d60e499a907811a3155e9a07f8645d6c83cb909

SHA256
1cae202ada016cf455abf69d583524a1d37a1371ad4efdfac4baed07c6402bdd

SHA512
c6044b769a00f887b573ad35a7f5b71f6134d2d596a54effa50710be2f528acefea53ae4a2847e16c1b4e56962d8b0fe24f1ea4a04bfe167514b0abddb4fb5a8

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources.pak

Filesize
8.1MB

MD5
18601c14d596f2fe31e8b86fa38b0123

SHA1
316a6d4f01ea7fcbb0913a8c311a6354c6e4b4e0

SHA256
69f3d8af0c82346cfb89f7b94c9c89a399aecf730318849f54fcd82145146e40

SHA512
343eb068b1b023ed10f0d882d921c063ecb565662cf03d84a0ceed24dd7808d1c436f6c256b24edc04fc414eabdae12af7b075a15ebfedc820e00126bf0bc8c7

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar

Filesize
47.2MB

MD5
f1c63ae8a7e47c42620d435256420337

SHA1
5f8b19d93b5c2c9f3bb81367e7121925267fa631

SHA256
80f21fef73ae8bbf376c51d7ece65ed9499372a30dd74d079657c10de9e1b2ef

SHA512
ce5a37b2085e6afb745e88af863ac725c75ea2b67ec602b77e9a4e1eed6fc9d60fa22d9788d7bc8801636e6bc275a95172a1a3cbc47e4bc46291bdd69734e25d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node

Filesize
453KB

MD5
bc6eb0065099f64dba988ec458a22195

SHA1
f885a480bbedaf1dbd08be895c9842a32eb6ff84

SHA256
e22a7a8f4298ff2f0e0008c5d0fc722caaf37d79f8a5a78c2b4521cb26e936c0

SHA512
1fac5c1cb9b23179ecd6968dc251ad99db3a2ea0aa0ddf0ad3875c23addc1c0fbc8d923e052ae0cf5f6633582ac36e05bd0d76619cbc788195bcccda4b69e6fc

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\RtmPal.dll

Filesize
787KB

MD5
02dc0f15ece57a92a711fd671d67a6ee

SHA1
635630e6713528a6731920d87e036bddebe66d8e

SHA256
d680ca7453f5edef312e55e347d7493a587815206d9d8c57f537153ccf583337

SHA512
8b7c3162d853faf1fcd3c70170ad0bb53fdcf7da483876f9a45fd3105d43c029f62b577f5cbd5a2d4ed4f3e7bfbe23af267375e6071e53762cb82b00e9560f9d

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll

Filesize
2.6MB

MD5
13f62e853dd0fbe2fa93c3ac61abb17a

SHA1
f97d82ff289b31abfad4dd26bf6772df4a6caafd

SHA256
badcc49fbc6b1f95b11a5593a66bd5e511c4baa7480447f452c789a1618bab3a

SHA512
9a3f45fd7170be717bc3b559a088a57550ac426e4b557645a5b7ef5719645a9ec46cafa0feb90f5591d055dbebc48f7321184eccc6bd2aa69c13256b295c3056

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\electron.asar

Filesize
295KB

MD5
6cb0329bbe11069b63c45407e53d0f7d

SHA1
e85dd47cc7ab11586543e8af4394920173d44aa9

SHA256
f771a1ad67395b2ef852ff011703a8197a9c17d9c337bb1e02516a66114fce86

SHA512
ccae083ff998cc6d9dff9243894e8d3fb653bc4ce1df7c66f4f1c23729a0487d17dffa997ecf328f2c74876f83210732e6c26405edcac2e8efe584607c230c8c

Download Submit
C:\Program Files (x86)\Microsoft\Skype for Desktop\v8_context_snapshot.bin

Filesize
591KB

MD5
7c374281b8d3c0b7d2c899b5fae34344

SHA1
3c2690cc9cdefd3411e26ef34048500df56c5e56

SHA256
17d02ce9c3c0757083fcd7807f70a94a48b1311483da0051aa405d21333ae6c0

SHA512
2e7d57192ba342bc1e8c0bbcf8e807078854eb3089371e001d8d1e91a4546f056419363a399344eeb74a198357b167f6db3baa1121a0acb875795da40690c2cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\c3e0cfc1-3c60-4526-bd86-7979eb09faa6.tmp.ico

Filesize
104KB

MD5
6829d32c8496b84cefa32e6030e356da

SHA1
5f2b0331147da4185ee21ac62b890c36c48329bf

SHA256
e437c7e735977ad406d9df0c9e1a956cd7a9f98f7b387a21b39d67447ad55b04

SHA512
e85b18790a8b521476b0610358c055f54e5c12b48687946df569eec0b5237a39dca3f3b4eecc44da2a17c4187ef3279b3087e2fa40357ce9bd311c5ab4de3bd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-G3Q31.tmp\skype_8.54.0.91.tmp

Filesize
1.4MB

MD5
21ea83be76741e579199391317496db5

SHA1
5edb6dd72075ad71d6f4f7e670f8391a55a6cae1

SHA256
b1682b11f65b686ebbcff97d5167e6d2b5a6fa42c93b208116e90390c2173bcc

SHA512
39307572ddacd8af8cd7128c722bb41558c94c8cb077f0c05d756c181d76c43d4d6acf9f0d36107f4ffba2452b06f2ac6bff21033aa3fc30f063895135cc2b6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\skype-preview Crashes\operation_log.txt

Filesize
1KB

MD5
e743d455363ca0601d328c31857002fb

SHA1
676c8c1d8ad033f012d8049e2854e4fc80bc17c5

SHA256
90aaf501da3c8bf900764934c1ec8d038c62ecfba63605298a7c83feddb54e5c

SHA512
65c50766520f8dda829221148add849b69b967fd98f10424544957fa76fc4926d68ef3c45992210105292c6488a2a24cb7bcd237dedbef1749f07f64a39a6c8a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network Persistent State~RFe58c56e.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\cd57bf9d-dc6f-479b-a14c-73b55f97e720.tmp

Filesize
222B

MD5
26131fc1840b7cdb2be56e6282307253

SHA1
3a2600268b013e2175177f186ed8c6be75cdf3c5

SHA256
da4afc5b154150a9a205868d946bb35015a2dbb0660273b0e456789e733191fc

SHA512
a0e91e58dc7d52b0700f7b120878e8ab0bf7b33883916e424e827189a01ce210aa4848bbeb47a3a2023d401a3ccdbcd537fe00b1585046e98ad8826e733f5147

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic

Filesize
435KB

MD5
58f403a216e2c3c0e21e74a7b98fb720

SHA1
8b6f56b56c2139e704ef7844a0eafbfe960ff0ef

SHA256
6f3a0cd803bc7cabf54d1842981f5f78c89fda657b31f04911532a764061df0c

SHA512
cd05afedc5291b971ec659b6aefedd09f9b03d299540df30695bce586049bc5c7b44d71c08a264b1842b2a4427cf484eaab82f82f9ba9079909ddd2de94cda58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b916037c1e115fe0.customDestinations-ms

Filesize
1KB

MD5
7f087c00c34bd88a68c8b47129d90621

SHA1
607220403e056364ad985db01f88f3b51cfa2b71

SHA256
2aeb7f4ea769a446dd9761749e64eadf432e01d3c98614b3b0b32c27324519cc

SHA512
1c71064a2a3d3a41ed6c03a20d1f3092b441bd40e1b221c39aec1fe15cf0e24ecf2d2edacfbb1ed83c6b6cc8db5562f4ba588db8d30c92f607bab6010ea0a2da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b916037c1e115fe0.customDestinations-ms

Filesize
12B

MD5
e4a1661c2c886ebb688dec494532431c

SHA1
a2ae2a7db83b33dc95396607258f553114c9183c

SHA256
b76875c50ef704dbbf7f02c982445971d1bbd61aebe2e4b28ddc58a1d66317d5

SHA512
efdcb76fb40482bc94e37eae3701e844bf22c7d74d53aef93ac7b6ae1c1094ba2f853875d2c66a49a7075ea8c69f5a348b786d6ee0fa711669279d04adaac22c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\d3dcompiler_47.dll

Filesize
3.5MB

MD5
587a415cd5ac2069813adef5f7685021

SHA1
ca0e2fe1922b3cdc9e96e636a73e5c85a838e863

SHA256
2ad0d4987fc4624566b190e747c9d95038443956ed816abfd1e2d389b5ec0851

SHA512
0fa0e89ea1c1cb27ac7f621feb484438e378a8f5675eca7a91f24e0569174bd848d470d6b3e237fe6ab27ca1eb1ecc09b5f044e53a6d98bf908e77ac511183e2

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll

Filesize
1.8MB

MD5
f70d6f2bc06f8ef64773f0fed059025f

SHA1
d47b1c784bac1e45a4971b6af738ab82e681dd37

SHA256
f8cde5216641c4fa842ee8a157ae5a8b693829de3a65d78f9c46d0b892a49cdb

SHA512
03c6d43996044b74d315ecfd1bfd940a74beb32ac049aeae1c0570dfb23b322cd5d47ba702aacaee60bfaaa328dc899ee071c2f65d5c7e8f941f08d75af10ac1

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@felixrieseberg\spellchecker\build\Release\spellchecker.node

Filesize
770KB

MD5
bd8c2b5bd758d214cfebaef40b75829a

SHA1
b32375704a0b3b930d0279726775170682953aa8

SHA256
2da2fdfb00fb37a72b1ede41b7438aaf97449f106b40aafa7b50948eb5c61f96

SHA512
6c715605b0d74fa0d570639eb58964d270614cfa490a987c2224fb327c603667d242b895d9f06167669a534a905a66851e4a16610bfb6ef650f6485804ac2aba

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node

Filesize
448KB

MD5
2dd026b850de29c9ab7de1af8463d635

SHA1
06947e1f0a130f96f704d6ad55874140094392e9

SHA256
4e0d89faf67b4e21eccc6ba6bc4c3f9b461848f238bbbfc8985010f221e4e7f6

SHA512
73e0a3d68b47f11e1f3e1b2e266bec46f081e48fb2eaffbef3f67b5f97aefc88ea47e64fc1db5b21b6fa2f250c4a03c23a341f6d621d9de6c1de2456546fcb50

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\RtmControl.dll

Filesize
125KB

MD5
7e9e89f83ce6fc7ec9ecc8a7eb3a2e9f

SHA1
5063bb88c32fad884da138b08b14742615c11a26

SHA256
b72fda952897d97b95cb68c0d195b2091ff9bebce5c99e2ba5f9e2182ea14429

SHA512
45bbca0c4d8f762f2e2f290d3da84875efb89c55148e5b423b20bea23bd195f208e6030e21315d9604a271693a4014cdc7733cb1fd2f9d8573158b57558ca86f

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\sharing-indicator.node

Filesize
109KB

MD5
5edd2569c8bb322350228567d4eca4be

SHA1
ea87da04129c66190950ba785036185b79983563

SHA256
2ef24f758333b85179955d445f4473773c0ee7f805b027dbb2a2fd97fc2c82fb

SHA512
a13f08f17508f19a583ef58e3cd5b84bd60a4f3cc17f648c87e8cbf3f1622f0c7a3df24cbf565fe37b82ac112d1b1004c42101d28e3d64450f82275258d8f03c

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\slimcore.node

Filesize
9.5MB

MD5
a4b15e69d9a3abea6b13297cfbb96e72

SHA1
727edf68a64b3892480f5dacc714467a46d8423b

SHA256
617a3c6d6c9d2eb87704c133b1ee16483a16ab3b5db0138d01b51fe6594bc0ce

SHA512
a0533b90f1a5f11c08cfe6fb2afc3b88fe2bdc17a694709fbb08c2efb9f51ca60b0879fcf5643fb86cd8a840997e1b6a4bf29b1afe88f15b00f5a34a2ee4bf19

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\swiftshader\libEGL.dll

Filesize
118KB

MD5
b39f11670918b6c6c161700361dc3c02

SHA1
b0de443f4808ab9211d4c8e85db5aa00d9da8ee1

SHA256
fc0808970bf1e11d0e4c74d60602fd52c2493756c9985d540483bb823db5783e

SHA512
ca54f0b84f208eac1a91292bbf059da0761002f0d7cf98652a01adf1fb353896811aa4164edc35edd742eb3e465181508c275f0a15f9ba1417e858fe219fae82

Download Submit
\Program Files (x86)\Microsoft\Skype for Desktop\swiftshader\libGLESv2.dll

Filesize
2.2MB

MD5
a1c8b9c0c3b0935e93d4be2fbef6c531

SHA1
ca6d94842d9cc10c491347d1f2772ef452c84b08

SHA256
34720902917b9b218407d14fb24cd2264591f9b814bf9d8e47e852398308aa77

SHA512
7ddd6598ab565542833da3da9743e960920ce44aae4c7e0d8dc40743d18c28a438df10f98f539530e2a11b0bffcbd1ecce1f2fd8d6abf374aa516bdf3ee2a46a

Download Submit
memory/164-0-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/164-316-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/164-8-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/164-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/364-315-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/364-126-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/364-9-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/364-6-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download