Analysis

  • max time kernel
    123s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2022, 09:28

General

  • Target

    ZoomInstallerFull.exe

  • Size

    76.4MB

  • MD5

    aeb04e767a408e5ac643cd467751afff

  • SHA1

    cc2b84718bcec1fe34b3e9189762149f4a91fc23

  • SHA256

    9108e1d22d74bc5397b8886edc4f0a84b8906436a648ef8a86f30cf7e08978dd

  • SHA512

    d7e4e4c523290ac5afec1382c275dacc8a1657d7a75c2298c3bbf1fe7881253a3b5005895b72954f5062f6cd25a52df6f72c4d0022335f2349c6ede2d0e66114

  • SSDEEP

    1572864:jpDrQefrQSB+gTC4GB3RA9MLhWG7VYlSGTbANByfGajuTgIrPJGsF:9DLfrQQ/FA3RAicfUjByfFIDJ

Malware Config

Extracted

Family

icedid

Campaign

3280585787

C2

trbiriumpa.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Blocklisted process makes network request 4 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 15 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 10 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe
    "C:\Users\Admin\AppData\Local\Temp\ZoomInstallerFull.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\WINDOWS\SYSTEM32\rundll32.exe
      C:\WINDOWS\SYSTEM32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\maker.dll, init
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4764
    • C:\Windows\SYSTEM32\msiexec.exe
      msiexec.exe /i C:\Users\Admin\AppData\Local\Temp\ikm.msi
      2⤵
      • Blocklisted process makes network request
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4664
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4820
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4724
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 35F9301F4E3CAD19BD75B9C2F9EC19BF E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in Program Files directory
        • Modifies Internet Explorer settings
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:640
        • C:\Program Files (x86)\Zoom\bin\ZoomOutlookIMPlugin.exe
          "C:\Program Files (x86)\Zoom\bin\ZoomOutlookIMPlugin.exe" /Check
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:4420
        • C:\Program Files (x86)\Zoom\bin\CptInstall.exe
          "C:\Program Files (x86)\Zoom\bin\CptInstall.exe" -install -unelevate -product Zoom
          3⤵
          • Executes dropped EXE
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:1360
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:4224
    • C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
      "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Admin\AppData\Roaming\Zoom"
      1⤵
      • Executes dropped EXE
      PID:3780

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe

            Filesize

            225KB

            MD5

            9e5451ac860085c00d10e6e02ace93cd

            SHA1

            df62392329cd02d9a8b1b6b7fa694aee6ad8d7a7

            SHA256

            0580a8af804708ed9a86d9958eecdb84845455d285fc25e5a8f618ae46f7ffab

            SHA512

            e84589fdb855cee28000e51d5be922f9cfc8901dd3099838c1d92796fdf917c24e26afc01122b9379be2f753062ccdfdc395c012d6b91d319c8b0cbc82cc5686

          • C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe

            Filesize

            225KB

            MD5

            9e5451ac860085c00d10e6e02ace93cd

            SHA1

            df62392329cd02d9a8b1b6b7fa694aee6ad8d7a7

            SHA256

            0580a8af804708ed9a86d9958eecdb84845455d285fc25e5a8f618ae46f7ffab

            SHA512

            e84589fdb855cee28000e51d5be922f9cfc8901dd3099838c1d92796fdf917c24e26afc01122b9379be2f753062ccdfdc395c012d6b91d319c8b0cbc82cc5686

          • C:\Program Files (x86)\Zoom\Zoom(32bit)\CustomAction.dll

            Filesize

            463KB

            MD5

            cd93acb0b47d809d49de75b5e62098b9

            SHA1

            6cf726521daff980823667e6cb659c7ccf67085b

            SHA256

            b4786fcaa00af8739df2b73922ad750d5799538448712e5933470211c230068c

            SHA512

            832cf816d2e2713d9f1b4a805cb25b608eb02bb2fa3c001f980c70c4281c4b6456c7a5c4e492a0c3d1df106a70efe15250a8993e6c1af1c53359860082cce174

          • C:\Program Files (x86)\Zoom\Zoom(32bit)\CustomAction.dll

            Filesize

            463KB

            MD5

            cd93acb0b47d809d49de75b5e62098b9

            SHA1

            6cf726521daff980823667e6cb659c7ccf67085b

            SHA256

            b4786fcaa00af8739df2b73922ad750d5799538448712e5933470211c230068c

            SHA512

            832cf816d2e2713d9f1b4a805cb25b608eb02bb2fa3c001f980c70c4281c4b6456c7a5c4e492a0c3d1df106a70efe15250a8993e6c1af1c53359860082cce174

          • C:\Program Files (x86)\Zoom\Zoom(32bit)\CustomAction.dll

            Filesize

            463KB

            MD5

            cd93acb0b47d809d49de75b5e62098b9

            SHA1

            6cf726521daff980823667e6cb659c7ccf67085b

            SHA256

            b4786fcaa00af8739df2b73922ad750d5799538448712e5933470211c230068c

            SHA512

            832cf816d2e2713d9f1b4a805cb25b608eb02bb2fa3c001f980c70c4281c4b6456c7a5c4e492a0c3d1df106a70efe15250a8993e6c1af1c53359860082cce174

          • C:\Program Files (x86)\Zoom\bin\Cmmlib.dll

            Filesize

            1.6MB

            MD5

            4fda1fc1054dab4cd2a8c61a9b98b7dc

            SHA1

            f52dae000279e4b30a28f3aca23b5f04654ac7c5

            SHA256

            894905b29f5ca31dd0c696333fcc7e23bd3c7ba8fb758b2293df7a7f2268acf8

            SHA512

            09531c83673fb6a458978158016ec4daadbd6606780be7f47daa4f4b48c5a68affb63dd35797d825647c237bd218ddd50131bc4961ca59fe26318123fdd52dee

          • C:\Program Files (x86)\Zoom\bin\Cmmlib.dll

            Filesize

            1.6MB

            MD5

            4fda1fc1054dab4cd2a8c61a9b98b7dc

            SHA1

            f52dae000279e4b30a28f3aca23b5f04654ac7c5

            SHA256

            894905b29f5ca31dd0c696333fcc7e23bd3c7ba8fb758b2293df7a7f2268acf8

            SHA512

            09531c83673fb6a458978158016ec4daadbd6606780be7f47daa4f4b48c5a68affb63dd35797d825647c237bd218ddd50131bc4961ca59fe26318123fdd52dee

          • C:\Program Files (x86)\Zoom\bin\CptControl.exe

            Filesize

            96KB

            MD5

            d7e39303a4d41e8f27310c2601cdb34c

            SHA1

            595b000756f2f6483ccaaf751f5ae3309f10e4f6

            SHA256

            8f9db23d84f8c3cfe3365a64d4aa4c87d4fa02fffa64dcc00d17c66307fc0c82

            SHA512

            a0088fd79630780dea041abf89e78af48ed5bd8a3976e72e89043c8a604c4d1146eb4cb35ff8206829fd2da66675652ca4bc7953301a8865a4066572f9ce2552

          • C:\Program Files (x86)\Zoom\bin\CptInstall.exe

            Filesize

            226KB

            MD5

            c380b703ef0cb2e5bca13004a242ae65

            SHA1

            b52a1a3ad31688244124769f02351effc3952248

            SHA256

            1159dfd3f1a2a87efa7ed0d6fa16001695c3a0f7b21473bbf94d133ca1c41e25

            SHA512

            de096b58b55f69294d68497686a76a5fca10b1fb27f087dc3216036d2a829605d6ee738eb7e346fc98e327f1398954851a4db33b71357443e657ae61e87ecc91

          • C:\Program Files (x86)\Zoom\bin\CptInstall.exe

            Filesize

            226KB

            MD5

            c380b703ef0cb2e5bca13004a242ae65

            SHA1

            b52a1a3ad31688244124769f02351effc3952248

            SHA256

            1159dfd3f1a2a87efa7ed0d6fa16001695c3a0f7b21473bbf94d133ca1c41e25

            SHA512

            de096b58b55f69294d68497686a76a5fca10b1fb27f087dc3216036d2a829605d6ee738eb7e346fc98e327f1398954851a4db33b71357443e657ae61e87ecc91

          • C:\Program Files (x86)\Zoom\bin\CptService.exe

            Filesize

            225KB

            MD5

            9e5451ac860085c00d10e6e02ace93cd

            SHA1

            df62392329cd02d9a8b1b6b7fa694aee6ad8d7a7

            SHA256

            0580a8af804708ed9a86d9958eecdb84845455d285fc25e5a8f618ae46f7ffab

            SHA512

            e84589fdb855cee28000e51d5be922f9cfc8901dd3099838c1d92796fdf917c24e26afc01122b9379be2f753062ccdfdc395c012d6b91d319c8b0cbc82cc5686

          • C:\Program Files (x86)\Zoom\bin\CptShare.dll

            Filesize

            280KB

            MD5

            03c0ad10f2e76ac88586a8093111a545

            SHA1

            2bd73faa30fc09d1b1d036c43075da5a18f712a9

            SHA256

            817d66e6ce83acf907ebf7952e72ab17e384c698998dc93d836ee7f1bd94d6e3

            SHA512

            a77d36ef13e5910d7b1e8b2a0abff97371cd1d16b7cb8818d3da1ebd5d1aa6d4b4d63b4919c2f721d42e16d8b25dab25da3b72639bae3f59a457892167ca2b5e

          • C:\Program Files (x86)\Zoom\bin\CptShare.dll

            Filesize

            280KB

            MD5

            03c0ad10f2e76ac88586a8093111a545

            SHA1

            2bd73faa30fc09d1b1d036c43075da5a18f712a9

            SHA256

            817d66e6ce83acf907ebf7952e72ab17e384c698998dc93d836ee7f1bd94d6e3

            SHA512

            a77d36ef13e5910d7b1e8b2a0abff97371cd1d16b7cb8818d3da1ebd5d1aa6d4b4d63b4919c2f721d42e16d8b25dab25da3b72639bae3f59a457892167ca2b5e

          • C:\Program Files (x86)\Zoom\bin\MSVCP140.dll

            Filesize

            440KB

            MD5

            e0dd94aada0b034b212de071c33054da

            SHA1

            6c4f1b3f66d07bbcdcf41eb39b1480bb335efcc8

            SHA256

            08442853f19ce4ff3acae37d87eab33ef81c4c6da62a3432d43253ba79842b64

            SHA512

            76c877056f448e5dab820e990cc186ba886b2d331d689a99295aaff31a63aadb941c2693b0be98d53bd06cd8041a270eb82ddedfbde305cd9a85bcbe42fcf5a2

          • C:\Program Files (x86)\Zoom\bin\VCRUNTIME140.dll

            Filesize

            74KB

            MD5

            87dd91c56be82866bf96ef1666f30a99

            SHA1

            3b78cb150110166ded8ea51fbde8ea506f72aeaf

            SHA256

            49b0fd1751342c253cac588dda82ec08e4ef43cebc5a9d80deb7928109b90c4f

            SHA512

            58c3ec6761624d14c7c897d8d0842dbeab200d445b4339905dac8a3635d174cdfb7b237d338d2829bc6c602c47503120af5be0c7de6abf2e71c81726285e44d6

          • C:\Program Files (x86)\Zoom\bin\Zoom.exe

            Filesize

            336KB

            MD5

            260c0125fe9cae11da4cef073b077f68

            SHA1

            869b78d539340ba055e6810b24217021debf0fae

            SHA256

            306aa18dcb46b14c1d76f9c7cf78a49c88ef564b54cd4a523a1a4b5076a3ef36

            SHA512

            d3a78b209e0cef40d35d552e32540a3a2b4d0e4683c5443a74cb1528ae5997d6c17c5413a65fd2d3b1b13c4e1c27d81c5e2bce5ce4ccc3cdb2725330607767ec

          • C:\Program Files (x86)\Zoom\bin\ZoomOutlookIMPlugin.exe

            Filesize

            581KB

            MD5

            8ec8a4e243853dea877d12266a88cfbf

            SHA1

            4f6129129c0cdda57d8232a2a10d7124d06d6762

            SHA256

            cf8638536dd901843119c0b56cd4a61a46c3461b2d374658a713763e18389474

            SHA512

            54e50dded7c661c854a86a2b65899accc923c51e4fa44d463abdfc94e7e7412e6765b7feda81dc82fbf0eee49a08288defc56723da4ce3768f2187b887232eb1

          • C:\Program Files (x86)\Zoom\bin\ZoomOutlookIMPlugin.exe

            Filesize

            581KB

            MD5

            8ec8a4e243853dea877d12266a88cfbf

            SHA1

            4f6129129c0cdda57d8232a2a10d7124d06d6762

            SHA256

            cf8638536dd901843119c0b56cd4a61a46c3461b2d374658a713763e18389474

            SHA512

            54e50dded7c661c854a86a2b65899accc923c51e4fa44d463abdfc94e7e7412e6765b7feda81dc82fbf0eee49a08288defc56723da4ce3768f2187b887232eb1

          • C:\Program Files (x86)\Zoom\bin\crashrpt_lang.ini

            Filesize

            7KB

            MD5

            fcf61aed8f093bfcf571cdd8f8162a05

            SHA1

            8de8177798aae82d5bcc0870c1ca5365f5d9966d

            SHA256

            1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb

            SHA512

            8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72

          • C:\Program Files (x86)\Zoom\bin\libcrypto-1_1.dll

            Filesize

            2.5MB

            MD5

            a97d2029f96df8bb27b22c00d84f7900

            SHA1

            cdbb1c2fa62f8c9ee9027335cb64a527a79b46ca

            SHA256

            606bea4c0de0ad49486774990e3590de06d8bc6da366d6d0cb74aebf8573ffca

            SHA512

            b5353b73cb9279e62aaafa4a5912a9fe127e039bd2f07a5e23100462445e74112f40f7aa157aa6593e970dab2e85000eff386cf25f4ee84449517ca8eaa2305e

          • C:\Program Files (x86)\Zoom\bin\libcrypto-1_1.dll

            Filesize

            2.5MB

            MD5

            a97d2029f96df8bb27b22c00d84f7900

            SHA1

            cdbb1c2fa62f8c9ee9027335cb64a527a79b46ca

            SHA256

            606bea4c0de0ad49486774990e3590de06d8bc6da366d6d0cb74aebf8573ffca

            SHA512

            b5353b73cb9279e62aaafa4a5912a9fe127e039bd2f07a5e23100462445e74112f40f7aa157aa6593e970dab2e85000eff386cf25f4ee84449517ca8eaa2305e

          • C:\Program Files (x86)\Zoom\bin\msvcp140.dll

            Filesize

            440KB

            MD5

            e0dd94aada0b034b212de071c33054da

            SHA1

            6c4f1b3f66d07bbcdcf41eb39b1480bb335efcc8

            SHA256

            08442853f19ce4ff3acae37d87eab33ef81c4c6da62a3432d43253ba79842b64

            SHA512

            76c877056f448e5dab820e990cc186ba886b2d331d689a99295aaff31a63aadb941c2693b0be98d53bd06cd8041a270eb82ddedfbde305cd9a85bcbe42fcf5a2

          • C:\Program Files (x86)\Zoom\bin\msvcp140.dll

            Filesize

            440KB

            MD5

            e0dd94aada0b034b212de071c33054da

            SHA1

            6c4f1b3f66d07bbcdcf41eb39b1480bb335efcc8

            SHA256

            08442853f19ce4ff3acae37d87eab33ef81c4c6da62a3432d43253ba79842b64

            SHA512

            76c877056f448e5dab820e990cc186ba886b2d331d689a99295aaff31a63aadb941c2693b0be98d53bd06cd8041a270eb82ddedfbde305cd9a85bcbe42fcf5a2

          • C:\Program Files (x86)\Zoom\bin\ucrtbase.dll

            Filesize

            1.1MB

            MD5

            2040cdcd779bbebad36d36035c675d99

            SHA1

            918bc19f55e656f6d6b1e4713604483eb997ea15

            SHA256

            2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

            SHA512

            83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

          • C:\Program Files (x86)\Zoom\bin\ucrtbase.dll

            Filesize

            1.1MB

            MD5

            2040cdcd779bbebad36d36035c675d99

            SHA1

            918bc19f55e656f6d6b1e4713604483eb997ea15

            SHA256

            2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

            SHA512

            83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

          • C:\Program Files (x86)\Zoom\bin\vcruntime140.dll

            Filesize

            74KB

            MD5

            87dd91c56be82866bf96ef1666f30a99

            SHA1

            3b78cb150110166ded8ea51fbde8ea506f72aeaf

            SHA256

            49b0fd1751342c253cac588dda82ec08e4ef43cebc5a9d80deb7928109b90c4f

            SHA512

            58c3ec6761624d14c7c897d8d0842dbeab200d445b4339905dac8a3635d174cdfb7b237d338d2829bc6c602c47503120af5be0c7de6abf2e71c81726285e44d6

          • C:\Program Files (x86)\Zoom\bin\vcruntime140.dll

            Filesize

            74KB

            MD5

            87dd91c56be82866bf96ef1666f30a99

            SHA1

            3b78cb150110166ded8ea51fbde8ea506f72aeaf

            SHA256

            49b0fd1751342c253cac588dda82ec08e4ef43cebc5a9d80deb7928109b90c4f

            SHA512

            58c3ec6761624d14c7c897d8d0842dbeab200d445b4339905dac8a3635d174cdfb7b237d338d2829bc6c602c47503120af5be0c7de6abf2e71c81726285e44d6

          • C:\Program Files (x86)\Zoom\bin\vcruntime140.dll

            Filesize

            74KB

            MD5

            87dd91c56be82866bf96ef1666f30a99

            SHA1

            3b78cb150110166ded8ea51fbde8ea506f72aeaf

            SHA256

            49b0fd1751342c253cac588dda82ec08e4ef43cebc5a9d80deb7928109b90c4f

            SHA512

            58c3ec6761624d14c7c897d8d0842dbeab200d445b4339905dac8a3635d174cdfb7b237d338d2829bc6c602c47503120af5be0c7de6abf2e71c81726285e44d6

          • C:\Program Files (x86)\Zoom\bin\vcruntime140.dll

            Filesize

            74KB

            MD5

            87dd91c56be82866bf96ef1666f30a99

            SHA1

            3b78cb150110166ded8ea51fbde8ea506f72aeaf

            SHA256

            49b0fd1751342c253cac588dda82ec08e4ef43cebc5a9d80deb7928109b90c4f

            SHA512

            58c3ec6761624d14c7c897d8d0842dbeab200d445b4339905dac8a3635d174cdfb7b237d338d2829bc6c602c47503120af5be0c7de6abf2e71c81726285e44d6

          • C:\Program Files (x86)\Zoom\bin\zCrashReport.dll

            Filesize

            97KB

            MD5

            f82f0a3932e73d4f6973632d42c0f296

            SHA1

            9a59389cc938121a5941a589fc4b66a7d65af7e3

            SHA256

            aab43f8a9ab37b205e651ac629404ee8dbbc9bf0b4fee85b422275406a1c2572

            SHA512

            97a098112f448362bd677f2991243b8b024d37f03adf7facdb0601639bc0fb9ca99945bc08d8eca580903120c0a6de7a35106984500207a3c5562a34dbc37ea9

          • C:\Program Files (x86)\Zoom\bin\zCrashReport.dll

            Filesize

            97KB

            MD5

            f82f0a3932e73d4f6973632d42c0f296

            SHA1

            9a59389cc938121a5941a589fc4b66a7d65af7e3

            SHA256

            aab43f8a9ab37b205e651ac629404ee8dbbc9bf0b4fee85b422275406a1c2572

            SHA512

            97a098112f448362bd677f2991243b8b024d37f03adf7facdb0601639bc0fb9ca99945bc08d8eca580903120c0a6de7a35106984500207a3c5562a34dbc37ea9

          • C:\Program Files (x86)\Zoom\bin\zCrashReport.dll

            Filesize

            97KB

            MD5

            f82f0a3932e73d4f6973632d42c0f296

            SHA1

            9a59389cc938121a5941a589fc4b66a7d65af7e3

            SHA256

            aab43f8a9ab37b205e651ac629404ee8dbbc9bf0b4fee85b422275406a1c2572

            SHA512

            97a098112f448362bd677f2991243b8b024d37f03adf7facdb0601639bc0fb9ca99945bc08d8eca580903120c0a6de7a35106984500207a3c5562a34dbc37ea9

          • C:\Program Files (x86)\Zoom\bin\zCrashReport.exe

            Filesize

            219KB

            MD5

            97042fb62a7ef502dcd1bc96bc490e28

            SHA1

            1d1f822fe6095660c9bcae225d110298ab3be32e

            SHA256

            52089b799c309f023b8d58b703302c3165bc4c680ea8135cb18d7fabc0d42c1c

            SHA512

            916a1f34871aec9433605bb8a3b208018df30d0e5fdbb935566793523b5b9281d7ac4c1a94932541267a0b4bdb3b71a1f389ce48f7e5a90838d58fd351921bd1

          • C:\Program Files (x86)\Zoom\bin\zOutlookIMUtil.dll

            Filesize

            474KB

            MD5

            6934de614ca4dd452966e086bea3ead0

            SHA1

            7c5ca8e69cd685dffa4537285ec601bc760e11c9

            SHA256

            a81057faa8bd295d0708a34c1879ad5abd4a46ac82a322b7027c027de0439451

            SHA512

            2ddee6238212d190ccfe4cd06c5a77c9c5c956e6a8f733a1781ace2f4db3457a2e38295aba6469a2e8e12957fb435fcb514de5f4516fb2dcbd005f58bd4d9d60

          • C:\Program Files (x86)\Zoom\resources\emojione_low.7z

            Filesize

            7.4MB

            MD5

            4d4920bf542c67be8e85249faf9bb89e

            SHA1

            3ae7e5ae51179056c61487902534336c1996a807

            SHA256

            ed3419d21d69fd71d2133bfcf83732215f4c65eb547ef73107cb98d03e86cd2f

            SHA512

            402e878f8976cc4c59264ad5ece9bd8a6c6d371103626d6d0f65b55a0d6139eaa1f0a74c1f63149d158de267467b3cd124038d9447808646a8350736a5e9bc9d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2A7611428D62805A3E4E5BC4103D82E4_5DFDB51029B86E246C6BBA4B4F208E9A

            Filesize

            471B

            MD5

            a4f2b9da40d62bbdc3525729d136f9e7

            SHA1

            6827de091041073a0a78296c8a3c84584b86c8b7

            SHA256

            974de3108a032fd1fc38da284e272fc07c9c1be2be52068fb85e82ccf197d058

            SHA512

            b961ca46ef9143723e759062005e69d3e421e64d6cd0df390ace94919e270df10d4bc96142f2bda4b3cb86133e71de93af21c7679ab1bce31a75af282eb27110

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

            Filesize

            471B

            MD5

            da5a9f149955d936a31dc5e456666aac

            SHA1

            195238d41c1e13448f349f43bb295ef2d55cb47a

            SHA256

            79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

            SHA512

            60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_8DBAD5A433D1F9275321E076E8B744D4

            Filesize

            727B

            MD5

            c53cff3967c2757fe1dbc2e5e519a92f

            SHA1

            ab11c34580f7d39b6772a903a6569741110c3df5

            SHA256

            df90940e9dd59d629b73ed5fdfc42a6bac699d0f8f07f03d2fba6acb47487fd9

            SHA512

            8d82ca6ee9610327b6aa69ff4b15036bb245e15eb1168a8f7318ab66772f214e5f443182199fdbbffc66afa46fa66405f2fc7a5020902e9298d40b8af6739d83

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D9CB7DFFEEA63BAB482BD2705E7E24AB_C5076ACD41E9D9741BBEE5F165E53636

            Filesize

            727B

            MD5

            2bad10f0b55e2d3eed827d1dda515d58

            SHA1

            371d3af38f766317fe5711fe2bdf34fb97b2f4b4

            SHA256

            e093931681ea2aa64c5f8e692d97ab102839555f78292f70fbb7882ca44e3f92

            SHA512

            d37461748e38762707c72c56c143f4be5ad8d6d4faa559b9edde70a49c59fd2cfd7d2b2fc63a2ace2f571786b4b8f08d8bfe120f7eae91948be08d5e33529371

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2A7611428D62805A3E4E5BC4103D82E4_5DFDB51029B86E246C6BBA4B4F208E9A

            Filesize

            430B

            MD5

            c95097044bba829a317af58fb2fa182a

            SHA1

            277f1cfffe70a196d8be955fe1babc3a4881e53e

            SHA256

            1bc586f49a2cdfdd88c25837a0cf12fbe591037ee9e266019f0facb9859f36e2

            SHA512

            a85596794176826b7cd629dc9339ebe877e9e74ad553cbff2d21461f0a2822f7a566d2242d3d6965a37f820afa291b50f5a9547a880a530834bc9fdcb92514e8

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

            Filesize

            400B

            MD5

            b4085b8d0949cdf4f797ccfd06a8e98a

            SHA1

            97c60716a2e1afb61d64effe2234e6ca24fb71f2

            SHA256

            3eeb9755cd49f9d24be6d13b1c148f969fac4b1085144dcebb977aa672d789be

            SHA512

            25daae21f58713283ac53b0ce59d7edb9651f047de8b6b3e82e4cb1a16b324bea542fc1621bf9ac33b758a50b257484ee0884854c6da6393253b9f51f6aee63c

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_8DBAD5A433D1F9275321E076E8B744D4

            Filesize

            446B

            MD5

            f02e7f62740b8b2414ef55b2e2900786

            SHA1

            8d326bb4593325f08b02e18c505731a1e8c59d8d

            SHA256

            145248876d3f0cd5bcd5dce9336902f2f7b5aba87dd90cba615b5dee50782ac7

            SHA512

            3262b4e9688a91ecf3b85803e334c4e2c3679c52de08f03ca35eb0fe3b43675a528eae2d002550a6202ea6ce3169a7795c2d09dca1036bacaec4e0797b4cf19f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D9CB7DFFEEA63BAB482BD2705E7E24AB_C5076ACD41E9D9741BBEE5F165E53636

            Filesize

            438B

            MD5

            7eed3cc6baa9e9a2649e96a7baaff3bf

            SHA1

            247c50973ec30a2d5e79e2bee4c992b56e8c7e64

            SHA256

            bcfd553c8c7dd1ae84ad67fdb65313756d5ff0f0953faa61a4d7ab516d7be2af

            SHA512

            09035bf8d7e73a6ff0548bb1ac97ef3b6c39e073bcd9c0bb345aaae8caecb74cbca76a9e739d8c7df26b2df742efd6b6128d79fc4c553224853459232db141d9

          • C:\Users\Admin\AppData\Local\Temp\ikm.msi

            Filesize

            75.1MB

            MD5

            f7f764ed7be9356b85c73462542b36c3

            SHA1

            e0a67fa1d899d464ec6a268dcfb1b14de172c582

            SHA256

            839c1a8a906bd0bce47262a904708ed58eb832a1acae917ecd758ab5a01f3234

            SHA512

            fafa807291c19bac4da510edc5ccea607b77b0220c5c9090d1eb5a7c3a022f67c113bdf51ef13bc6af830ae3843ca4ea53d96a033fc5aae9714a8708e068b45c

          • C:\Users\Admin\AppData\Local\Temp\maker.dll

            Filesize

            1.3MB

            MD5

            c97d41e563c07d771cd661533ad4ede7

            SHA1

            739ec4cca4ca4204848798c39092d507f0902895

            SHA256

            3c9cd4cf008ed70df41cc270c77055f6edac139ec7ec2a9c3de1b21c1a294ca7

            SHA512

            f3f764be1e1080de02f443c17ddfa1c90750b77e2852dee9dc0dac35bf8a53dd13576a02dc8d0abb0eed04c0fd4702b8e62be4dc214ba2e58dbc55b25f72351d

          • C:\Users\Admin\AppData\Local\Temp\maker.dll

            Filesize

            1.3MB

            MD5

            c97d41e563c07d771cd661533ad4ede7

            SHA1

            739ec4cca4ca4204848798c39092d507f0902895

            SHA256

            3c9cd4cf008ed70df41cc270c77055f6edac139ec7ec2a9c3de1b21c1a294ca7

            SHA512

            f3f764be1e1080de02f443c17ddfa1c90750b77e2852dee9dc0dac35bf8a53dd13576a02dc8d0abb0eed04c0fd4702b8e62be4dc214ba2e58dbc55b25f72351d

          • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

            Filesize

            23.0MB

            MD5

            2e430281d81b2c77fe6bed34b901bb68

            SHA1

            29dc8a1aabad6ba36ea5afa2eb656aecdb215fb1

            SHA256

            d243f20d195d4fc356bab2f43eca42c580c0ae0e32ff7293030ba3d4407425a0

            SHA512

            60a3d2c30c11fbd98bc1b6fe0ea77a327f8523e9c004612c5b29308fef7adf2dfaddde6cfc914ba88aa185136f96bb0714b207954fbfa955b5a0f7f34ed1130d

          • \??\Volume{d26ecb05-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{df07a438-b913-4d04-9357-05ba81346e4f}_OnDiskSnapshotProp

            Filesize

            5KB

            MD5

            0be6c5ad52490907923c9332e6bd3560

            SHA1

            6e953191b315d56ed78e7e83a534ac4d510c2ac9

            SHA256

            2c8a82e25d62c96bf7491c118c8fb9d4efabd4bd7852291133a07343439791d1

            SHA512

            46ea6c9b4c269c816e400263ac3b082728b9ef58a766e730a8fdf401152cda27bbd27bad27bf75d1315dd16aae9235c1888e91c5a6320ca0bb2bdbffa1dd26b8

          • memory/4764-135-0x0000000180000000-0x0000000180009000-memory.dmp

            Filesize

            36KB