c8db62bed2305b35860ba601c926f664da5c49cb58db6e364f0ed2805af511f0

Resubmissions

18/11/2024, 18:16

241118-wwktsssjgw 6

18/11/2024, 18:08

241118-wqy48ssfjm 6

Analysis

max time kernel
296s
max time network
291s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18/11/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MSTeamsSetup.exe
Size

1.4MB
MD5

7ee6219d0f497752aa7f1c129ca50bc1
SHA1

68bec1b6c594b6bdaf74b4062e4b3c477aa6a1ad
SHA256

c8db62bed2305b35860ba601c926f664da5c49cb58db6e364f0ed2805af511f0
SHA512

a91760aeb550d5683ce0222f40addb3507b79ccf10199c6c5a4773d3b3fc0bcf874360202bfcdca0871da5efe94b94b24fecb72dd5ebeca02939928c5a534094
SSDEEP

24576:E9Yu8GgnSf7uw7J8qyKD0OIqKT//pIgl6A5H2TuDWkd3WZZ7SuW42C7Z32o3:zGMo7NSK/Iqwp/6A5Wgz501SuWYZ3V

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Drops file in Windows directory 16 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DF0EE4B67515D2EC4F.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI661C.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF5D578D7D43133477.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI487F.tmp	msiexec.exe
File created	C:\Windows\Installer\e5843de.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI45FD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4B5E.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC2E851BF5C47C51B.TMP	msiexec.exe
File created	C:\Windows\Installer\e5843da.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5843da.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI631D.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\~DF9369D64F9FDBD550.TMP	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
5440	Update.exe

Loads dropped DLL 6 IoCs

pid	Process
2908	MsiExec.exe
2908	MsiExec.exe
2908	MsiExec.exe
2908	MsiExec.exe
2908	MsiExec.exe
2908	MsiExec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSTeamsSetup.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 21 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
6040	msedgewebview2.exe
5324	msedgewebview2.exe
5388	msedgewebview2.exe
6112	msedgewebview2.exe
1508	msedgewebview2.exe
4132	msedgewebview2.exe
800	msedgewebview2.exe
3364	msedgewebview2.exe
952	msedgewebview2.exe
540	msedgewebview2.exe
4132	msedgewebview2.exe
4884	msedgewebview2.exe
5324	msedgewebview2.exe
700	msedgewebview2.exe
4784	msedgewebview2.exe
5112	msedgewebview2.exe
5980	msedgewebview2.exe
3444	msedgewebview2.exe
4864	msedgewebview2.exe
5816	msedgewebview2.exe
3812	msedgewebview2.exe

Checks processor information in registry 2 TTPs 30 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	ms-teamsupdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ms-teams.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ms-teamsupdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ms-teamsupdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ms-teams.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	ms-teams.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	ms-teamsupdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	ms-teams.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	ms-teamsupdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	ms-teamsupdate.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ms-teamsupdate.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	ms-teamsupdate.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\Bios	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ms-teams.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\Bios	ms-teams.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ms-teams.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\Registry\user\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\msteams	ms-teams.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\msteams\WarnOnOpen = "0"	ms-teams.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\ = "AddinLoaderLib"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\ProgID\ = "TeamsAddin.FastConnect.1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.Connect.1	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\msteams_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	ms-teams.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\msteams_8wekyb3d8bbwe\Internet Settings	ms-teams.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\0	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\Version	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\FLAGS	msiexec.exe
Key created	\Registry\User\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\msteams\shell\open\command	ms-teams.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.FastConnect\CurVer\Description = "Microsoft Teams Meeting Add-in for Microsoft Office"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.FastConnect\CurVer\ = "TeamsAddin.FastConnect.1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\0\win32	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask\State = "2"	Update.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.FastConnect\CurVer\FriendlyName = "Microsoft Teams Meeting Add-in for Microsoft Office"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\ProgID	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.Connect\ = "Connect Class"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\0	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\Version	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.Connect.1\CLSID\ = "{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.FastConnect	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\TeamsMeetingAdd-in\\1.24.25702\\x86\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\HELPDIR	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\FLAGS	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\FLAGS\ = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.Connect	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.Connect\CurVer\ = "TeamsAddin.Connect.1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.Connect.1\CLSID	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\TeamsMeetingAdd-in\\1.24.25702\\x64\\Microsoft.Teams.AddinLoader.dll"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\HELPDIR	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\ProgID	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\ = "FastConnect Class"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask\ShowNotification = "1"	Update.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\0\win64	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\VersionIndependentProgID\ = "TeamsAddin.FastConnect"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\TypeLib\ = "{C0529B10-073A-4754-9BB0-72325D80D122}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\msteams\shell\open\command\ = "\"ms-teams.exe\" \"%1\""	ms-teams.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\msteams_8wekyb3d8bbwe\Internet Settings\Cache	ms-teams.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.FastConnect\ = "FastConnect Class"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\VersionIndependentProgID	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\VersionIndependentProgID\ = "TeamsAddin.FastConnect"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\TeamsMeetingAdd-in\\1.24.25702\\x86\\Microsoft.Teams.AddinLoader.dll"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\FLAGS\ = "0"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\TeamsMeetingAdd-in\\1.24.25702\\x86\\Microsoft.Teams.AddinLoader.dll"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\msteams\shell	ms-teams.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\msteams\shell\open\command	ms-teams.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.FastConnect\CurVer	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\Version\ = "1.0"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\ProgID\ = "TeamsAddin.FastConnect.1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\msteams\shell\open	ms-teams.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\TypeLib\ = "{C0529B10-073A-4754-9BB0-72325D80D122}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\0\win64	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\TeamsMeetingAdd-in\\1.24.25702\\x64\\Microsoft.Teams.AddinLoader.dll"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\WOW6432Node\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe	Update.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MSTeams_8wekyb3d8bbwe\TeamsTfwStartupTask\UserEnabledStartupOnce = "0"	Update.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TeamsAddin.FastConnect.1\ = "FastConnect Class"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\TypeLib\{C0529B10-073A-4754-9BB0-72325D80D122}\1.0\0\win32	msiexec.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5072	ms-teams.exe
5072	ms-teams.exe
5072	ms-teams.exe
5072	ms-teams.exe
5060	msedgewebview2.exe
5060	msedgewebview2.exe
5248	msiexec.exe
5248	msiexec.exe
4784	msedgewebview2.exe
4784	msedgewebview2.exe
952	msedgewebview2.exe
952	msedgewebview2.exe
952	msedgewebview2.exe
952	msedgewebview2.exe
3576	ms-teams.exe
3576	ms-teams.exe
3576	ms-teams.exe
3576	ms-teams.exe
2056	msedgewebview2.exe
2056	msedgewebview2.exe
4864	msedgewebview2.exe
4864	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4540	msedgewebview2.exe
4540	msedgewebview2.exe
4540	msedgewebview2.exe
4540	msedgewebview2.exe
4540	msedgewebview2.exe
4540	msedgewebview2.exe
4656	msedgewebview2.exe
4656	msedgewebview2.exe
4656	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5440	Update.exe
Token: SeShutdownPrivilege	5612	ms-teamsupdate.exe
Token: SeIncreaseQuotaPrivilege	5612	ms-teamsupdate.exe
Token: SeSecurityPrivilege	5248	msiexec.exe
Token: SeCreateTokenPrivilege	5612	ms-teamsupdate.exe
Token: SeAssignPrimaryTokenPrivilege	5612	ms-teamsupdate.exe
Token: SeLockMemoryPrivilege	5612	ms-teamsupdate.exe
Token: SeIncreaseQuotaPrivilege	5612	ms-teamsupdate.exe
Token: SeMachineAccountPrivilege	5612	ms-teamsupdate.exe
Token: SeTcbPrivilege	5612	ms-teamsupdate.exe
Token: SeSecurityPrivilege	5612	ms-teamsupdate.exe
Token: SeTakeOwnershipPrivilege	5612	ms-teamsupdate.exe
Token: SeLoadDriverPrivilege	5612	ms-teamsupdate.exe
Token: SeSystemProfilePrivilege	5612	ms-teamsupdate.exe
Token: SeSystemtimePrivilege	5612	ms-teamsupdate.exe
Token: SeProfSingleProcessPrivilege	5612	ms-teamsupdate.exe
Token: SeIncBasePriorityPrivilege	5612	ms-teamsupdate.exe
Token: SeCreatePagefilePrivilege	5612	ms-teamsupdate.exe
Token: SeCreatePermanentPrivilege	5612	ms-teamsupdate.exe
Token: SeBackupPrivilege	5612	ms-teamsupdate.exe
Token: SeRestorePrivilege	5612	ms-teamsupdate.exe
Token: SeShutdownPrivilege	5612	ms-teamsupdate.exe
Token: SeDebugPrivilege	5612	ms-teamsupdate.exe
Token: SeAuditPrivilege	5612	ms-teamsupdate.exe
Token: SeSystemEnvironmentPrivilege	5612	ms-teamsupdate.exe
Token: SeChangeNotifyPrivilege	5612	ms-teamsupdate.exe
Token: SeRemoteShutdownPrivilege	5612	ms-teamsupdate.exe
Token: SeUndockPrivilege	5612	ms-teamsupdate.exe
Token: SeSyncAgentPrivilege	5612	ms-teamsupdate.exe
Token: SeEnableDelegationPrivilege	5612	ms-teamsupdate.exe
Token: SeManageVolumePrivilege	5612	ms-teamsupdate.exe
Token: SeImpersonatePrivilege	5612	ms-teamsupdate.exe
Token: SeCreateGlobalPrivilege	5612	ms-teamsupdate.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe
Token: SeTakeOwnershipPrivilege	5248	msiexec.exe
Token: SeRestorePrivilege	5248	msiexec.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
5440	Update.exe
5072	ms-teams.exe
5072	ms-teams.exe
5072	ms-teams.exe
5072	ms-teams.exe
5072	ms-teams.exe
4540	msedgewebview2.exe
4540	msedgewebview2.exe
4540	msedgewebview2.exe
4540	msedgewebview2.exe
5072	ms-teams.exe
3576	ms-teams.exe
3576	ms-teams.exe
3576	ms-teams.exe
4656	msedgewebview2.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
5072	ms-teams.exe
5072	ms-teams.exe
5072	ms-teams.exe
5072	ms-teams.exe
3576	ms-teams.exe
3576	ms-teams.exe
3576	ms-teams.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 5440	2460	MSTeamsSetup.exe	77
PID 2460 wrote to memory of 5440	2460	MSTeamsSetup.exe	77
PID 2460 wrote to memory of 5440	2460	MSTeamsSetup.exe	77
PID 5072 wrote to memory of 4540	5072	ms-teams.exe	86
PID 5072 wrote to memory of 4540	5072	ms-teams.exe	86
PID 5072 wrote to memory of 4540	5072	ms-teams.exe	86
PID 4540 wrote to memory of 1984	4540	msedgewebview2.exe	88
PID 4540 wrote to memory of 1984	4540	msedgewebview2.exe	88
PID 4540 wrote to memory of 1984	4540	msedgewebview2.exe	88
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5112	4540	msedgewebview2.exe	90
PID 4540 wrote to memory of 5060	4540	msedgewebview2.exe	91
PID 4540 wrote to memory of 5060	4540	msedgewebview2.exe	91
PID 4540 wrote to memory of 5060	4540	msedgewebview2.exe	91
PID 5248 wrote to memory of 2908	5248	msiexec.exe	92
PID 5248 wrote to memory of 2908	5248	msiexec.exe	92
PID 5248 wrote to memory of 2908	5248	msiexec.exe	92
PID 4540 wrote to memory of 5980	4540	msedgewebview2.exe	93
PID 4540 wrote to memory of 5980	4540	msedgewebview2.exe	93
PID 4540 wrote to memory of 5980	4540	msedgewebview2.exe	93
PID 4540 wrote to memory of 5980	4540	msedgewebview2.exe	93
PID 4540 wrote to memory of 5980	4540	msedgewebview2.exe	93
PID 4540 wrote to memory of 5980	4540	msedgewebview2.exe	93
PID 4540 wrote to memory of 5980	4540	msedgewebview2.exe	93
PID 4540 wrote to memory of 5980	4540	msedgewebview2.exe	93

C:\Users\Admin\AppData\Local\Temp\MSTeamsSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MSTeamsSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --exeName=MSTeamsSetup.exe --bootstrapperMode
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:5440
- - C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teams.exe
    "C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teams.exe" msteams:?instVersion=3.4.0.0&instExecTime=1731953481365&launchSrc=t2installer
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:5072
  - - C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe
      "C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe" -CheckUpdate -AppSessionGUID 4c236abe-f7ed-4cf5-8048-9ec135e17157
      4⤵
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      PID:5612
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --disable-features=msWebOOUI --disable-popup-blocking --edge-webview-foreground-boost-opt-in --edge-webview-run-with-package-id --enable-features=msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --internet-explorer-integration=none --isolate-origins=https://[*.]microsoft.com,https://[*.]sharepoint.com,https://[*.]sharepointonline.com,https://mesh-hearts-teams.azurewebsites.net,https://[*.]meshxp.net,https://res-sdf.cdn.office.net,https://res.cdn.office.net,https://copilot.teams.cloud.microsoft,https://local.copilot.teams.office.com --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=5072.4768.9354218312857854391
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:4540
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x1b0,0x7ffba9f43cb8,0x7ffba9f43cc8,0x7ffba9f43cd8
        5⤵
        
        PID:1984
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5112
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2036 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5060
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2464 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5980
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:540
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4132
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4884
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:1508
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5324
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:700
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=3284 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4784
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=4152 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6040
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2892 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3364
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=4244 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5324
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4008 /prefetch:2
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:952
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=5184 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4132
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1888,16735601517577400415,16939789842896722164,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=3176 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:800
  - - C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe
      "C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe" -CheckUpdate -AppSessionGUID 4c236abe-f7ed-4cf5-8048-9ec135e17157
      4⤵
      Checks processor information in registry
      PID:5812
  - - C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teams.exe
      "C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teams.exe" msteams:?instVersion=3.4.0.0&instExecTime=1731953481365&launchSrc=t2installer --restart-reason=1 --restart-count=1
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3576
    - - C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe
        
        "C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe" -CheckUpdate -AppSessionGUID bebf70e8-0930-4704-934a-ef64bd24896c
        5⤵
        Checks processor information in registry
        
        PID:2696
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --disable-features=msWebOOUI --disable-popup-blocking --edge-webview-foreground-boost-opt-in --edge-webview-run-with-package-id --enable-features=msSingleSignOnOSForPrimaryAccountIsShared,AutofillReplaceCachedWebElementsByRendererIds,SharedArrayBuffer,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --internet-explorer-integration=none --isolate-origins=https://[*.]microsoft.com,https://[*.]sharepoint.com,https://[*.]sharepointonline.com,https://mesh-hearts-teams.azurewebsites.net,https://[*.]meshxp.net,https://res-sdf.cdn.office.net,https://res.cdn.office.net,https://copilot.teams.cloud.microsoft,https://local.copilot.teams.office.com --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=3576.104.2006868640949010249
        5⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        
        PID:4656
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1a8,0x7ffba9f43cb8,0x7ffba9f43cc8,0x7ffba9f43cd8
        6⤵
        
        PID:3380
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1872,10133742058518768459,3280299609466438201,131072 --enable-features=AutofillReplaceCachedWebElementsByRendererIds,ForwardMemoryPressureEventsToGpuProcess,SharedArrayBuffer,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5388
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,10133742058518768459,3280299609466438201,131072 --enable-features=AutofillReplaceCachedWebElementsByRendererIds,ForwardMemoryPressureEventsToGpuProcess,SharedArrayBuffer,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2192 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2056
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,10133742058518768459,3280299609466438201,131072 --enable-features=AutofillReplaceCachedWebElementsByRendererIds,ForwardMemoryPressureEventsToGpuProcess,SharedArrayBuffer,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2528 /prefetch:8
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5816
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1872,10133742058518768459,3280299609466438201,131072 --enable-features=AutofillReplaceCachedWebElementsByRendererIds,ForwardMemoryPressureEventsToGpuProcess,SharedArrayBuffer,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3812
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1872,10133742058518768459,3280299609466438201,131072 --enable-features=AutofillReplaceCachedWebElementsByRendererIds,ForwardMemoryPressureEventsToGpuProcess,SharedArrayBuffer,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3444
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1872,10133742058518768459,3280299609466438201,131072 --enable-features=AutofillReplaceCachedWebElementsByRendererIds,ForwardMemoryPressureEventsToGpuProcess,SharedArrayBuffer,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6112
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,10133742058518768459,3280299609466438201,131072 --enable-features=AutofillReplaceCachedWebElementsByRendererIds,ForwardMemoryPressureEventsToGpuProcess,SharedArrayBuffer,UseSwapChainsInSoftware,msSingleSignOnOSForPrimaryAccountIsShared,msWebView2EnableDraggableRegions,msWebView2SetUserAgentOverrideOnIframes --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView" --webview-exe-name=ms-teams.exe --webview-exe-version=24277.3507.3205.5228 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=4464 /prefetch:8
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4864

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5248
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 509253287793C376DDEC4D359169D2DD
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5843dd.rbs

Filesize
350KB

MD5
1effea77ab7fdab80184037e4f8541b8

SHA1
04867cfe343c1762fc97e91a86c03a642f6ba8f1

SHA256
e101a24c60e29c34a59c8140ae2dc44d573c4a3137f16845be4bbeaaaec52e06

SHA512
ad4600b9608fe706f29fb9892bee79a7bcf1bb90caf68c19702ab964c52160dc9eeee23a2aea681a91ab15361e26930d0e066d8a8cdb6f006188de91aed812cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
724bc5b1af379436e35dab5d9263098a

SHA1
9ca9ae26596d7bffaece559898e2ba28c0880833

SHA256
6ee2c24e8f0eeda61d1a5b5a7b8f4ca91ce283d614e1f4d5d3df21719d0023cf

SHA512
3c447ee0e65ef68a2dd0e031b2a96e1cfc5c38a555905f1c4821b6ba0b5d6d8d08dd29ebbb50a160d8c88bbf0b165742cb94bf20438eb796d6f3e928b6c11684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
2c0f70d1ba85edfd54d7ba901e6118e3

SHA1
076bd8e7a9539191bdfa7254236d8ee67fbcfe13

SHA256
f4ca030932bde21562aefe75eca1bb324f65277d4090c15e5b58e60ee02276d1

SHA512
57e9883de611a2ab1b236a2aa6c12393235b703044bc32d6461cb4343373eb0f80c6ac639a69db41d2d174442c5d147952ffe8e55499c67c3e15db69fe0bab8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
65e8b19eea822d02f0ecbeb766bfd84b

SHA1
964b2a46d68c5b4fe2c265b6a23b5dc0e24a3711

SHA256
29060568ce238de420fd427aab53d073960c04e4cb9aa1d9bbb8923e1a23862f

SHA512
0ad54ca3e2e78902d81f4a94a97b7fb4a42a8ec78b894960aa3fb7aa287de1ec1a4013b6c19ea2cb70376a40938f7c9f7cede9dd9c8c21fecf6fbf2258a5e7a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
8b4fbe791d6d0b95adaed873903116af

SHA1
11525f76e316e761d478a1d90c5d9ed5a5c379ee

SHA256
7b82f4c1a6a335d577de2c57e1d1ae799ddac922fefd3593b107bc9b53642630

SHA512
d5aeaf26d0d8173882be72b8243d553ca702385e56c7340912ad6bb262cf2e2d3eba58d7e17d2bdebd1277fda7cd561245f9e91b1ad671f7aa04cf13d47d8826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.25702\AddinInstaller.dll

Filesize
34KB

MD5
74c8e73ac9df19ffae99f833d78b58ab

SHA1
f576f7eaa7f10aa8a062c3a8745f5905b796fc79

SHA256
cfd58977a316a67e3f3587703d3ba104dd9a04e88aec44fca06687143ac263c0

SHA512
da66eb6fb1c6423ed25bc8de4b7102e287e34510a10089eca6501c27243b03c9377dc9b14fb741e86198e3bfda5656e20073234f2dd62b41b20e084b4e34f180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.25702\x64\Microsoft.IdentityModel.JsonWebTokens.dll

Filesize
66KB

MD5
622623a04c985eeaa82d2a1f15d508cf

SHA1
f6e6bcc42d1e1bf0dc7d635beb4a1f063a4f2b66

SHA256
041946c132c0561ce8d0a1b0f74eb979d69660deda241bef4a0570f1cd1d9289

SHA512
46027876fd165c8399e3896ab6bcba034bb69cc5e67c68fadb40101db05eb81882b12f86bfb75845155bb94d08c9c7d1c97461f1677b0cbe6b71e3a8358a6f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.25702\x64\System.IdentityModel.Tokens.Jwt.dll

Filesize
81KB

MD5
ef26e784474ef5ee4c86225829784bd6

SHA1
db058e83d7b6cde77821d9da640f7b169fd80e07

SHA256
15aa3a16426b1281f0a4cecafc2a054bb29b7f3d09b3048f048ebf67c4f53e1a

SHA512
7621855326125262ffa2de6577d79fbc20f60f0aad3aa6fd42006ab806438cf262e18cabb802eacb1337b7de424fa32c543b8315436d05e519a29458405ef706

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
49f77345f787f3343a9aaa039dc7b86e

SHA1
2677c335362e4269704f63e1460384d33699bed6

SHA256
0ef453b7442c10ee2829458c1175cfc9c035d5c208e57b118e782283e66d679d

SHA512
5021b1cf6da03f2d206dda5aab0c08c09e6a36176352284aeb54b6b0b12b7986a12b8bee2b2390a54a0fc9e3dd391f4c573d110a2967d4dbf2f64c9723f8fdbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
1b7d930a6c1a23f29625c6124d1b5d3e

SHA1
dcaee9def5c1bca4237b3bd5e373efac942cfde0

SHA256
1a5d7da562f4592f915ec3eb9a55bf5832303a7c126fc06aa5dcf718eaf0c8d1

SHA512
b84a93b2d2d571ae272d11350b5b21271969a9449559afbcfe6f09203d4b088df5adede534f5cebcdd85e01a2d5f25207fa41b68434baa49d09ccfc31f3c939e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
a2752f70d990d4d65e7042cadfbfebf3

SHA1
b4afec65d4e94cefaef11c4ec054ef1fb5f2721d

SHA256
a63867798cd7b6ca0ed4bba03353941ca44f9ea4318cc6fc5f824ca5b108401e

SHA512
911d4fd87120c3f32da8143442d95453e9c096c7bd3018835ce3fc94e68535ece8108a096c64924b865e3309b831c4adc7dae1b247d507baa91caea5dd8375fc

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
6fe4f160b67dbeb0e21b59f568ad8d40

SHA1
7e8d8a74547e0fa67b011fa2a9d589d34c1252b8

SHA256
feaf9421b7bd9b4d932181032c7147d904fb223d887e62f09279e46122f17aef

SHA512
835b2e9e70935feefb132977d60ffc6bf41769b2d11a860015d00fb5f739bd1bd24791365a1facd706c599a7c7c6d46add4495e074c291bb9552ceb60b41d62d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
716ac0832ee148d6e092d0181182099b

SHA1
126eb74ac5dc68b1ae62fa1812f3448bf2c515dc

SHA256
2f967222a94b08ddca1d4af2b57574ac5abd6a64e72a873efd28123ef92f7a4e

SHA512
fb93ffdf29446a87c5c90a22289d00580e49bbaff9da92817fee2dd755be1b01a1ea1b4b904298f5666d60b5c8ab5cb811642dfd22f9491bbc0ae66452e00285

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
02f04d50c029b1b1a41e6f8b1982b7a1

SHA1
6f55ae3c9719601d1d51750953f5fb0043167c73

SHA256
d01a2acd3a878116f6d4f98e207bbc1f04935ffc3d8081cda6e283fb7bef818d

SHA512
0133070600c6a2a5c4744a268011183e32a78c80a51ce7adb7e361a8fb856a7452ebbe45684e2c9438ad95d494d5acff31f1a7717fc9b2dd014105bbb58ceab9

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
5320c0530ef01618f075d1d5690bb760

SHA1
d9af9f98b129bf49becaa71847c7b4092f02f049

SHA256
161b48cdf793f6c9d01aa8b7d3b90321a23d5a49716f3cc64c69f320593d7f89

SHA512
79fbf32fe4434b512a1f8478e9bc5b8fa7fdfb64bdd122e21b91bc298f962414223731389fa1eab3c4425a3d23437e6d6085ee449d2d9f228b150d64d262a39e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Network Persistent State

Filesize
868B

MD5
5218ee37616646e0e9c6ecf8403811fb

SHA1
a54e659336837ddbcd1671e05cc4e9f267a5c500

SHA256
6a916ba85af8fe2dcdbc23f6484d278d49703132d37ffcc7bc10690224392440

SHA512
678bba5c1cfaa9ee87a8e6af0fd9bdc6ed34aba402102ff9b53b011b0e4067e80417f74f625be5670a1b1ee74f170d64e3a6e9ac8fa9909c36ba60499c378c8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Network Persistent State

Filesize
899B

MD5
be0bd8d7f377dbf59836f903a73f88ff

SHA1
18d8b8be8c652eab1754680d1d3c0cd11f4a0ef1

SHA256
246282c182e0d33f05b510386aeda85fe562d6dbbea49537e7f36ca90c29b05d

SHA512
7a32cbc2bcc34d4880bf215a716eda79ef1bbb1531b751c49203f3489c936131d770fa531024c4fb17eb15be6c19410ce0565ead6a4c311fe7e35f28f9c62ee0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Network Persistent State

Filesize
899B

MD5
c43e81a71d96ba4bd15fe7059547ed09

SHA1
826ef268ea2c22f6fb1b16c08e91c7b08356a88a

SHA256
a915608549615cbc57575a27daca840a2f0869294d89bc993be65b54ff59a8f2

SHA512
91b1436bab2ea3c08a4e3699c2fd0defd2b4ee19b1e2b29876e4ec33757fc59a40ab988445a199792be8f6a45a69adf29f1deefe30a823b6e89d724e8c575c5d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Network Persistent State~RFe595cbc.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Preferences

Filesize
3KB

MD5
a9f4ed87e3d45b7c51f6f73cd9a8bee8

SHA1
34df45f1b59ab4061e9a0a1cdf167dd7ec347853

SHA256
64e0b6a4186727bb2fec1a66ae1270f086f2d88912118d830e811fcaec929cf4

SHA512
9f441b5ff23f0df6d848a596126caa0ece5545210c3628fdc8a8ef7f0e3e5c095ea96065b888acac06aac981f943467e43261d02b6873a8f5f8fdb2ad5a65f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Preferences

Filesize
4KB

MD5
fdc0e941ef8f6e499df76de5759d4a07

SHA1
578268f4cc72f88bcda45aaaf7217dae5e5dae2d

SHA256
e3d2e4c3f26d1129f34783672f84fb7ca7ec2bf668111cc9b542373757249892

SHA512
66134970bc5c4bbad805fb834a54939fc1d572195f8bd4b96c520ddfae11827c141d007b4931a3ff5a027ce764a905b20f99a0f5ba9db3f630982b5abff8d5a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Preferences

Filesize
4KB

MD5
e804de414afc1874bbf0a595d1c49b08

SHA1
009fd9a9a44840ac688d8c18701eac4fe762d390

SHA256
6da490ffa4e3aa59f3a5ea0d68f3819c4571c6bce3b05c2e644f5440931e9e95

SHA512
8a122d5d087dd0c46481e5271016d48fe5b0ddfedef02d0424e43fd51f589791e2847096636af68e7e5b0829c3ca2746e6c287b1469f488b3f6cc97463f53ea3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Preferences~RFe5958e4.TMP

Filesize
3KB

MD5
10ae4f71bdf93a1f9aff3ded5330142b

SHA1
4682047d23b9e992180c843af64a2e90f7acd99c

SHA256
0ffd9c494115b3a2aaf9517c8f2f15367eb96101b9a34725a4379afc9c0027ac

SHA512
ac6464d7e2408bd62ef4985bf3cdac51245aa7e68aa3c5cfe78ba28243512e04ba4fc6b72d387c10ababdcf9b0d9b99db66030771bab3e8157de4b56b2570e41

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\4fb209c7-1f12-4624-9dab-20c37f845322\index-dir\the-real-index

Filesize
96B

MD5
acca4bd78e53674d5597c465bd814ec1

SHA1
0fa38f4e26ec3df2ca3cdf374067fced1561a62f

SHA256
d111adc307a06117cf21d90c8715966707a32558dc90e314ba05b3ee6b2a2958

SHA512
22f716013c4d485ef664a93b8e86bdc9b137a583e7295089fd07b5475b22068fd8a5347e651c248b7a149bdb5510f200c26776fa402cebdaeb41fd04f13bdf15

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\4fb209c7-1f12-4624-9dab-20c37f845322\index-dir\the-real-index~RFe58ac68.TMP

Filesize
48B

MD5
ddc0274d3203b33fdc7b74b030555287

SHA1
bdd05c1d60fabb54014ebcec31d17560529991a4

SHA256
1f86e6513eb383faf36396f8b2e60ff9b3ecb7636dd96877b17db0c2c01ed6bc

SHA512
63b3414217631c1a4f4f3e9593180af8ebcfcf7323d167aa029e159c6ab6786549863f5e00699127d592d9cec6bda45888fa976e6c109601ef45316a028495d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\9da4a336-9881-4181-9618-ef17d6b4ba5d\index-dir\the-real-index

Filesize
96B

MD5
ae85ad63018b9e925884fa77797410a9

SHA1
a57a6e9f628e28299088e1632abd5557a4f6e1c2

SHA256
b4969fdab7ffa01fd1a611a3e4c977adb14f67fae14b3949011029393424d4c9

SHA512
e774fe0276e38f93fc25d1ab4922c44a5224424414680adbc4b5ddf0a22362575a63900689aa6b0aca11f60800cc7533622efe0e0121f6e76e9322c83b0b34c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\9da4a336-9881-4181-9618-ef17d6b4ba5d\index-dir\the-real-index~RFe58a90c.TMP

Filesize
48B

MD5
b6fde594dd8de92b6956a6fa6324fc67

SHA1
c54cef8b072d1056ec3f184d80b8ef5e9324c823

SHA256
05e05f3d7130a5466b28867f2f74f4fb1160efca7bdb4a30e7d3f760a2cbb617

SHA512
10d0e84f2b1f670a8cd1fd5793a288d2c0e14d1629c12db3d8a885f34347f58071c4cf669fa0e9da5350c5f1ed0fb40e49dd5bc08b6d4e235fb4b7a3422ea7c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
107B

MD5
4e68d3df01d31aa59d2da315edbfbd54

SHA1
9312b4d65e4774b3580fa72232680301604f31d9

SHA256
cc1cd1c874915269803e5bd8ae95c612d31f781f405c0d89b25b4bb44420efc6

SHA512
99c0f5e835a3e7e7fa01973acbb55fa207562bf10fd90b84b28763f1c03cd3ea0b89780c7d2a7f206960be9421c844a414fbd6616ef8387e7c7c501b163ed35d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
179B

MD5
22129bc22651f9a73894508dc4b00a2f

SHA1
4836a31deca65b2230695bf3877f5de976a02aa6

SHA256
6d30eca2dbd5de3d9dba2547c83e6cdf2a4a4f5442cda1680bb98a914521e9c2

SHA512
be120cdfac6e3eb0ff59faada8f179ffbf403c367c49b4058122807ec55e77f5c2edf67f80e93d861faa5ef67231ccc3d77127a620e89155176e4cc52368b665

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
175B

MD5
3b80593e694a037421489d2204083843

SHA1
13cae885e4753978bbbb50c5e941498d15997068

SHA256
2966976de6ed3028e0aaf58783c8a168aa021b1efc9d9b5a1204ab1d69a9f5f3

SHA512
3409e0c5a860781dbcf9e93b778ca5e1e7258cb93ee7ded14679538ca291fe0193b15e4ff0bacfed04506c9b456e6a8c71c3fed06ab2ec8429171db394fc3d4c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\TransportSecurity

Filesize
1KB

MD5
1aefdf85814c1ae770758d6e5ad9b66a

SHA1
c6683f3f7a6f306ea146ca5e12ee1ccab23df5a6

SHA256
6b1848044013cd750552fb445eeb7c9645af2b16cf85fb1d5e4651378e4c8e51

SHA512
862ad3afbd80aa0323d39c582e2652f115df4f880bd2e4eb666c7a33a5d708550ed18f11b2e70822f4bd8b8b88d9174fd7ff4d3cce932810b4c0f4a7c7ed8bf2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\TransportSecurity

Filesize
1KB

MD5
217a3b4e0ca41a5a5ec04a439e7b33e0

SHA1
66ed853fd30d33aac89339e8ad0b1be714dc4956

SHA256
462194452ce95c350c484874688bd826943bf9e80dd857a76cd51a8df831f94d

SHA512
7db2fdec29969c1a3dda9558cfe7fbee053b4456a1be273d917b54b9d50fafe3195314be3fe63c029b08d0d0dfff1465fef672b98bbc657ba69a6823becc301c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\TransportSecurity

Filesize
1KB

MD5
259b5c194a353b5cd57297e1f404d56b

SHA1
464d5a78a98713b6187393a57548708a292b5802

SHA256
e9b280e49446787d30c14e06a3625745d4564f79ed429d1281c92cb399581ba7

SHA512
63ba1f085ead26ab32da3f72695e43ea8556cf073796428072a983a8205f5505801ff97fdfac5d303e7e2b9baddd75d6ad9e1bc8f45eb0027b470ba0932fc58d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\TransportSecurity~RFe58f690.TMP

Filesize
873B

MD5
b93ebeb50d07e5ed8d21eb2fee44e1de

SHA1
f9d4b4882df1abb2c691fa9cac6486143764b29d

SHA256
59761a3cc1602252a0d8cf11a390dbe0ddbfdc7da55356a207664c66cbd3859b

SHA512
19b12b2b3dc0805c7e0cf1294b329a6ceb0eb66a1ba5c9175e5b12dbb5af0ed9012ff1eadfd3f4056724b88aecefff981d68878ec8ecdc7dcbeba38b18e50e8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Local State

Filesize
8KB

MD5
eb08333eb3e04d6e344b8e018cbe171f

SHA1
d3a1bf06c36bbdc6fa9c4183a06462b3186b8628

SHA256
e3a0ab17ae94f0fa404a3d99cc43bad1b8bbb24a9a6e71037e76ae0b5f38f02d

SHA512
caaa08ab57ca0e7bdf73117c64282b3cddb94d7f7090c2f4f2a0db1fefdfb0e784f86967c57ad66a5193cc4e74f0bae2da3a5242bb775b9641827a8e88ee1f6a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Local State~RFe5892f4.TMP

Filesize
8KB

MD5
048e7aea7741d6d40190e2100a1cf892

SHA1
2bd9069fe443858d6403271b78db0cc5aa1bb1ad

SHA256
e5a45cc4d1362bdd16a920d0cb099356a763d1e36a1ec3b8ea942bb8db5a0584

SHA512
2a3caa36c93215018cb15eedb779282baeb505ff20e78cb05254c47b64e1dff38df05178dab2f9b852bbcdd0ed70d85a5e2fbdbd8e5a2a383903af9be70e36a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Advertising

Filesize
24KB

MD5
131857baba78228374284295fcab3d66

SHA1
180e53e0f9f08745f28207d1f7b394455cf41543

SHA256
b1666e1b3d0b31e147dc047e0e1c528939a53b419c6be4c8278ee30a0a2dbd49

SHA512
c84c3794af8a3a80bb8415f18d003db502e8cb1d04b555f1a7eef8977c9f24e188ae28fc4d3223b52eab4046342b2f8fd0d7461130f3636609214a7b57f49cb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Analytics

Filesize
4KB

MD5
da298eacf42b8fd3bf54b5030976159b

SHA1
a976f4f5e2d81f80dc0e8a10595190f35e9d324b

SHA256
3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec

SHA512
5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\CompatExceptions

Filesize
689B

MD5
108de320dc5348d3b6af1f06a4374407

SHA1
90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b

SHA256
5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53

SHA512
70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content

Filesize
6KB

MD5
97ea4c3bfaadcb4b176e18f536d8b925

SHA1
61f2eae05bf91d437da7a46a85cbaa13d5a7c7af

SHA256
72ec1479e9cc7f90cf969178451717966c844889b715dff05d745915904b9554

SHA512
5a82729fd2dce487d5f6ac0c34c077228bee5db55bf871d300fcbbd2333b1ee988d5f20ef4d8915d601bd9774e6fa782c8580edca24a100363c0cdce06e5503f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Cryptomining

Filesize
1KB

MD5
16779f9f388a6dbefdcaa33c25db08f6

SHA1
d0bfd4788f04251f4f2ac42be198fb717e0046ae

SHA256
75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639

SHA512
abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Entities

Filesize
68KB

MD5
571c13809cc4efaff6e0b650858b9744

SHA1
83e82a841f1565ad3c395cbc83cb5b0a1e83e132

SHA256
ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b

SHA512
93ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Fingerprinting

Filesize
1KB

MD5
b46196ad79c9ef6ddacc36b790350ca9

SHA1
3df9069231c232fe8571a4772eb832fbbe376c23

SHA256
a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3

SHA512
61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Other

Filesize
34B

MD5
cd0395742b85e2b669eaec1d5f15b65b

SHA1
43c81d1c62fc7ff94f9364639c9a46a0747d122e

SHA256
2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707

SHA512
4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Social

Filesize
355B

MD5
4c817c4cb035841975c6738aa05742d9

SHA1
1d89da38b339cd9a1aadfc824ed8667018817d4e

SHA256
4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6

SHA512
fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Advertising

Filesize
2KB

MD5
326ddffc1f869b14073a979c0a34d34d

SHA1
df08e9d94ad0fad7cc7d2d815ee7d8b82ec26e63

SHA256
d4201efd37aec4552e7aa560a943b4a8d10d08af19895e6a70991577609146fb

SHA512
3822e64ca9cf23e50484afcc2222594b4b2c7cd8c4e411f557abea851ae7cbd57f10424c0c9d8b0b6a5435d6f28f3b124c5bc457a239f0a2f0caf433b01da83f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Analytics

Filesize
432B

MD5
01f1f3c305218510ccd9aaa42aee9850

SHA1
fbf3e681409d9fb4d36cba1f865b5995de79118c

SHA256
62d7286cd7f74bdfda830ee5a48bce735ee3661bda8ceac9903b5627cbd0b620

SHA512
e5b665e981f702a4a211d0569bb0bc42e3c29b76b3f75aaf8dc173f16f18f7c443f5cf0ccf1550df3aa2b151e607969c2c90ab1a6e7a910dfeb83854cea4e690

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Content

Filesize
48B

MD5
7b0b4a9aafc18cf64f4d4daf365d2d8d

SHA1
e9ed1ecbec6cccfefe00f9718c93db3d66851494

SHA256
0b55eb3f97535752d3c1ef6cebe614b9b67dddfcfd3c709b84c6ecad6d105d43

SHA512
a579069b026ed2aaef0bd18c3573c77bfb5e0e989c37c64243b12ee4e59635aaa9d9c9746f82dcc16ca85f091ec4372c63e294c25e48dfffbed299567149c4e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Cryptomining

Filesize
32B

MD5
4ec1eda0e8a06238ff5bf88569964d59

SHA1
a2e78944fcac34d89385487ccbbfa4d8f078d612

SHA256
696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5

SHA512
c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Entities

Filesize
42KB

MD5
f446eb7054a356d9e803420c8ec41256

SHA1
98a1606a2ba882106177307ae11ec76cfb1a07ee

SHA256
4dc67d4b882621a93ffdb21a198a48a0bc491148c91208cf440af5f0de3ef640

SHA512
3cc3a521b297e4f48ed4ba29866a5ade380c9f0c06d85bea4140e24b05c6762d645df3d03d0a7058383b559baa3ae34ad3ed2b06017e91a061632862911a823b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Fingerprinting

Filesize
172B

MD5
3852430540e0356d1ba68f31be011533

SHA1
d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff

SHA256
f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054

SHA512
7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Other

Filesize
91B

MD5
09cedaa60eab8c7d7644d81cf792fe76

SHA1
e68e199c88ea96fcb94b720f300f7098b65d1858

SHA256
c8505ea2fe1b8f81a1225e4214ad07d8d310705be26b3000d7df8234e0d1f975

SHA512
564f8e5c85208adabb4b10763084b800022bb6d6d74874102e2f49cc8f17899ce18570af1f462aa592a911e49086a2d1c2d750b601eedd2f61d1731689a0a403

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Social

Filesize
3KB

MD5
318801ce3611c0d25c65b809dd9b5b3c

SHA1
b9d07f2aa9da1d83180dc24459093e20fe9cf1d8

SHA256
2458da5d79b393459520e1319937cfc39caadbc2294f175659fae5df804e1d03

SHA512
7daff0253da90f35bf00141b53d39c7cadacf451a7ecf1667c4ca6e8aed59a0c4a6b44ddc2afffa690e12c2134eddb9f46f72e4317ce99c307d9e524a5fd1103

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Staging

Filesize
16KB

MD5
39bdf35ac4557a2d2a4efdeeb038723e

SHA1
9703ca8af3432b851cb5054036de32f8ba7b083f

SHA256
04441a10b0b1deee7996e298949ac3b029bd7c24257faf910fe14f9996ba12ae

SHA512
732337f7b955e6acaf1e3aaa3395bc44c80197d204bd3cbb3e201b6177af6153cc9d7b22ad0e90b36796f92b0022806c32ac763eaec733b234503890900bf284

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs\Launcher_2024-11-18_18-11-22.00.log

Filesize
378B

MD5
07c257366364d9148f2ec5b282edd146

SHA1
f1d347f01e18c5011626d09191c579fe92e90a68

SHA256
03a20da7fb3f9bd472b1f84f1d3ffbfc1b15cc1d61521ec48cafe00aecaa009a

SHA512
851b451ca95fcc9c0f823a1c5e1ee9341957c73e5870ca6cafa7ade413e54e880ec0d21aee9e9d0d00b73ccaf994d49609c2ae99319d64201bb247ad95415b57

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs\MSTeamsUpdate_2024-11-18_18-11-23.00.log

Filesize
4KB

MD5
b041c65d013ed44df759b14841e4182e

SHA1
7405ac1c561a87750c90b873c65ba8b5be0f05e2

SHA256
8f86005f857e11f6d7da5063b26ce522815a7e82fa975ee2f67b849503bfed9b

SHA512
f8831f060714c16fd3b996a4de4401457318400fa88048b7ccd2b3d16f70af4647cb2921bc7fb86bf1b22cfe77847a794d0f3446d695ff62aba0949128a6b081

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs\MSTeamsUpdate_2024-11-18_18-11-25.01.log

Filesize
1KB

MD5
82959f9435bc42d9dce50aaa2b199905

SHA1
954d5c5862dedca37d48ddefe323f5b37fd2d679

SHA256
403e0a1ad060423604006d1a69e7f9b9c96b9cd24904da51df0e286d24b0e68f

SHA512
e63cff6e7e1394c2afee31010687bb41c461c4414fbc14c5a92f9507b307c75b323986715873448f266824cc57be3e805cc4e979cc28277df7be4efdefbb4446

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs\MSTeamsUpdate_2024-11-18_18-15-14.02.log

Filesize
3KB

MD5
f13b1a1be5e0e4823adc4c3fe737b2d2

SHA1
e33a732df395b33161aa1d9a04a8c0f521eaba1f

SHA256
7de4b3d14b6961f6da8636a4968ccf97ef141ecde2987db427cb1f0c495db4f5

SHA512
6fb70c2fefaa12b5c8d251e2dd28177133c2f70a1691caf99737c16075ebd18ee146e383c8abe5bef1e3531be1c7e37142856ebe9b1712ad745a22f5969a094e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs\MSTeams_2024-11-18_18-11-22.00.log

Filesize
131KB

MD5
5ea7b6e9fbd22e58d146f54862e30cff

SHA1
9c96ba145e610bf97dd1c7eb54e06faa4be11d11

SHA256
7e764afe23001fee0363fe2e5dc716b1533ce764f9dd59e5feb24d286a6ee583

SHA512
26d72c5e7f298209d4b38478008d447d99e17c625c5f612812ed6e1e8db2ea7e0844aa52c622d33ff010431cc6121572b3aaa632697c0d7b05c54151101ebb1b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs\tma_addin_msi.log

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\app_settings.json

Filesize
985B

MD5
5995d7d0c7088db15b5c906d5910bb19

SHA1
f1aa2e752edc1c20a317f022613e582e32057d18

SHA256
4d7a73de9bb2d173fe4cfbc2415e40081c110bfa0c8bb8ee15c965a5741badb5

SHA512
267a1056d3a4c164afad6cb88fdb21596716cff7eb4f7b18fd4b6eb6c5aaa2a85ec5d1083231619f4600a87ded42e7744362017e46a589baf0151ff396129ae4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\app_settings.json~RFe584002.TMP

Filesize
952B

MD5
0b44af534fe6777f7176293dff1a8288

SHA1
bbfb1062216d4bf7f01f7048642634196a9abcf2

SHA256
561b401b9283d027d9cc74f825a1dafd80e4e8599463fcdaccd154fc713cb6df

SHA512
cb10c2df8418afb72ac70e8754c2929c4beda2e83314dc9b77738aec56d15c500f890ebecf079a071170085fd6033e6540e07c8c32684e64f00386e7d72632d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\ecs_settings.dat64

Filesize
2.0MB

MD5
7f112580bae2076e18008a9c67bc75e5

SHA1
dbf279327eeed01a2d1cc0e56488b1b543e07013

SHA256
cee62b719dae96f3f7c4fc009bff604d1be1b2ed4555a62d8760602984ddeb26

SHA512
50b5d78ef1bec21442f1ddd5d5260db7a005e7712e9edc89ce0c504368c381649084e8053b7ded05fab2a6ad22d303b27d55fee49300a1dfb7f39317bf1fe144

Download Submit
C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\ecs_settings.dat64

Filesize
2.0MB

MD5
950a5a83d42149890f692903ad40997a

SHA1
a0f8cfff183da4b123fe87072cc1dd02ea3a8167

SHA256
88d660cb00bb438625b5c116c84c59e618b52b95f71a9454baf418cbd4fa1f0f

SHA512
d25bbe17c4bab7fa8949b1174cdc03842bb866c5001fa0bfe208bb5ab1868efff56a451f94615a4560774cdac384c8579a952d6c25484620a64caf40f8a44760

Download Submit
C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json

Filesize
7KB

MD5
49138edea60c07dced495736ad07ccf0

SHA1
f23af93d35ff9878b74db59fb8863d2efac952cb

SHA256
cdded6f005f6cb2595fb58bbcb6a9e92b4c4c19254c9f1c5ad10fcdff0f2b835

SHA512
3950f1d623a912d44fabb19e0b91030506882bca44050e9b20430e8c102cde0595a259144684aac20fc0fd669e64778b55bee4c6de7f16e161975d6bc412000a

Download Submit
C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json

Filesize
7KB

MD5
278111ac7b5fff54d9cfdb57e6875db1

SHA1
5eecf624ea0f2ed4253c8da633dca204f1a81de3

SHA256
4f24ea4f23bbeea9a60ef9abf938dbf3b6c73e89ba796f4c09a1af7838a2a060

SHA512
3b02f11593ddb1352b69792c58e01f12a7812b824abc42052439219759e8ba5b11204866f1f78c6688b195ad4cbc803aeeeeafc6d8101e12586a215977da474e

Download Submit
C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json

Filesize
143B

MD5
0417ac05936ee0d610e80c9979bfe6ef

SHA1
bd44372c9246b80f46724eadc63677c2706162cd

SHA256
8188872d40bfa8041e6acfb3f1f3c3fdc5756bb8d622f64fb110783499b0426c

SHA512
102078c6e33ff5c58fdde0afd68f7e5fc21e7bcd518c1133ec1fb750865e7700619937e99f16b6b71b57b510c7b9399b4d6a2f1db5b1a37c3214db31a958d26c

Download Submit
C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json

Filesize
361B

MD5
fa7d729d042cb448b8edb0fe923c4057

SHA1
a749398f64167134201aca401373aaf2326d08be

SHA256
9ee1189ee5a09ac6df46c812217bcaaf8f7811ff38399c40ddf1ddb46bd382bc

SHA512
d9672da8ca4875c52dfba76c0bb0f3ac96ef829fab600ac440f5ac83f123ff61cb1e80dfb4d41f70da70abb33b949a619f9e9312d341587fafb55ef41ebb53ea

Download Submit
C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json

Filesize
7KB

MD5
cb78347ca1b8fbeaf8c594e210c6b0e2

SHA1
52266f88d6605b9d4c882543c60462930416190a

SHA256
4a216d59cca87899a27e43730c7d7b53a186b039b08f1db9242f755ebcb343a0

SHA512
e4b01f7ec90b5469587ec69c495c6799f0216d22744bfa2b1552a0583d1f10b95071543e17a9c5293d7b7d442fa2c4e2759a7004224ea5b3427a0bbd3b34547b

Download Submit
C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json

Filesize
361B

MD5
f389e2e7fb4747ac18f68831e110cd2e

SHA1
3832f1dde27fd8b5ff367c0bbe231355f83f4e11

SHA256
aa636fb01eeebaff511065d827dd204c325374b5fe121610df2d3a1e56965cc3

SHA512
556c3720b771ece8dc4d41cbedb0eb53d5f3792eca0c9c0de2a3324e283675be893e49968fe495297850504931e23bb34b6e6914b0411e11f37fdce9b8e17cb4

Download Submit
C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json~RFe583eba.TMP

Filesize
124B

MD5
98d8595a47c9f70033706bb441d55a86

SHA1
162943310d516c7f44341af615241bbcd08f5c87

SHA256
d651df9b25e7b36f5492d15050c5281f0519042cbc4b40742332d10fe220d90c

SHA512
c7c81b6d80d0a868eaff3193e53f24c0eeeb25d7cf8d4df1b0d0aec14a4ef5f402e290ff5c9640cc3687462f8a9ccd4957715e823e9a50f38d635b7a7dc44e1b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
2.5MB

MD5
b690b2420b21107e633b4e325768c1d0

SHA1
8f3faaab9eb83af7eb1c9963230e5980642c1dfb

SHA256
1f2a34f84b7f4171bcd0d40c80acee8aef0d9dc3529deb3e372bae180f571c14

SHA512
64b900fb5cefb8dec747c768061ea95d4ae2202127ae41cad46a59ab5e5cdfaaa78743d6383241a124e3ee4e2015566eb8f05285e16c12669745e23d293c90f6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\downloading.gif

Filesize
8KB

MD5
3488a1749b859e969c01ba981036fab6

SHA1
a65b72461fa14c89fce0d025e43454830a1f7972

SHA256
c3fa333fdbce95d504aee31912993dc17ab31324428f557ac774f7e98b049b99

SHA512
7363003422bdaabb7943439ee1e846867f0f3d0baed3456424544a81989bd2d142a411cf982d90e4158314d410cd1a1a4ee33d8707219b4274cd2841705bcecc

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\endpoint.json

Filesize
610B

MD5
34b2a3afe7ae8ad113f54e64d2f62111

SHA1
c0afa4727bab161b777363fd49225d7ef084c16e

SHA256
1578d085af8165ef971cbb88d327e07c2b82c34eff379fcb2ab030a188b2981d

SHA512
d6a8a70603157f0cf4b4d2a2992b8082d30e35aab7e47f973e8bde5841dc5528f7a62a8d3889093343f0a806a1161965126140345ffcb4cb0dbd36e56f155720

Download Submit
C:\Users\Admin\AppData\Local\Temp\CFG4810.tmp

Filesize
150B

MD5
2be48f533744efa173a2ede37ea8031e

SHA1
41fad4dd24cc97a3d3056b026ca8056c9e4b9e3f

SHA256
02375fa63b79648ed6bb419c08f78ba9032ee22ba7170250e24427f47fddfa4e

SHA512
f49495311687f2a1af4ff60f8ff304d3ccddcd66effc36dfcfd71de91ee86a405c14c3f9bd81240cca76d4de1f4abd3259a7af6d53b2c3737c8963123d6f6815

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft\Teams\meeting-addin\meeting-addin-t21-msi.log

Filesize
1KB

MD5
519caf006b8c6d691884b3ae074569ed

SHA1
39e6b0b6bcd7be533ab2407b1ddc4ee949091057

SHA256
680274934a1f24ac2b30e6e4ec18797958e3d343a2ec0dd81fdf7fc028d786f5

SHA512
206bca32bf8f09c18160afc45ed2e2f2601b1caf0b8e0b5777cf4d47a61816689a1ce2db00450463c3530e8ca3eb414d76971c4bdd6c67aea9ffe385e4376d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db

Filesize
4KB

MD5
0c10104f99ef8f2a0476409bf24f918d

SHA1
49fb0dd5654ff54c2c772185a861a0e020b0940c

SHA256
a5593a4889231be7bc937df4ab64854aaaed43ef4da8e4c3694b8865bce979cc

SHA512
c58cfebdade8fd18b8c3e997aa5b199a41a576fe71cd435bf4c76a740710ab54b7ba66c9a720b3fac94cb37e2c534a32d7ac6def527ec5dbec40b81b4822efdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal

Filesize
48KB

MD5
a1ab4d2fb8a25013567f4b22230a33a5

SHA1
415e9458ef0b4c89cfa06b8399c2200e5b289ecc

SHA256
782f1b0b4241c620c7b35e0410644361510e2d0f7fc9c814aca1df129ba81fc5

SHA512
5c2e1dab9ac918f22fce7fc0ff4e838b61546f79f574e8c04be12f0505f0f5644270042b367cea1392e7cbfa7d39a04db742c0c5abae75ba78a96b7c595d7be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal

Filesize
52KB

MD5
e28e94a33fab459ef00089baf8488fd6

SHA1
c37158e7356698c38391f03a5f606ac03da266c1

SHA256
51f2fb3295049137813b36d1a450255d2d1f43e51f57771c49fed17ddf07af72

SHA512
63f85815a1f0b011e4ad209d0f44a7cc9c4ebdc7adb86fe7d6c5e61ad9a6ef40310e091fe4d51f71a54aad3e752994dd34ab54187279a8aa6c0cec22248208c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal

Filesize
56KB

MD5
662e4e57e2bcd670f1df23b4d98b37db

SHA1
42078a94f31399031f3e10dc687bcc4a5ebfffeb

SHA256
37c8887eb140166efaefd683594fe7e0463e139e8f1c104c15542f34bc869ad0

SHA512
45bc1e48a58fe9f9c0316faa81ca9f787ed291d22def3fcdaff748457f9d771f63ebd618fd8c4453c48ddb0eae2bcc0d8fd36a191ed30c03a076d483eab23967

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db.ses

Filesize
53B

MD5
418594f8493d5a95725fe5316c052aae

SHA1
c7ad6586478e21478061a356687ef5c588124863

SHA256
af2464abb1e4a1c78bf8f8da312480b1c49ca189554308c9869275f68d71758d

SHA512
849f46d2dce338185c50088f9128fa53ecd13cd3c1cb298edb3d6d25e84e74a4f06cc5cf40abb5870f84b6503e72c1b1614a7285a4ef4c00ddf6e51fd6b9fc0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d67eec451f4b0a17.customDestinations-ms

Filesize
5KB

MD5
c4c967f28e84b21294f316729c4d0d4d

SHA1
1bb67a8a80cf6fc195b57e886411edf541944680

SHA256
f8d7e53b7c303304201bd10a95712cfdca366cb01f374f1f5dc4b24fea875063

SHA512
a62810e56f101bc092d4d5822c63366599a81b4c21efc6595e1da9273e5247581e1f1b26fcd242aa3f69c3dcefbc1a72ec55095f8af8aac15ca4f2081158da16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d67eec451f4b0a17.customDestinations-ms

Filesize
24B

MD5
4fcb2a3ee025e4a10d21e1b154873fe2

SHA1
57658e2fa594b7d0b99d02e041d0f3418e58856b

SHA256
90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

SHA512
4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d67eec451f4b0a17.customDestinations-ms

Filesize
5KB

MD5
76331e00eee574eda770ff8f92c1be75

SHA1
de5de92b968b64c869085fe65b2ce00017cc302d

SHA256
6f67a1140a2b4d53cb24ba0969ce7fca4411594e694595953bbcf560c2d49eea

SHA512
744ac2445f0d1ebd4c89646fd27f2da467f7f46271eef8e410abd188a3568a606815541153ca52a647012f1d0b4a0647617e07b5d4f3218dfb2785b1ba90af90

Download Submit
C:\Windows\Installer\MSI45FD.tmp

Filesize
298KB

MD5
684f2d21637cb5835172edad55b6a8d9

SHA1
5eac3b8d0733aa11543248b769d7c30d2c53fcdb

SHA256
da1fe86141c446921021bb26b6fe2bd2d1bb51e3e614f46f8103ffad8042f2c0

SHA512
7b626c2839ac7df4dd764d52290da80f40f7c02cb70c8668a33ad166b0bcb0c1d4114d08a8754e0ae9c0210129ae7e885a90df714ca79bd946fbd8009848538c

Download Submit
C:\Windows\Installer\MSI631D.tmp

Filesize
113KB

MD5
8fa4088a730b967d85df562fd5ef7d5e

SHA1
629db9229f4a4a691e14f38f4dbffba157fa1ce9

SHA256
cdb195012fa5d3cfb80f8ea9fb23348c8749720d7e3a20cb7774cfd717f2df36

SHA512
1037170aed40aa33a4f983e168ae91247c23768fa502877d0b872a462d04fd5687cc50056add6419e3637306ae15beb1cfd04a51f126109faece09087ec16fb2

Download Submit
C:\Windows\Installer\e5843da.msi

Filesize
13.2MB

MD5
cebba83400d9eb6d33ef0bb7332bdada

SHA1
21db05f342dc62d01a863c63164f83bf00ad7f8a

SHA256
2db4946704305d2f59ac879da7ec8f8a4d928d6badcc2fe2bea5f375fb2d2314

SHA512
2d082dbd6214c51c7226f9110b02c0d145cf30b181d274393b9a27ad38d86d43327cecfc15521770812e6772dc9885f9b0c704acabb58618ab196f8bd3fe24dc

Download Submit
memory/800-1217-0x0000024531340000-0x00000245314EC000-memory.dmp

Filesize
1.7MB

Download
memory/2908-874-0x00000000034A0000-0x00000000034AA000-memory.dmp

Filesize
40KB

Download
memory/2908-870-0x0000000003460000-0x000000000347A000-memory.dmp

Filesize
104KB

Download
memory/2908-888-0x00000000036B0000-0x00000000036EC000-memory.dmp

Filesize
240KB

Download
memory/2908-887-0x00000000034E0000-0x00000000034F2000-memory.dmp

Filesize
72KB

Download
memory/3364-1099-0x00000272E8540000-0x00000272E86EC000-memory.dmp

Filesize
1.7MB

Download
memory/4132-1162-0x0000015EEC540000-0x0000015EEC6EC000-memory.dmp

Filesize
1.7MB

Download
memory/5112-133-0x00007FFBCAA00000-0x00007FFBCAA01000-memory.dmp

Filesize
4KB

Download
memory/5112-963-0x00000203C1940000-0x00000203C1AEC000-memory.dmp

Filesize
1.7MB

Download
memory/5112-1416-0x00000203C1940000-0x00000203C1AEC000-memory.dmp

Filesize
1.7MB

Download
memory/5324-1123-0x000001E411940000-0x000001E411AEC000-memory.dmp

Filesize
1.7MB

Download
memory/5388-1807-0x0000023035B40000-0x0000023035CEC000-memory.dmp

Filesize
1.7MB

Download
memory/5440-29-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-19-0x0000000007430000-0x0000000007456000-memory.dmp

Filesize
152KB

Download
memory/5440-27-0x000000007431E000-0x000000007431F000-memory.dmp

Filesize
4KB

Download
memory/5440-26-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-24-0x000000000BBF0000-0x000000000BC28000-memory.dmp

Filesize
224KB

Download
memory/5440-30-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-31-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-43-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-25-0x000000000BBD0000-0x000000000BBDE000-memory.dmp

Filesize
56KB

Download
memory/5440-23-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-22-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-28-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-16-0x0000000006250000-0x000000000677C000-memory.dmp

Filesize
5.2MB

Download
memory/5440-7-0x000000007431E000-0x000000007431F000-memory.dmp

Filesize
4KB

Download
memory/5440-13-0x0000000005BB0000-0x0000000005C16000-memory.dmp

Filesize
408KB

Download
memory/5440-11-0x0000000005400000-0x000000000541E000-memory.dmp

Filesize
120KB

Download
memory/5440-10-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5440-9-0x0000000002E40000-0x0000000002E4A000-memory.dmp

Filesize
40KB

Download
memory/5440-8-0x00000000006B0000-0x000000000092A000-memory.dmp

Filesize
2.5MB

Download
memory/5816-1808-0x0000020813D40000-0x0000020813EEC000-memory.dmp

Filesize
1.7MB

Download
memory/5980-964-0x000002269CD40000-0x000002269CEEC000-memory.dmp

Filesize
1.7MB

Download
memory/6040-1058-0x00000259E7140000-0x00000259E72EC000-memory.dmp

Filesize
1.7MB

Download