2f73fb170e0ee9d1e0ea8788d0548a710a76a234fb5425898b07f496ac29e38d

Analysis

max time kernel
45s
max time network
50s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
08-09-2022 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZoomInstallerFull.exe
Size

49.5MB
MD5

6babc6ddef111479db5fc82be92c6b0d
SHA1

3d88263ea9f8dd19c2d0f9a72246ee1a33449050
SHA256

2f73fb170e0ee9d1e0ea8788d0548a710a76a234fb5425898b07f496ac29e38d
SHA512

7152beb75d6818165abb8497ef2625cbea6673319d04af7543c234eb8db551e48203dbfeed199561e1a9d27b5ef2ca30f968a3aa3c3cf8c031fb0acca04234da
SSDEEP

1572864:AhgxAMoVxMtPKIPWD7AIlIoeGNjkpHQuAq7GdGB:AhqAPVOtkgwvkpHQuAvs

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1568	Installer.exe
2100	Installer.exe
3584	Zoom.exe
2892	Zoom.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\International\Geo\Nation	Zoom.exe

Loads dropped DLL 64 IoCs

pid	Process
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Low Rights	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin"	Installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3"	Installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000"	Installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0"	Installer.exe

Modifies registry class 49 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\.zoom	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall\ = "URL:ZoomPhoneCall Protocol"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomLauncher\shell\open\command	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomRecording\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\zTscoder.exe\" \"%1\""	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall\shell	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\DefaultIcon	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomRecording\shell\open\command	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall\shell\open	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\.zoommtg	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\ = "URL:Zoom Launcher"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomRecording\DefaultIcon	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomRecording\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",0"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall\ = "URL:ZoomPhoneCall Protocol"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall\shell	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomLauncher	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomLauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\""	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomRecording\shell	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall\URL Protocol	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall\DefaultIcon	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\""	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall\shell\open	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\.zoommtg\ = "ZoomLauncher"	Installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\UseOriginalUrlEncoding = "1"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomLauncher\shell\open	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\URL Protocol	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\shell	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomRecording\shell\open	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPhoneCall\shell\open\command	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomLauncher\ = "Zoom Launcher - 3.0.1"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomLauncher\shell	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall\URL Protocol	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\.zoom\ = "ZoomRecording"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher\Extension = ".zoommtg"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomRecording	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\shell\open\command	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\""	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\shell\open	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\ZoomRecording\ = "Zoom Recording File"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\.zoommtg\Content Type = "application/x-zoommtg-launcher"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\zoommtg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\""	Installer.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	Installer.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
1568	Installer.exe
2100	Installer.exe
2100	Installer.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
3584	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe
2892	Zoom.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1568	Installer.exe
3584	Zoom.exe
3584	Zoom.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
3584	Zoom.exe
3584	Zoom.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3584	Zoom.exe
2892	Zoom.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 1568	1228	ZoomInstallerFull.exe	66
PID 1228 wrote to memory of 1568	1228	ZoomInstallerFull.exe	66
PID 1568 wrote to memory of 2100	1568	Installer.exe	67
PID 1568 wrote to memory of 2100	1568	Installer.exe	67
PID 3584 wrote to memory of 2892	3584	Zoom.exe	75
PID 3584 wrote to memory of 2892	3584	Zoom.exe	75

C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe
"C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Users\Admin\AppData\Local\Temp\7zSCC4EE7A6\Installer.exe
  .\Installer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\7zSCC4EE7A6\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\7zSCC4EE7A6\Installer.exe" /addfwexception --bin_home="C:\Users\Admin\AppData\Roaming\Zoom\bin"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2100
- - C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe
    C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe Zoom.exe --promptupdateaction=installed
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3584
  - - C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe
      "C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runaszvideo=TRUE
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSCC4EE7A6\Installer.exe

Filesize
915KB

MD5
4662fadc7cfb710d3a79f135ea48f926

SHA1
95f89add173943b3f82e732f9af687489c26cf74

SHA256
6ce2a7a42241808ade591a951aa947d61a967caa51483b7d2865b4a28ecb7985

SHA512
cbdbf773a03f7820022464f23d2b2f3df2f65fdc601914102294ac356d485cff094e8d84caad943df3b33c10191b164cc00f2b5ccab0051d682c9a85ffdfeedb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCC4EE7A6\Installer.exe

Filesize
915KB

MD5
4662fadc7cfb710d3a79f135ea48f926

SHA1
95f89add173943b3f82e732f9af687489c26cf74

SHA256
6ce2a7a42241808ade591a951aa947d61a967caa51483b7d2865b4a28ecb7985

SHA512
cbdbf773a03f7820022464f23d2b2f3df2f65fdc601914102294ac356d485cff094e8d84caad943df3b33c10191b164cc00f2b5ccab0051d682c9a85ffdfeedb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCC4EE7A6\Installer.exe

Filesize
915KB

MD5
4662fadc7cfb710d3a79f135ea48f926

SHA1
95f89add173943b3f82e732f9af687489c26cf74

SHA256
6ce2a7a42241808ade591a951aa947d61a967caa51483b7d2865b4a28ecb7985

SHA512
cbdbf773a03f7820022464f23d2b2f3df2f65fdc601914102294ac356d485cff094e8d84caad943df3b33c10191b164cc00f2b5ccab0051d682c9a85ffdfeedb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCC4EE7A6\ZoomFull_Sip.CAB

Filesize
48.8MB

MD5
d39b32fad227056fc8304c3626a7b6aa

SHA1
1bd21b0cb0604d9289b1c3a38df786c83c59ad77

SHA256
8680ea73dc93a0d0c2eb7761d8c5d2729957ba50598f53a2ef9b13468a58c470

SHA512
10d8e11d811cbdaa15fb7bc8d3d8567cf191c1985654c2da4a5a9b595e55dd56cb0e7d92b54e4b91f78349f6a0696d027f193c32723ec77cc9652b8f14038d9a

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\Cmmlib.dll

Filesize
1.9MB

MD5
60d84d4d20b753dfcc56eabceca21c7f

SHA1
53cc756fc0308b8d44132e98eafec516665f2d43

SHA256
a5f2b94c03b27c528289baa49516baa3ccf7061d2e55c1df4190ca198fdf9377

SHA512
56d516626b3fbf770341a1f091d1d39beafa7db0525069db8ef590c3ae6cceb4b16066f89c00960316345c5591e0b834bfd7a7a2d47d1e74f6e126ec0a4ff123

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\DuiLib.dll

Filesize
1.4MB

MD5
06ecf15b0e5725a4d047208650f71630

SHA1
c0655d8d03d08746527fefd2e95dade25f22f24e

SHA256
3db51996f3b31241fbe0781b3aa69c56d394f8c26584c49621ee347691347600

SHA512
8a9003d643fbe31422b20c5fa766711e05e0145c594ec84e85ddc6527926ee3b2ffc0812a163740551c052e40420b6ef503de7b18420bc9782d357a9dd76a1d8

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\LibphoneWrapper.dll

Filesize
687KB

MD5
033f24915a6d432ad0053ef6fa8ed688

SHA1
67000332abe1210e2a82d124de8e90655d02757f

SHA256
b7cfb3bf228e9f8edda9122b6d47ba5d2f3841fb5fb3a17d141f49d398f12d55

SHA512
7917ff9dd249b478a86c8848d3f201a9665f57345ed63bfcd11eddff3e21967f9d73d266455b03d513cb86d3f2bef3979bb2a3c9028aecae332e6f0377b7b541

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\MSAALIB.dll

Filesize
52KB

MD5
889ad74cfd6adebc8f75cada0a6613fa

SHA1
012769c5c76b2c43817c6197a0fb101ad68760e4

SHA256
ba088bc7237a10a7bed45400c61ce7d36b4cae08a8d90a77838888b01eccb9a6

SHA512
44a39bfd5b80297b16197f27ec5b02d94341a8b150953ef267c25d534b6711207f0e07fdbb8401bef86cb5ad96db0d2a4260d067e2f9ce2ffd17cda478f3528b

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\MSVCP140.dll

Filesize
571KB

MD5
5cde3aed10412762e83b7fe43694a22b

SHA1
4ffcdf063eafc901105836c27a634530ea614755

SHA256
10ddff48d704c6007e4c2d53fb4856b5e5e79479503366236246a323aaa76e9d

SHA512
fcd7bc262e7bbcbbac9258e31b8d62efb2e601ac1fffac4c86819c8f2aed26fc19403d992a57d48ec92752b2a0a8b04e8204423d6077c7800ea4015f016faa23

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\UIBase.dll

Filesize
759KB

MD5
7aa2740281031898d6e345bc7c887399

SHA1
6025c991be8ccbbb64ef19e24cb54ebd4b582d80

SHA256
766ce7543596aa81199f1d9102682797195328a94d2b7aea3383190d3afdfe9a

SHA512
671246fd6971cc817dc926cdd3b85ffffd2153bb2a4c43ec0795fe61c4c787df4943e896a64938150b85cdba6559bdea95d5f57f94db182dc1960ef2a43be9e0

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\VCRUNTIME140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\VCRUNTIME140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\XmppDll.dll

Filesize
1.8MB

MD5
85d22f81e9b029a3952d67c172988a9b

SHA1
71ba94dcf16792d1e6fd669e2e9bed82e5751522

SHA256
7a9bb59a65de250b137ae744f3d5d285f4038de67255e932977d73dc691f8662

SHA512
7f6aa0f5fc824d30bfaa657db22af25b9fcf690d6bbde9d7a39dc4be005ea3d484a7a4b50c3e9f629b3835a18727c5e09e18f1543409c5f0522d9ad856787573

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

Filesize
313KB

MD5
8704baa28f205f50d83a0677b731392a

SHA1
dbc993caf9a031efd5f3c6c97218d200c4fd2359

SHA256
cac7ff12231be98bd9a056bc5151c7ae2a3089712a83381f509a6f34f734f886

SHA512
1166862d6a4285961c5f9e5b6766770156ee74a6ae28d3a515ff8acfe2f973d222417ae191e9e8bb70ea8dfb54cf5f4f26d91d0b751b63029e1eddfb80bd1d3b

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

Filesize
313KB

MD5
8704baa28f205f50d83a0677b731392a

SHA1
dbc993caf9a031efd5f3c6c97218d200c4fd2359

SHA256
cac7ff12231be98bd9a056bc5151c7ae2a3089712a83381f509a6f34f734f886

SHA512
1166862d6a4285961c5f9e5b6766770156ee74a6ae28d3a515ff8acfe2f973d222417ae191e9e8bb70ea8dfb54cf5f4f26d91d0b751b63029e1eddfb80bd1d3b

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\cares.dll

Filesize
112KB

MD5
460724c2208d4edf0321587b76c0fbf3

SHA1
05b09e22d279a15b1462000ef9ad1d98e9344fc2

SHA256
a5a7b5483d6387a3fcde168ba46dc50659188c46cddb68a6b016169cba92d15f

SHA512
7183e8c3934f471ce19e6f929c11873cfeea9e5bba5d47b2b1fa2d9f6190430d3b93352f0f66c7fc8a02cce80aecf6e3fd24fba2236ea00636d018511128b833

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\crashrpt_lang.ini

Filesize
7KB

MD5
fcf61aed8f093bfcf571cdd8f8162a05

SHA1
8de8177798aae82d5bcc0870c1ca5365f5d9966d

SHA256
1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb

SHA512
8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\libcrypto-1_1.dll

Filesize
3.4MB

MD5
07b5bcbbf87041ca9e07379c7d7f1392

SHA1
b9978c7f0acc7f4d6af907293881f6fd19fba65e

SHA256
b709f7a3876d8cfaa06ea0f810314948946cbeea72d9c7ef11e4d36261e59efe

SHA512
d4f08c3e65cb6b852f665edd115c6bd23c118d289a8ce03eca1334c5f8e426be1dc25bf3f49afc2799d28b4d0eaafb0c711a01ab3d4163af539e1df2cd1879f2

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\libssl-1_1.dll

Filesize
732KB

MD5
5b20cad0c552c08ae3d06406c4ece072

SHA1
c189d4633873d55bfe284bdcbd9e9804e0b1aaa0

SHA256
ee9b54e77cf135671feb14939bd4ea7d251e2375feb558be99d1e155b39e7aa3

SHA512
e6c4b2a2cac03ce6b12fd7ad62f8434b3a105091c3f8f411b088373131545e4b32e8f03f716930201631e5bb6f4e086dff16fdfa027817dfa37cb3de545a2551

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\mcm.dll

Filesize
1.4MB

MD5
7f750fe23efcd5710f4bd9154cd12fa8

SHA1
7eb475a8a035f9765bb681f3e237719386afa8a8

SHA256
4715a2b3202bcbceed9b84b228b09a73125f41f715e5d156c56712d72088db08

SHA512
5ade1b79a961bebe02a5afd5644827921c31ca415924f270b917738c42fcdd6b314b242f58c66f8553193fff2805b0289eff3f81292fd95d143aa0a280786485

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\nydus.dll

Filesize
2.1MB

MD5
76d072a14cd82626be96e7c9f417e25b

SHA1
f8618c6ee9c690e87f6e8ef87c501c275e179607

SHA256
5e0bf04ab10b948452c3dd85b1e364875db51eb9fa4b40441ea7167e562af717

SHA512
2b2ee18e7928a8f6e1e7b9fc68cb7578090ec72d22a2af89cad0b5c65cec3d194a59e6edd866e5fc3ad6442f6fb52282ec953c4509b1a36a90dc0cb655e1b973

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\reslib.dll

Filesize
49KB

MD5
20d65b37d9efe136b6bb4232d4101bf9

SHA1
3434ce733297a2c25a32e13d77618ad3a904909c

SHA256
557d7687c4119a5808275c70cd5a94823bba1a71d02b05fec00b898ba54edc20

SHA512
603c80a66f07c5fef13c93c68114ea9c36733ccb90faa70fef8035227f9574de298146b2ec1d46501f8f42145cc2bf6fb893f5178143d3500fa5646a8e06d5ef

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\tp.dll

Filesize
1.1MB

MD5
2ec8f714b253b97623b3a22f3204e832

SHA1
26b9ea528f6ca16b4dd215baa46dcd45f151a13c

SHA256
8931a9f6dd3daf54cd4bd9b2298809978fce89800f89cd1ea81702e17b3b32fd

SHA512
4b14ba013fdc0e351a9b60d99145c0f8e0d369abade481b3c842810be452cf0f26f6d37898601b0c41402db107a34a32c2780e58188e0006a10c66f9be390647

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\util.dll

Filesize
400KB

MD5
e74b26ce914c15509d439d8b83483f6d

SHA1
1d6b664163d2cd2690dacc44766a012a4ee44a86

SHA256
9b7ef432725e012332506e343e7a817c13a51a5f2c9a9a1478ad3f97c7571663

SHA512
6761082c6d93d0604c46b082e84a3beb9841cee3535e04351257835eba8b9ed7628372df4ef0aef9d518ef99e4b910f471d954d56ab0463226c65b004e862964

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zChatApp.dll

Filesize
7.5MB

MD5
e2bbb2365b5e1c56bef302f7251ac7fa

SHA1
9f50d922f584a90993e888ddd94a639abf4796b3

SHA256
e2f7ec4c3d6be349d3413f38c3a1560cf0d8a12623f4f0bb9cb5113a631ff9fc

SHA512
0c405e9b1c37ac7962ec79549c5ff633821b7cbdbe1da88d4c66a62b4f39b4d009d6abed9655292ad835a26ed87e09b679849735520df27ba8ebaa6e6cc2c4b5

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zChatUI.dll

Filesize
10.5MB

MD5
a614ca13a451a4282ff51beeed1a9d74

SHA1
62cf40056dec266a4fcc7752e9ec02c93fc463f5

SHA256
fbe9af1e3815a2bab82d904b52bf2e7c12d6562b8321a8d3875d4f3a7cd77101

SHA512
36050b180df3bcbf1e00ba09b63e42156381c5b7598bff01e1b66c3853c00f61ddddd765e03ab7526d62a79104a18d52bbdcb6513f983be45e144e5390b2553f

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zCrashReport64.dll

Filesize
242KB

MD5
87152c09dbb2d800b7eaa9e209ff259d

SHA1
9c7a0eee0976e2b2155e084682511132723ece4a

SHA256
157142b07e183bb0ff26bd5484d0562389e8155b1e1726bd1c7fb80c13d0b713

SHA512
e8d6289864bda31b527e669b0886dfe103435cd6945b1b590ae8c64335b2a522bc213ffeaac392041c321b1d9cd65970ff343304d20cbb3fcdd458c2a76869a2

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zCrashReport64.exe

Filesize
249KB

MD5
59e2f69b53cdcc71ee731309ec97afb8

SHA1
4781a214bee425ce462cf1d0a8d98df8d7f30b40

SHA256
9e57efff63defd7720397e85a4fd9fbec3957f5d7b585a9eac41b3d7ca8b1889

SHA512
3aa184becb8658a238ad165d5fb179ca4529d327ae3e58835c78d77bf4a8dc661a67e6d9b5cdff4e01222773d783761ebd7829d92af119e0f0acd02edab384a7

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zVideoApp.dll

Filesize
4.0MB

MD5
d6846686b2ba6a45af2b9abfd8d0b97a

SHA1
e7b5ba0594e488b59e3ff88dd929dd0b727dda3d

SHA256
c4e2cf75dac7cd177a163cffcd59f8298249680dfa2ca9cfa77dd265ed1f2357

SHA512
aa9567d89ceeeef1d1d9eeee37c8f09787810cd0a20b89242163b473e6cd5a76d792c12de8ac5c5d9308b49210ad13c9c80efacfcaddfa94d20e5975916bcbf1

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zWebService.dll

Filesize
6.8MB

MD5
a6122e27df1de91e90e343339c43de00

SHA1
d2488c4f9c7f4f4d4db0270ecd37ed2acf3515f5

SHA256
d4207d057ee1e20b2a38b4eccf39b63b5dde7ca02048fb4f932fe2b9072b9fc3

SHA512
8ed42136605009c06309f8f6e698065a44b6c205eb605fad1be52bd372356148e4fcc8debd757b5ba8cbfbd4f6104d0ac9c825280819262b6a8b685cfc91631b

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zWinRes.dll

Filesize
15.2MB

MD5
89dcce1ff4734195288e9153629f42ce

SHA1
b1dc803bc4ac74e539224f78aade894054350dbb

SHA256
756b2d0021fed7942ff94c17c618a66462ad1778ef01e805c1c10f2b3621bb37

SHA512
003ef04dc81ebc31fe40f59ee39fde6f1bdfbe44bb5a3095d488046f5d3f17c6ecb8f5e99cb21aa9bb9b0ddc20a6cf976e756d572d16384e1a44cb7d4b3841bf

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\installer.txt

Filesize
4KB

MD5
9aedc83e935a39f3fa2cef1b1fc5a306

SHA1
1d420e1b2032e523bf0241a0d738da3fb2618c3a

SHA256
cd0bf6e36828117df43c23fe453aac646ec4795d3f1eec0f717653b41ba28983

SHA512
57192e7c5037a71f0ffcc2bbb8e0e787ff727894112051b6390f5f84336a6dca943be1a39e971089229f64f0dbd21e82aac3ec7e4601bd7926e2e7eeccc7ffb1

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\Cmmlib.dll

Filesize
1.9MB

MD5
60d84d4d20b753dfcc56eabceca21c7f

SHA1
53cc756fc0308b8d44132e98eafec516665f2d43

SHA256
a5f2b94c03b27c528289baa49516baa3ccf7061d2e55c1df4190ca198fdf9377

SHA512
56d516626b3fbf770341a1f091d1d39beafa7db0525069db8ef590c3ae6cceb4b16066f89c00960316345c5591e0b834bfd7a7a2d47d1e74f6e126ec0a4ff123

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\CptShare.dll

Filesize
313KB

MD5
419ac8e03ac66b9a311d32b3cb786518

SHA1
4c693482b21239e7b5ec303a60a58cfc3cb0296e

SHA256
b063c66276e0276a891f85028e3d415ac1dbcb575b3adf89d8b4ee00a1a7b223

SHA512
68fe986f54ba8720151bf155f688210b224c4fea54fb0ef55b07f9408f7d4638543e2399cdbf95bbc0b0453d361c44ee5d567eb40978c1d217cb05eb8443d9aa

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\DuiLib.dll

Filesize
1.4MB

MD5
06ecf15b0e5725a4d047208650f71630

SHA1
c0655d8d03d08746527fefd2e95dade25f22f24e

SHA256
3db51996f3b31241fbe0781b3aa69c56d394f8c26584c49621ee347691347600

SHA512
8a9003d643fbe31422b20c5fa766711e05e0145c594ec84e85ddc6527926ee3b2ffc0812a163740551c052e40420b6ef503de7b18420bc9782d357a9dd76a1d8

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\LibphoneWrapper.dll

Filesize
687KB

MD5
033f24915a6d432ad0053ef6fa8ed688

SHA1
67000332abe1210e2a82d124de8e90655d02757f

SHA256
b7cfb3bf228e9f8edda9122b6d47ba5d2f3841fb5fb3a17d141f49d398f12d55

SHA512
7917ff9dd249b478a86c8848d3f201a9665f57345ed63bfcd11eddff3e21967f9d73d266455b03d513cb86d3f2bef3979bb2a3c9028aecae332e6f0377b7b541

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\UIBase.dll

Filesize
759KB

MD5
7aa2740281031898d6e345bc7c887399

SHA1
6025c991be8ccbbb64ef19e24cb54ebd4b582d80

SHA256
766ce7543596aa81199f1d9102682797195328a94d2b7aea3383190d3afdfe9a

SHA512
671246fd6971cc817dc926cdd3b85ffffd2153bb2a4c43ec0795fe61c4c787df4943e896a64938150b85cdba6559bdea95d5f57f94db182dc1960ef2a43be9e0

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\XmppDll.dll

Filesize
1.8MB

MD5
85d22f81e9b029a3952d67c172988a9b

SHA1
71ba94dcf16792d1e6fd669e2e9bed82e5751522

SHA256
7a9bb59a65de250b137ae744f3d5d285f4038de67255e932977d73dc691f8662

SHA512
7f6aa0f5fc824d30bfaa657db22af25b9fcf690d6bbde9d7a39dc4be005ea3d484a7a4b50c3e9f629b3835a18727c5e09e18f1543409c5f0522d9ad856787573

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\cares.dll

Filesize
112KB

MD5
460724c2208d4edf0321587b76c0fbf3

SHA1
05b09e22d279a15b1462000ef9ad1d98e9344fc2

SHA256
a5a7b5483d6387a3fcde168ba46dc50659188c46cddb68a6b016169cba92d15f

SHA512
7183e8c3934f471ce19e6f929c11873cfeea9e5bba5d47b2b1fa2d9f6190430d3b93352f0f66c7fc8a02cce80aecf6e3fd24fba2236ea00636d018511128b833

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\libcrypto-1_1.dll

Filesize
3.4MB

MD5
07b5bcbbf87041ca9e07379c7d7f1392

SHA1
b9978c7f0acc7f4d6af907293881f6fd19fba65e

SHA256
b709f7a3876d8cfaa06ea0f810314948946cbeea72d9c7ef11e4d36261e59efe

SHA512
d4f08c3e65cb6b852f665edd115c6bd23c118d289a8ce03eca1334c5f8e426be1dc25bf3f49afc2799d28b4d0eaafb0c711a01ab3d4163af539e1df2cd1879f2

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\libssl-1_1.dll

Filesize
732KB

MD5
5b20cad0c552c08ae3d06406c4ece072

SHA1
c189d4633873d55bfe284bdcbd9e9804e0b1aaa0

SHA256
ee9b54e77cf135671feb14939bd4ea7d251e2375feb558be99d1e155b39e7aa3

SHA512
e6c4b2a2cac03ce6b12fd7ad62f8434b3a105091c3f8f411b088373131545e4b32e8f03f716930201631e5bb6f4e086dff16fdfa027817dfa37cb3de545a2551

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\mcm.dll

Filesize
1.4MB

MD5
7f750fe23efcd5710f4bd9154cd12fa8

SHA1
7eb475a8a035f9765bb681f3e237719386afa8a8

SHA256
4715a2b3202bcbceed9b84b228b09a73125f41f715e5d156c56712d72088db08

SHA512
5ade1b79a961bebe02a5afd5644827921c31ca415924f270b917738c42fcdd6b314b242f58c66f8553193fff2805b0289eff3f81292fd95d143aa0a280786485

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\msaalib.dll

Filesize
52KB

MD5
889ad74cfd6adebc8f75cada0a6613fa

SHA1
012769c5c76b2c43817c6197a0fb101ad68760e4

SHA256
ba088bc7237a10a7bed45400c61ce7d36b4cae08a8d90a77838888b01eccb9a6

SHA512
44a39bfd5b80297b16197f27ec5b02d94341a8b150953ef267c25d534b6711207f0e07fdbb8401bef86cb5ad96db0d2a4260d067e2f9ce2ffd17cda478f3528b

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\msvcp140.dll

Filesize
571KB

MD5
5cde3aed10412762e83b7fe43694a22b

SHA1
4ffcdf063eafc901105836c27a634530ea614755

SHA256
10ddff48d704c6007e4c2d53fb4856b5e5e79479503366236246a323aaa76e9d

SHA512
fcd7bc262e7bbcbbac9258e31b8d62efb2e601ac1fffac4c86819c8f2aed26fc19403d992a57d48ec92752b2a0a8b04e8204423d6077c7800ea4015f016faa23

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\msvcp140.dll

Filesize
571KB

MD5
5cde3aed10412762e83b7fe43694a22b

SHA1
4ffcdf063eafc901105836c27a634530ea614755

SHA256
10ddff48d704c6007e4c2d53fb4856b5e5e79479503366236246a323aaa76e9d

SHA512
fcd7bc262e7bbcbbac9258e31b8d62efb2e601ac1fffac4c86819c8f2aed26fc19403d992a57d48ec92752b2a0a8b04e8204423d6077c7800ea4015f016faa23

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\nydus.dll

Filesize
2.1MB

MD5
76d072a14cd82626be96e7c9f417e25b

SHA1
f8618c6ee9c690e87f6e8ef87c501c275e179607

SHA256
5e0bf04ab10b948452c3dd85b1e364875db51eb9fa4b40441ea7167e562af717

SHA512
2b2ee18e7928a8f6e1e7b9fc68cb7578090ec72d22a2af89cad0b5c65cec3d194a59e6edd866e5fc3ad6442f6fb52282ec953c4509b1a36a90dc0cb655e1b973

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\reslib.dll

Filesize
49KB

MD5
20d65b37d9efe136b6bb4232d4101bf9

SHA1
3434ce733297a2c25a32e13d77618ad3a904909c

SHA256
557d7687c4119a5808275c70cd5a94823bba1a71d02b05fec00b898ba54edc20

SHA512
603c80a66f07c5fef13c93c68114ea9c36733ccb90faa70fef8035227f9574de298146b2ec1d46501f8f42145cc2bf6fb893f5178143d3500fa5646a8e06d5ef

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\tp.dll

Filesize
1.1MB

MD5
2ec8f714b253b97623b3a22f3204e832

SHA1
26b9ea528f6ca16b4dd215baa46dcd45f151a13c

SHA256
8931a9f6dd3daf54cd4bd9b2298809978fce89800f89cd1ea81702e17b3b32fd

SHA512
4b14ba013fdc0e351a9b60d99145c0f8e0d369abade481b3c842810be452cf0f26f6d37898601b0c41402db107a34a32c2780e58188e0006a10c66f9be390647

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\ucrtbase.dll

Filesize
987KB

MD5
61eb0ad4c285b60732353a0cb5c9b2ab

SHA1
21a1bea01f6ca7e9828a522c696853706d0a457b

SHA256
10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd

SHA512
44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\util.dll

Filesize
400KB

MD5
e74b26ce914c15509d439d8b83483f6d

SHA1
1d6b664163d2cd2690dacc44766a012a4ee44a86

SHA256
9b7ef432725e012332506e343e7a817c13a51a5f2c9a9a1478ad3f97c7571663

SHA512
6761082c6d93d0604c46b082e84a3beb9841cee3535e04351257835eba8b9ed7628372df4ef0aef9d518ef99e4b910f471d954d56ab0463226c65b004e862964

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll

Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\zChatApp.dll

Filesize
7.5MB

MD5
e2bbb2365b5e1c56bef302f7251ac7fa

SHA1
9f50d922f584a90993e888ddd94a639abf4796b3

SHA256
e2f7ec4c3d6be349d3413f38c3a1560cf0d8a12623f4f0bb9cb5113a631ff9fc

SHA512
0c405e9b1c37ac7962ec79549c5ff633821b7cbdbe1da88d4c66a62b4f39b4d009d6abed9655292ad835a26ed87e09b679849735520df27ba8ebaa6e6cc2c4b5

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\zChatUI.dll

Filesize
10.5MB

MD5
a614ca13a451a4282ff51beeed1a9d74

SHA1
62cf40056dec266a4fcc7752e9ec02c93fc463f5

SHA256
fbe9af1e3815a2bab82d904b52bf2e7c12d6562b8321a8d3875d4f3a7cd77101

SHA512
36050b180df3bcbf1e00ba09b63e42156381c5b7598bff01e1b66c3853c00f61ddddd765e03ab7526d62a79104a18d52bbdcb6513f983be45e144e5390b2553f

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\zCrashReport64.dll

Filesize
242KB

MD5
87152c09dbb2d800b7eaa9e209ff259d

SHA1
9c7a0eee0976e2b2155e084682511132723ece4a

SHA256
157142b07e183bb0ff26bd5484d0562389e8155b1e1726bd1c7fb80c13d0b713

SHA512
e8d6289864bda31b527e669b0886dfe103435cd6945b1b590ae8c64335b2a522bc213ffeaac392041c321b1d9cd65970ff343304d20cbb3fcdd458c2a76869a2

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\zCrashReport64.dll

Filesize
242KB

MD5
87152c09dbb2d800b7eaa9e209ff259d

SHA1
9c7a0eee0976e2b2155e084682511132723ece4a

SHA256
157142b07e183bb0ff26bd5484d0562389e8155b1e1726bd1c7fb80c13d0b713

SHA512
e8d6289864bda31b527e669b0886dfe103435cd6945b1b590ae8c64335b2a522bc213ffeaac392041c321b1d9cd65970ff343304d20cbb3fcdd458c2a76869a2

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\zVideoApp.dll

Filesize
4.0MB

MD5
d6846686b2ba6a45af2b9abfd8d0b97a

SHA1
e7b5ba0594e488b59e3ff88dd929dd0b727dda3d

SHA256
c4e2cf75dac7cd177a163cffcd59f8298249680dfa2ca9cfa77dd265ed1f2357

SHA512
aa9567d89ceeeef1d1d9eeee37c8f09787810cd0a20b89242163b473e6cd5a76d792c12de8ac5c5d9308b49210ad13c9c80efacfcaddfa94d20e5975916bcbf1

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\zWebService.dll

Filesize
6.8MB

MD5
a6122e27df1de91e90e343339c43de00

SHA1
d2488c4f9c7f4f4d4db0270ecd37ed2acf3515f5

SHA256
d4207d057ee1e20b2a38b4eccf39b63b5dde7ca02048fb4f932fe2b9072b9fc3

SHA512
8ed42136605009c06309f8f6e698065a44b6c205eb605fad1be52bd372356148e4fcc8debd757b5ba8cbfbd4f6104d0ac9c825280819262b6a8b685cfc91631b

Download Submit
\Users\Admin\AppData\Roaming\Zoom\bin\zWinRes.dll

Filesize
15.2MB

MD5
89dcce1ff4734195288e9153629f42ce

SHA1
b1dc803bc4ac74e539224f78aade894054350dbb

SHA256
756b2d0021fed7942ff94c17c618a66462ad1778ef01e805c1c10f2b3621bb37

SHA512
003ef04dc81ebc31fe40f59ee39fde6f1bdfbe44bb5a3095d488046f5d3f17c6ecb8f5e99cb21aa9bb9b0ddc20a6cf976e756d572d16384e1a44cb7d4b3841bf

Download Submit
memory/2892-204-0x00007FFCB2190000-0x00007FFCB291B000-memory.dmp

Filesize
7.5MB

Download
memory/3584-183-0x00007FFCB53A0000-0x00007FFCB5E58000-memory.dmp

Filesize
10.7MB

Download