Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

MSTeamsSetup.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    417s
  • max time network
    439s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/11/2024, 20:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MSTeamsSetup.exe

  • Size

    1.4MB

  • MD5

    7ee6219d0f497752aa7f1c129ca50bc1

  • SHA1

    68bec1b6c594b6bdaf74b4062e4b3c477aa6a1ad

  • SHA256

    c8db62bed2305b35860ba601c926f664da5c49cb58db6e364f0ed2805af511f0

  • SHA512

    a91760aeb550d5683ce0222f40addb3507b79ccf10199c6c5a4773d3b3fc0bcf874360202bfcdca0871da5efe94b94b24fecb72dd5ebeca02939928c5a534094

  • SSDEEP

    24576:E9Yu8GgnSf7uw7J8qyKD0OIqKT//pIgl6A5H2TuDWkd3WZZ7SuW42C7Z32o3:zGMo7NSK/Iqwp/6A5Wgz501SuWYZ3V

Score
6/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Drops file in Windows directory 12 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 18 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MSTeamsSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\MSTeamsSetup.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3920
    • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --exeName=MSTeamsSetup.exe --bootstrapperMode
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3028
      • C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teams.exe
        "C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teams.exe" msteams:?instVersion=3.4.0.0&instExecTime=1731963565608&launchSrc=t2installer
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3692
        • C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe
          "C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe" -CheckUpdate -AppSessionGUID 8cdbb87f-d396-44d4-8c8d-21d482334db1
          4⤵
          • Checks processor information in registry
          • Suspicious use of AdjustPrivilegeToken
          PID:3020
        • C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe
          "C:\Program Files\WindowsApps\MSTeams_24277.3507.3205.5228_x64__8wekyb3d8bbwe\ms-teamsupdate.exe" -CheckUpdate -AppSessionGUID 8cdbb87f-d396-44d4-8c8d-21d482334db1
          4⤵
          • Checks processor information in registry
          PID:2912
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5084
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 30F62D1B3D1C8E9BED708ED63B3512F1
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:5020

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    85.49.80.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    85.49.80.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    teams.live.com
    Update.exe
    Remote address:
    8.8.8.8:53
    Request
    teams.live.com
    IN A
    Response
    teams.live.com
    IN CNAME
    s-0005.s-msedge.net
    s-0005.s-msedge.net
    IN A
    52.113.194.132
  • flag-us
    DNS
    134.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    132.194.113.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    132.194.113.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    statics.teams.cdn.office.net
    Update.exe
    Remote address:
    8.8.8.8:53
    Request
    statics.teams.cdn.office.net
    IN A
    Response
    statics.teams.cdn.office.net
    IN CNAME
    teams-staticscdn.trafficmanager.net
    teams-staticscdn.trafficmanager.net
    IN CNAME
    statics.teams.cdn.office.net-c.edgesuite.net
    statics.teams.cdn.office.net-c.edgesuite.net
    IN CNAME
    statics.teams.cdn.office.net-c.edgesuite.net.globalredir.akadns.net
    statics.teams.cdn.office.net-c.edgesuite.net.globalredir.akadns.net
    IN CNAME
    a1813.dscd.akamai.net
    a1813.dscd.akamai.net
    IN A
    2.20.12.79
    a1813.dscd.akamai.net
    IN A
    2.20.12.69
  • flag-gb
    GET
    https://statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix
    Update.exe
    Remote address:
    2.20.12.79:443
    Request
    GET /production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix HTTP/1.1
    Host: statics.teams.cdn.office.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: application/octet-stream
    Accept-Ranges: bytes
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 88e2cdff-a01e-0043-61e4-36f4a4000000
    x-ms-version: 2014-02-14
    x-ms-lease-status: unlocked
    x-ms-lease-state: available
    x-ms-blob-type: BlockBlob
    Content-Disposition:
    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Content-Language,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Content-Disposition,Accept-Ranges,Content-Length,Date,Transfer-Encoding
    Access-Control-Allow-Origin: *
    Last-Modified: Thu, 14 Nov 2024 17:34:27 GMT
    ETag: "0x8DD04D296D32167"
    Content-Length: 194312898
    Cache-Control: must-revalidate, max-age=66032
    Date: Mon, 18 Nov 2024 20:58:53 GMT
    Connection: keep-alive
    Akamai-Request-ID: 0.85fd1302.1731963533.7e0100ee
    Report-To: {"group":"NelMSTeams","max_age":604800,"endpoints":[{"url":"https://teams.nel.measure.office.net/api/report?cat=teams"}]}
    NEL: {"report_to":"NelMSTeams","max_age":604800,"failure_fraction":0.2,"success_fraction":0.001}
    Timing-Allow-Origin: *
  • flag-us
    DNS
    57.110.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.110.18.2.in-addr.arpa
    IN PTR
    Response
    57.110.18.2.in-addr.arpa
    IN PTR
    a2-18-110-57deploystaticakamaitechnologiescom
  • flag-us
    DNS
    79.12.20.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.12.20.2.in-addr.arpa
    IN PTR
    Response
    79.12.20.2.in-addr.arpa
    IN PTR
    a2-20-12-79deploystaticakamaitechnologiescom
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    teams.events.data.microsoft.com
    ms-teamsupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    teams.events.data.microsoft.com
    IN A
    Response
    teams.events.data.microsoft.com
    IN CNAME
    teams-events-data.trafficmanager.net
    teams-events-data.trafficmanager.net
    IN CNAME
    onedscolprduks00.uksouth.cloudapp.azure.com
    onedscolprduks00.uksouth.cloudapp.azure.com
    IN A
    51.105.71.136
  • flag-gb
    POST
    https://teams.events.data.microsoft.com/OneCollector/1.0/
    ms-teams.exe
    Remote address:
    51.105.71.136:443
    Request
    POST /OneCollector/1.0/ HTTP/1.1
    Accept: */*
    APIKey: bc3902d8132f43e3ae086a009979fa88-53cb834e-6960-410e-b9c7-ebbc1d63726d-7072
    Client-Id: NO_AUTH
    Content-Encoding: deflate
    Content-Type: application/bond-compact-binary
    Expect: 100-continue
    SDK-Version: EVT-Windows-C++-ECS-3.8.32.1
    Upload-Time: 1731963567905
    Host: teams.events.data.microsoft.com
    Content-Length: 3600
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Content-Length: 9
    Content-Type: application/json
    Server: Microsoft-HTTPAPI/2.0
    Strict-Transport-Security: max-age=31536000
    time-delta-millis: 1956
    Access-Control-Allow-Headers: time-delta-millis
    Access-Control-Allow-Methods: POST
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Origin: *
    Access-Control-Expose-Headers: time-delta-millis
    Date: Mon, 18 Nov 2024 20:59:29 GMT
  • flag-us
    DNS
    136.71.105.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.71.105.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    136.71.105.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.71.105.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    136.71.105.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.71.105.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    136.71.105.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.71.105.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    teams.events.data.microsoft.com
    ms-teamsupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    teams.events.data.microsoft.com
    IN A
    Response
    teams.events.data.microsoft.com
    IN CNAME
    teams-events-data.trafficmanager.net
    teams-events-data.trafficmanager.net
    IN CNAME
    onedscolprduks00.uksouth.cloudapp.azure.com
    onedscolprduks00.uksouth.cloudapp.azure.com
    IN A
    51.105.71.136
  • flag-us
    DNS
    teams.events.data.microsoft.com
    ms-teamsupdate.exe
    Remote address:
    8.8.8.8:53
    Request
    teams.events.data.microsoft.com
    IN A
  • flag-gb
    POST
    https://teams.events.data.microsoft.com/OneCollector/1.0/
    ms-teamsupdate.exe
    Remote address:
    51.105.71.136:443
    Request
    POST /OneCollector/1.0/ HTTP/1.1
    Accept: */*
    APIKey: bc3902d8132f43e3ae086a009979fa88-53cb834e-6960-410e-b9c7-ebbc1d63726d-7072
    Client-Id: NO_AUTH
    Content-Encoding: deflate
    Content-Type: application/bond-compact-binary
    Expect: 100-continue
    SDK-Version: EVT-Windows-C++-ECS-3.8.32.1
    Upload-Time: 1731963573077
    Host: teams.events.data.microsoft.com
    Content-Length: 2298
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Content-Length: 9
    Content-Type: application/json
    Server: Microsoft-HTTPAPI/2.0
    Strict-Transport-Security: max-age=31536000
    time-delta-millis: 2469
    Access-Control-Allow-Headers: time-delta-millis
    Access-Control-Allow-Methods: POST
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Origin: *
    Access-Control-Expose-Headers: time-delta-millis
    Date: Mon, 18 Nov 2024 20:59:34 GMT
  • flag-us
    DNS
    182.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 2.20.12.79:443
    https://statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix
    tls, http
    Update.exe
    9.1MB
     205.3MB
     133664
    147064

    HTTP Request

    GET https://statics.teams.cdn.office.net/production-windows-x64/enterprise/webview2/lkg/MSTeams-x64.msix

    HTTP Response

    200
  • 51.105.71.136:443
    https://teams.events.data.microsoft.com/OneCollector/1.0/
    tls, http
    ms-teams.exe
    5.2kB
     7.3kB
     17
    11

    HTTP Request

    POST https://teams.events.data.microsoft.com/OneCollector/1.0/

    HTTP Response

    200
  • 51.105.71.136:443
    https://teams.events.data.microsoft.com/OneCollector/1.0/
    tls, http
    ms-teamsupdate.exe
    3.8kB
     7.2kB
     15
    9

    HTTP Request

    POST https://teams.events.data.microsoft.com/OneCollector/1.0/

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    85.49.80.91.in-addr.arpa
    dns
    70 B
     145 B
     1
    1

    DNS Request

    85.49.80.91.in-addr.arpa

  • 8.8.8.8:53
    teams.live.com
    dns
    Update.exe
    60 B
     109 B
     1
    1

    DNS Request

    teams.live.com

    DNS Response

    52.113.194.132

  • 8.8.8.8:53
    134.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    134.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    132.194.113.52.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    132.194.113.52.in-addr.arpa

  • 8.8.8.8:53
    statics.teams.cdn.office.net
    dns
    Update.exe
    74 B
     317 B
     1
    1

    DNS Request

    statics.teams.cdn.office.net

    DNS Response

    2.20.12.79
    2.20.12.69

  • 8.8.8.8:53
    57.110.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    57.110.18.2.in-addr.arpa

  • 8.8.8.8:53
    79.12.20.2.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    79.12.20.2.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    teams.events.data.microsoft.com
    dns
    ms-teamsupdate.exe
    77 B
     197 B
     1
    1

    DNS Request

    teams.events.data.microsoft.com

    DNS Response

    51.105.71.136

  • 8.8.8.8:53
    136.71.105.51.in-addr.arpa
    dns
    288 B
     158 B
     4
    1

    DNS Request

    136.71.105.51.in-addr.arpa

    DNS Request

    136.71.105.51.in-addr.arpa

    DNS Request

    136.71.105.51.in-addr.arpa

    DNS Request

    136.71.105.51.in-addr.arpa

  • 8.8.8.8:53
    teams.events.data.microsoft.com
    dns
    ms-teamsupdate.exe
    154 B
     197 B
     2
    1

    DNS Request

    teams.events.data.microsoft.com

    DNS Request

    teams.events.data.microsoft.com

    DNS Response

    51.105.71.136

  • 8.8.8.8:53
    182.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    182.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    28.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e5860ac.rbs
    Filesize

    350KB

    MD5

    6be3bd06889ee111a342ab95a781e357

    SHA1

    c578e4df0d388afbaad3962af9afa0e63d64531e

    SHA256

    67421b3c731bcd516d41233b4b50fe59f45fc67fe079be4b0fdf210a46b48eb4

    SHA512

    1ae924bf9dee512b1ddb4a2c1831861f242c8916ea0d94bad60560ac100cd40aeafb4f2de94a0458f4c7ccdbd9129d740b7bc6f535bc510fe9b5a1136b79f8a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
    Filesize

    471B

    MD5

    9d0cd5e87696103f2f54a104937b6d25

    SHA1

    ee37b3aaef78a9cd68dfa6d8fc4cc731c56966d0

    SHA256

    1f3e06d5348cc8e5de491c4fd926c118298a7f689d38fa5f387bfddd722d1274

    SHA512

    0d48b45297e5caaef378ece31c6fa36acfe4881b7ab99b4467276dc3f71d0308016ea0fae878e706c63f543ca77d5b10ad41db4b06b28d798686403a093ad266

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
    Filesize

    471B

    MD5

    724bc5b1af379436e35dab5d9263098a

    SHA1

    9ca9ae26596d7bffaece559898e2ba28c0880833

    SHA256

    6ee2c24e8f0eeda61d1a5b5a7b8f4ca91ce283d614e1f4d5d3df21719d0023cf

    SHA512

    3c447ee0e65ef68a2dd0e031b2a96e1cfc5c38a555905f1c4821b6ba0b5d6d8d08dd29ebbb50a160d8c88bbf0b165742cb94bf20438eb796d6f3e928b6c11684

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
    Filesize

    412B

    MD5

    7093b4e3758964c2ea3235d6ef7aaf3c

    SHA1

    d14248021a1c54f0bb941c8307750eaf369aac78

    SHA256

    b2df7723ee5d7c3778104efc4c21125177a721dcedd686c387a6f3616ec0a7b2

    SHA512

    e5f1973b4e3f6e8aebbe4d19d71951f2a3396544913633a9997df0d0bb0d15e3f3a13c2e6f392b8b1d117e0799cc802319d5b6734d6bdc02464e8d0a08372283

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
    Filesize

    412B

    MD5

    e5fd4fd91bb94c1f8402e036dc52ae27

    SHA1

    1bc7a45edf58ed32bf8cd2a97c3d1f68a2591dc4

    SHA256

    83cdd9868117e678f4bb14b54c8e685fd3b496c718ac98845c140701f2f346da

    SHA512

    a226eae035f926f77a5f531c4e3f04415804123bede12b49837120ab7f2e83651f53ec2847dae47551a135f8588c6597a161dc274d23951fc2b636926add803f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.25702\AddinInstaller.dll
    Filesize

    34KB

    MD5

    74c8e73ac9df19ffae99f833d78b58ab

    SHA1

    f576f7eaa7f10aa8a062c3a8745f5905b796fc79

    SHA256

    cfd58977a316a67e3f3587703d3ba104dd9a04e88aec44fca06687143ac263c0

    SHA512

    da66eb6fb1c6423ed25bc8de4b7102e287e34510a10089eca6501c27243b03c9377dc9b14fb741e86198e3bfda5656e20073234f2dd62b41b20e084b4e34f180

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.25702\x64\Microsoft.IdentityModel.JsonWebTokens.dll
    Filesize

    66KB

    MD5

    622623a04c985eeaa82d2a1f15d508cf

    SHA1

    f6e6bcc42d1e1bf0dc7d635beb4a1f063a4f2b66

    SHA256

    041946c132c0561ce8d0a1b0f74eb979d69660deda241bef4a0570f1cd1d9289

    SHA512

    46027876fd165c8399e3896ab6bcba034bb69cc5e67c68fadb40101db05eb81882b12f86bfb75845155bb94d08c9c7d1c97461f1677b0cbe6b71e3a8358a6f81

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.25702\x64\System.IdentityModel.Tokens.Jwt.dll
    Filesize

    81KB

    MD5

    ef26e784474ef5ee4c86225829784bd6

    SHA1

    db058e83d7b6cde77821d9da640f7b169fd80e07

    SHA256

    15aa3a16426b1281f0a4cecafc2a054bb29b7f3d09b3048f048ebf67c4f53e1a

    SHA512

    7621855326125262ffa2de6577d79fbc20f60f0aad3aa6fd42006ab806438cf262e18cabb802eacb1337b7de424fa32c543b8315436d05e519a29458405ef706

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\Logs\tma_addin_msi.log
    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\app_settings.json
    Filesize

    985B

    MD5

    5995d7d0c7088db15b5c906d5910bb19

    SHA1

    f1aa2e752edc1c20a317f022613e582e32057d18

    SHA256

    4d7a73de9bb2d173fe4cfbc2415e40081c110bfa0c8bb8ee15c965a5741badb5

    SHA512

    267a1056d3a4c164afad6cb88fdb21596716cff7eb4f7b18fd4b6eb6c5aaa2a85ec5d1083231619f4600a87ded42e7744362017e46a589baf0151ff396129ae4

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\app_settings.json~RFe5859e3.TMP
    Filesize

    952B

    MD5

    0b44af534fe6777f7176293dff1a8288

    SHA1

    bbfb1062216d4bf7f01f7048642634196a9abcf2

    SHA256

    561b401b9283d027d9cc74f825a1dafd80e4e8599463fcdaccd154fc713cb6df

    SHA512

    cb10c2df8418afb72ac70e8754c2929c4beda2e83314dc9b77738aec56d15c500f890ebecf079a071170085fd6033e6540e07c8c32684e64f00386e7d72632d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\ecs_settings.dat64
    Filesize

    2.0MB

    MD5

    95f3cbf59a6c969c9f3c301bafd8df6c

    SHA1

    cbef16bf45a97d0e309ed280e857c8c37b338aae

    SHA256

    0ef23f2f1adbabecc101a14826928f51d02b65fe9fada51e7eda318c55929e55

    SHA512

    c4d3b1cecece9516930a71691b75f1922bda3176d112d844a451359455a86234d94ee4c2c04a81c5b02e4954baf3aa74e3344c957683a60166a2b7f3ecc8a952

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\ecs_settings.dat64
    Filesize

    32B

    MD5

    808fe0bc4a35c59e459d195facb045c8

    SHA1

    3cfa0f26d23b51e1a60f0448d7e885a30054a8ab

    SHA256

    d2dacd4bd564bbc5c11c6703b4859bb9b1a5e2d4081c243e6cdcd538e4bf36f0

    SHA512

    62c77acecaec48e9444bec6aa40707bb03974052c6eaf2141cf7a1fa8ee7ffd7b8f218c2f9e266292149bc633e980960fe099de9c73f01dca0ad2f8213368955

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\ecs_settings.dat64
    Filesize

    2.0MB

    MD5

    08dd15dc2e1ae84c1f616c488223b192

    SHA1

    c399ae94f56f4c0e584c83e3406ef931cef3545e

    SHA256

    bb931362e239bd07b85e5e1c85a7de04c300870ed682f7cb968db4aa48a81dcb

    SHA512

    635d053962690369c6ae335d5f7e7c82667147894e57e9c21be01e7c09a85c89d575833c3a8f9e95f5863393cc16ba51bc659259d93d0da652f528e592fa910c

    Download Submit

  • C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json
    Filesize

    7KB

    MD5

    1b5e7855c070fbfdbe8faab562111e4a

    SHA1

    f38f96b20dfb450799845e967ea9df5b7e8bb29b

    SHA256

    ee9901d22ddbbfc80a70ae7dbc8a69c32b3322ab40698b8d6685da35231b7ec3

    SHA512

    bc092024396268f82495cc8f1e29c57467d5e5823fedef14baa90b798b65c19961f7eaff34136c6317c16bfa98d1d324c278434e92c551ad06370e8746d34aa1

    Download Submit

  • C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json
    Filesize

    7KB

    MD5

    509ca356e11c282c33d6f741e86fdc51

    SHA1

    187198ea4abdffcdddb59c3553c5753f2a653b19

    SHA256

    05d0db3b15c4d02539cb082c1457f5c4e6ce9ecef35f1182c8ce3cb31fc030d2

    SHA512

    f87919c1c65f8b372a70b77cadd5e10bc05a8289be7fe6d572fbc3fe48dd0570cc04be15c1d51c041f982e8436afa6bbbefde383f682c402a235f6740d752a47

    Download Submit

  • C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json
    Filesize

    143B

    MD5

    3e6a85e4cdd7bf9fb5098aa0a3fd4975

    SHA1

    6e510f04ac10e9623f87a92321c709836bcebd8e

    SHA256

    55f4d6574e5a6c027fc24a885c284fbefa58056b44febb4a5ff25bfcfb8692d2

    SHA512

    53790b8219830bc24b3a546e6823520bdf73c039d9fe5c0cb536e336d8987d32944a8f0f031cae408a04a9fb313f86589b62b63cc35e5e79383a2f1be1536829

    Download Submit

  • C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json
    Filesize

    361B

    MD5

    86ddefdc71c5d50d341ac167db119428

    SHA1

    178530f374c13e3cdbcb1ebb1004948754092206

    SHA256

    5f09968f8ef9b255d01706ace34e20db31cba5db79ad49e73205d9d297e5f183

    SHA512

    6ee0693205c7be60b8171f9e65bba91c017ae3d3a1528280beef86a04eefb99baf50d2000ee01615f97a44f352d8b78f6146fb89d5daa959b00361cfb7952f01

    Download Submit

  • C:\Users\Admin\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfig\tma_settings.json~RFe58585c.TMP
    Filesize

    124B

    MD5

    98d8595a47c9f70033706bb441d55a86

    SHA1

    162943310d516c7f44341af615241bbcd08f5c87

    SHA256

    d651df9b25e7b36f5492d15050c5281f0519042cbc4b40742332d10fe220d90c

    SHA512

    c7c81b6d80d0a868eaff3193e53f24c0eeeb25d7cf8d4df1b0d0aec14a4ef5f402e290ff5c9640cc3687462f8a9ccd4957715e823e9a50f38d635b7a7dc44e1b

    Download Submit

  • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    Filesize

    2.5MB

    MD5

    b690b2420b21107e633b4e325768c1d0

    SHA1

    8f3faaab9eb83af7eb1c9963230e5980642c1dfb

    SHA256

    1f2a34f84b7f4171bcd0d40c80acee8aef0d9dc3529deb3e372bae180f571c14

    SHA512

    64b900fb5cefb8dec747c768061ea95d4ae2202127ae41cad46a59ab5e5cdfaaa78743d6383241a124e3ee4e2015566eb8f05285e16c12669745e23d293c90f6

    Download Submit

  • C:\Users\Admin\AppData\Local\SquirrelTemp\downloading.gif
    Filesize

    8KB

    MD5

    3488a1749b859e969c01ba981036fab6

    SHA1

    a65b72461fa14c89fce0d025e43454830a1f7972

    SHA256

    c3fa333fdbce95d504aee31912993dc17ab31324428f557ac774f7e98b049b99

    SHA512

    7363003422bdaabb7943439ee1e846867f0f3d0baed3456424544a81989bd2d142a411cf982d90e4158314d410cd1a1a4ee33d8707219b4274cd2841705bcecc

    Download Submit

  • C:\Users\Admin\AppData\Local\SquirrelTemp\endpoint.json
    Filesize

    610B

    MD5

    34b2a3afe7ae8ad113f54e64d2f62111

    SHA1

    c0afa4727bab161b777363fd49225d7ef084c16e

    SHA256

    1578d085af8165ef971cbb88d327e07c2b82c34eff379fcb2ab030a188b2981d

    SHA512

    d6a8a70603157f0cf4b4d2a2992b8082d30e35aab7e47f973e8bde5841dc5528f7a62a8d3889093343f0a806a1161965126140345ffcb4cb0dbd36e56f155720

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CFG6378.tmp
    Filesize

    150B

    MD5

    2be48f533744efa173a2ede37ea8031e

    SHA1

    41fad4dd24cc97a3d3056b026ca8056c9e4b9e3f

    SHA256

    02375fa63b79648ed6bb419c08f78ba9032ee22ba7170250e24427f47fddfa4e

    SHA512

    f49495311687f2a1af4ff60f8ff304d3ccddcd66effc36dfcfd71de91ee86a405c14c3f9bd81240cca76d4de1f4abd3259a7af6d53b2c3737c8963123d6f6815

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft\Teams\meeting-addin\meeting-addin-t21-msi.log
    Filesize

    877B

    MD5

    b47304a3a6f6528b788edb47340bd539

    SHA1

    8ee4c3502a05ef2bd348a11e4c9385444a3020fa

    SHA256

    fc00f4fb9ef9c89e0047e8ccfa39eb1bd11b69f799d298e83aadcfbb845174f7

    SHA512

    a5d3ed79e4dcaa1be86f45f111defdc0bfecfc73c9f23bfc9e017e4d4991b6716d598d810a94f3f3dd471c1349d874a63e7e188aa19732377c7b6d9c6f966ac7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db
    Filesize

    4KB

    MD5

    0c10104f99ef8f2a0476409bf24f918d

    SHA1

    49fb0dd5654ff54c2c772185a861a0e020b0940c

    SHA256

    a5593a4889231be7bc937df4ab64854aaaed43ef4da8e4c3694b8865bce979cc

    SHA512

    c58cfebdade8fd18b8c3e997aa5b199a41a576fe71cd435bf4c76a740710ab54b7ba66c9a720b3fac94cb37e2c534a32d7ac6def527ec5dbec40b81b4822efdd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal
    Filesize

    52KB

    MD5

    37fde116576e3f4ede8be296dfa31dc3

    SHA1

    7ad2a9f3b40f93590336c8b712d37c17a62d524c

    SHA256

    05d45c453613e6372eae6837879d0f8d7bec5fc1f21e8f210db70230d9fcd683

    SHA512

    04aade168dcccc6d493add6932dd53989ff0ef0a831341bc31e52033020109e206332f7371bca5c560a3d7e0a2e98bcaaa3e7a715db1e130e626b7987f0abc2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal
    Filesize

    56KB

    MD5

    7e8d409b18ec9b7ad36ce54a9f4b332f

    SHA1

    11a86fdacfc5abbad10479bbc739a470359f93bd

    SHA256

    4d1699202a647256780031ef4496c9e5a0218c2a98287143c67e9fa45650f024

    SHA512

    cf2afc5465affba515cf4fa71d412a590de130d6bc231263d487a6a797f9453b4b827767b63b7187d184eeb318832b3a4527fb989a3989ef977233f5196b93c4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db-wal
    Filesize

    48KB

    MD5

    10ec91af9979e25c0cabc61c05ce21b8

    SHA1

    8bf6efd920b5425bf514017e5dfb18c5e071774c

    SHA256

    573fe043e2f1f3ecd7c33ae30d64335a1975bb5965c3b43bc04beab22a9bcda0

    SHA512

    ddb459753dc00bb9eec83f11f4dda775571975159b1aac82e0743b7e5d529fc8a407d069afde0760453c29d36dced1ba4f12f090697455a36e93a68d799e449d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bc3902d8132f43e3ae086a009979fa88.db.ses
    Filesize

    53B

    MD5

    31d7a0352ff3de70ee52a2594ae23edf

    SHA1

    7684f8f107910f02ae768c87d9026f3a4bd6057d

    SHA256

    d5183e8dd95f19422e11890c0f1e8ae7d126694c9a93c80d80d070c2724dfd29

    SHA512

    9099c5a109a8ea5428b974abcc03a02cae84be188889bef51db63ee38d2a2a6898c8bc0f003f763a0f10545088252f48310eecec29142b61bcd46676aeacb53d

    Download Submit

  • C:\Windows\Installer\MSI62DC.tmp
    Filesize

    298KB

    MD5

    684f2d21637cb5835172edad55b6a8d9

    SHA1

    5eac3b8d0733aa11543248b769d7c30d2c53fcdb

    SHA256

    da1fe86141c446921021bb26b6fe2bd2d1bb51e3e614f46f8103ffad8042f2c0

    SHA512

    7b626c2839ac7df4dd764d52290da80f40f7c02cb70c8668a33ad166b0bcb0c1d4114d08a8754e0ae9c0210129ae7e885a90df714ca79bd946fbd8009848538c

    Download Submit

  • C:\Windows\Installer\MSI7175.tmp
    Filesize

    113KB

    MD5

    8fa4088a730b967d85df562fd5ef7d5e

    SHA1

    629db9229f4a4a691e14f38f4dbffba157fa1ce9

    SHA256

    cdb195012fa5d3cfb80f8ea9fb23348c8749720d7e3a20cb7774cfd717f2df36

    SHA512

    1037170aed40aa33a4f983e168ae91247c23768fa502877d0b872a462d04fd5687cc50056add6419e3637306ae15beb1cfd04a51f126109faece09087ec16fb2

    Download Submit

  • C:\Windows\Installer\e5860a9.msi
    Filesize

    13.2MB

    MD5

    cebba83400d9eb6d33ef0bb7332bdada

    SHA1

    21db05f342dc62d01a863c63164f83bf00ad7f8a

    SHA256

    2db4946704305d2f59ac879da7ec8f8a4d928d6badcc2fe2bea5f375fb2d2314

    SHA512

    2d082dbd6214c51c7226f9110b02c0d145cf30b181d274393b9a27ad38d86d43327cecfc15521770812e6772dc9885f9b0c704acabb58618ab196f8bd3fe24dc

    Download Submit

  • memory/3028-22-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-31-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-27-0x00000000737FE000-0x00000000737FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-26-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-29-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-24-0x000000000CC80000-0x000000000CCB8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3028-25-0x000000000CC60000-0x000000000CC6E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3028-23-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-30-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-19-0x0000000007BF0000-0x0000000007C16000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3028-16-0x0000000006A60000-0x0000000006F8C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3028-28-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-13-0x00000000063C0000-0x0000000006426000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3028-37-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-11-0x0000000005C00000-0x0000000005C1E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/3028-7-0x00000000737FE000-0x00000000737FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-10-0x00000000737F0000-0x0000000073FA0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3028-8-0x0000000000F70000-0x00000000011EA000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3028-9-0x0000000003540000-0x000000000354A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/5020-333-0x0000000004B20000-0x0000000004B5C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/5020-332-0x0000000002A70000-0x0000000002A82000-memory.dmp

    Filesize

    72KB

    Download

  • memory/5020-319-0x00000000028E0000-0x00000000028EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/5020-315-0x00000000028A0000-0x00000000028BA000-memory.dmp

    Filesize

    104KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.