Analysis Overview
SHA256
2d57b801c909c2f7856cd634c10c20844ce69502e85ce5405c4ad193e1f93ba0
Threat Level: Shows suspicious behavior
The file 2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo was found to be: Shows suspicious behavior.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Checks installed software on the system
Checks system information in the registry
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Access Token Manipulation: Create Process with Token
Suspicious use of SendNotifyMessage
Modifies system certificate store
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 14:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 14:49
Reported
2024-06-18 14:51
Platform
win7-20240221-en
Max time kernel
141s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a289a8eee8d266408d5dc2d6c0c0eb4000000000020000000000106600000001000020000000bf4a8601522d6ff9361c9b243213cbf6e6de15ec469ba23275ba0f69ba973bdb000000000e80000000020000200000009e5ec3dde546ff714c6b4b923fdf60409c5f0902bbe1bb5166b629a80a55401b2000000094e15910d7792c0c39fd883e4b44978b6257d03813304a983e4d6507160d6bb5400000003d6a35271ca0bc6d9104124db1d2a107c759fd5f01df76b9b2005e07edf1154efc4b859d9337d0a396df7e3fc50dbbc0245b542b234af838d899475dc7ac8d9a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424884031" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3C50061-2D81-11EF-9CEF-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a289a8eee8d266408d5dc2d6c0c0eb4000000000020000000000106600000001000020000000c5989fb1a98c8046c57b7cf1bb0f8ce357372dbdf2053b3112bd0f7a30af77c4000000000e8000000002000020000000bcff57ac3812aa941729afb18bcd38de24003783fdac08c7583f060522ab22fb90000000e363bae83e2f0174a62f982059882512c4e8a4e93d7d18a90720afdc3f6f12c2c84fc1c6be8ff18b3d416fbf6f526e05cbf3bd81f167629f147e9cad2dae0515620534ae5e908618b800c6433a511b127bf548e2b79153f9beaa20e91f55738869d59d0dc34ea94661bfd0e8cd2b93480a781c6c1c9e6680f22afabf48e8089fdff951c10758f0e0daa6826135a5b30340000000e467e772e9d87303b706f3668bdceb6ca0f93108af4044a402c289b2bedf0a9ba6793f9a2f0affd14240e932d3a59f2c3125777ae90cd203b5e1b88a34bc2bfb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9051ebc98ec1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1696 wrote to memory of 2256 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2256 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2256 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2256 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://zoom.us/support/down4j?os=win&err=20030000&v=2_6_1
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.zoom.us | udp |
| US | 170.114.52.2:443 | www.zoom.us | tcp |
| US | 170.114.52.2:443 | www.zoom.us | tcp |
| US | 8.8.8.8:53 | zoom.us | udp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar26AA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2760-117-0x0000000000480000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed3c3e639a3b466f500d71412cd2db7f |
| SHA1 | fbc1d3d4e65c5d3cded96a87346a38becfb7b53c |
| SHA256 | 1db9e2a087e417380530c38c760d48e38efe518d9b5ee3db7d0cbad9fe4404f6 |
| SHA512 | dde6a8f28aa1e86ed0b37d9b4c1b0bbd861f4c0362f352d77b7e1858808f4e5c03846ce2fad655da3c6ce14e2829345d326546b19e669db1c5a29e2c293bbfb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d68024457099cdd0edb44aaae0188b8f |
| SHA1 | 7333670562f78b6c456a30024cb6db04685a1818 |
| SHA256 | 46b7d9333dcfc89f0cb1f93e385680481c142166f19ff03c4d625da6748a9ac0 |
| SHA512 | e55115d2a82399be458dd9cefc5752202b7c7c15370fc66a37e246264830f367e5d82d82b74d05a5bb83702233e5c1249a9c011914c36c9f46eb2a7675d44f80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 276bfe0f7a45cb8b92320c440a75df10 |
| SHA1 | 61925940f55a9dc42595a0a8d15bb1ef0a3bc6f0 |
| SHA256 | 54c41f46134215a4144d0460b797f7c128bb06f011639f11d4666ab8930964f4 |
| SHA512 | 4508791207e1c44449ed7c5a8c341bde9c3e0cf2e15aaf63c67bb325b64d7d3d5e2ea83f6356651ca68f9e9a2347dbecefa47b51f58ef1aa44eb07b81abe77d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7081b464ba9cbfc59e33f96f9a5ca253 |
| SHA1 | ef6f0e8070d89befe46051f70b29dd71bfcb6ef4 |
| SHA256 | e7137cd6da4abc40cba71fd8db7eee6011e65faffd30f90d4064ff79624f984d |
| SHA512 | e792297e9af673c0514f0f921997ca96898503d2f41fdefe9ac142dba321e729a487eeb24f3df983b548cf73d671a8c0743d1f25f3c6318174db6e5585e2d846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cb3308f059c407ecff540a1db07b66e |
| SHA1 | 0c1b6402cf1c105b17a8204f76c7131bf10a2c0d |
| SHA256 | cad0ec974c28d75182ddf3c3c32056746bb3af6c9d642fc569dd121bb641362f |
| SHA512 | 6cdfee16b76009dd99b9cc478279a9ce3276dea9bcd59b429f1a89c6183c9490d477ec9ea90443a25276d4ed41a280137b9995d56bdee5da0113938527d7d8ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32f65c30554ec360d1492e7dde3a538e |
| SHA1 | c606a117ba465fdbe442e3725a88d6ee82591d30 |
| SHA256 | 83c0e0327f95927dd4d8a5dcb10f50ebee963aa8901850967beca495a59baf87 |
| SHA512 | 9022000609eb9278b22708aab4eca14dc4409215a04fa1c2bd7b7152ea7094063188a1357270b158d3e282b32c869ebc6e5bfad390975f0e15cebb3f2cd0c87b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df6f671574918544eded7a262069b11c |
| SHA1 | b1831642d3e74e88e5c84168dfda93b53a1356c8 |
| SHA256 | 1d320920d6f193e3f60825b75dd043cb348563b0c71027217258f4456047182f |
| SHA512 | 55568e644690c04d38e1491751b2eaa7c1ab1c3a42156ffa88c89b581da7d64d4edc438cf7aad5cd5ac1e4180ba3242df5116e2e85af0bb78d1c8a542533f677 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cd92b6691fd9c730e0b2eeb25d0193c |
| SHA1 | cba9accfcc728ffe53c0b5df18f580e2f9483232 |
| SHA256 | 1d2867e5a1c57696a6dd9bead178c5d50c384e32391e9dce63ce4736df340e34 |
| SHA512 | b4f0c748e64a1fa4dffc0916f011762c529bbfe49ac3826145add1d434a25bb5d4bad56d53264210448a354972254bcff2647f14cb8bc67ebb9552ec85ed5c47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83a8d163023205ba523b3405c9392341 |
| SHA1 | 5fe6ae16f11fef8ae95fcd69da375126fe843b2e |
| SHA256 | 6d17c16a244aad7bb8c732403f8fca2f6886005c2888e20ef5e19ab0255802e9 |
| SHA512 | 66a3d7a2d6b95a380fbd60cdb39bbf92e64038ea1ff332b40a4c067e1a3c621c26226059b243d4c918f5840ef950d05d9879c4402300fb7dcdacf60075b71569 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc62bf823dfcf725d8d41377b3a2094a |
| SHA1 | 9192132e685f01db8d8ccf43bd1311cc8ca3b9a4 |
| SHA256 | 84d8996c7be64594ee7019e1f8a3626a31a05e4065f9ead956dcff1c4d1fe45f |
| SHA512 | c92c8c228399b8b6ac1ed9d654e4b4d71997f1d4a60d9e4c4dd162e6a0faa9e035c8c8c87a525f20b31489eef2900f460d1d707e25786345065ba85d1146bb39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b637a5549a8c29c1208f299f35bd391 |
| SHA1 | 941971ffc4e140ebeefd11bbb5f35d1a193807dd |
| SHA256 | 3acd0a1abec7a15ad4165b3885f96a8712c81c2e057f34e98e85b0693192e9c3 |
| SHA512 | a62ea808d1644d4f8d6a0bdc1c36f25ab21eb3bd124496c01ccdebfe1bc535e2e300424e9c85e889e755d04daa58893f3a0843cd38620dc5be9c0585cc9df2c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b12984ae7e7fcbcae667f776141c5fa4 |
| SHA1 | a07e700896281f4a7c433c8f44924669762ca11b |
| SHA256 | 912c0b31d4ba4b8744d24a571e164b1dd58b70f746eb26eed2b744ff6c879115 |
| SHA512 | c1c9e0dd02d4773379659b939c3daf5383972575ce9ee9751b0a7a82d08f626be43e25413078919632f3cb736f733764a984b5634531845c7cb55693123924cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73b4511f4f33df04594ec856188c2d91 |
| SHA1 | e2979c8d62f1d985fb9886ed6d69b3a821050049 |
| SHA256 | d344abd218f98eb9eb12ab3fa7b0089989f2456d2c16dd58d10262789a505647 |
| SHA512 | 7359bb83e442b07e6ae5e4e56d00c090b5fbe4aae7fb59e9fee34a662f45d2154db984ff980c103f122acd25b1661e1b57644ce0da340c270bdc03135339235a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b392fa01b12576b00dce52995aff14a3 |
| SHA1 | dd23ef5c442f21e25efbfe1347adc6f531162218 |
| SHA256 | e598a347af036da004648e7cc891fa0d1d1de166e7c314fcc5296bdd10dd9638 |
| SHA512 | c5874fcc372512bd3ed2e4db0edd6d3e7491deae0c9a462f4ef332d5edf8d1843741521c26ddfad0ed53d30700c97f679f562716f028b5f1d350f874482d0ed2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ef0cdeb2309dc6ff1ae4cc1050692e9 |
| SHA1 | bc9fd937b8d7b65997d09bf6768fe2a9f0155270 |
| SHA256 | 3d78d8850510c447c16c5a3067076fe4a34e771f12a6d1f6da8f5a5ecc51ec97 |
| SHA512 | f3658242282d7f7a814a8809986e89ef56bd8a6bd80d4dcb56cdcc8d66ae23f57bbb291af9708e226943e8d120a9b7cc66f05df3d7541f750a208b0779238408 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 438a6ce13e519ffb33b409d71fc593de |
| SHA1 | 8cbff4f35d464598803313923cd1363a9c198e6d |
| SHA256 | 080186764e0415e4735195f4722b5d07eb318e5754717462cc4662e1e1a5c447 |
| SHA512 | 184711b2d03d9c679342cc4a63f4ee1746e46d56a8671b9198a0ae75b1075edadd7e91f20dba86227d15264d6d490829b3d0b108579b3e316acecede99b11ca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5020eaea4d1fcf24c31ee4b8c5fa5c9 |
| SHA1 | 0ed013cea15c3e3a177d118bc96e08a4fcd7dcae |
| SHA256 | 0fa2d76bcc7a395fbd442133b23bcc779727edfb30d5289f327a5d6c060977b4 |
| SHA512 | 9dfe88ab9f7d3048254701a9e32ad139797f925cd080a5ad62ad15f969e7ab5a2ae21b8b8c8636eb3a1cc6dd6d3fcbadf9109f4eed4cd5fa25947b2283f9a290 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c01715e5d6345319b4d1a096ebc1a41f |
| SHA1 | 233a8efee4e9ba2743bba1ab1c74b7ddc48f4c90 |
| SHA256 | 60f3e5e22e0c4a0d906e8a8b3031f3ea65a4a490627ff4772d478788d0c31b90 |
| SHA512 | 4db37b0730262beadfd214175ec65e2086a685ea1447e061b655d548ba1e0b9975e6d56675220294e8718a201ac1fbd2740f8a320d1c154e63d6c0ff4e400d9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e7079af8069e5677946d7c631ff10f4 |
| SHA1 | e7f25d3d29336b942ce34bb3bbe3ac53240da533 |
| SHA256 | 645dc83eb3f1a03ded5e58242fe1f4887d04ba4a543fd0551488cbbebdd8cd1c |
| SHA512 | 4760e37f4d4cc70738c2df54a39ca9023e0975f07bb1fa5824fd1adbfa63892eb05717f8cffa67363cdf5d2d25bf60767c2a9c5af4f04bdba21c5d54c874f5a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf0b067b5514fec6329132c4f8f3b225 |
| SHA1 | 3ce8f011de50249bc9bb1555af559cb34f4f6233 |
| SHA256 | 6615b995d44b7f29969c85a0c98755ac673422a8e39cf766a6e86c486bea53cb |
| SHA512 | d39bbe3ebbc73d31ddc3dc4475abfb35d727030d72781c147acbcdc165129d363c69a28259df18ae4df084a224b9ba01dd50b8e1eb58e8a6a4aa4a987f9e33ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2031380f3be7fd2cf33a9e7cdfddc8b4 |
| SHA1 | 4e106acccd86e91e02744697a3669c82248aa0b9 |
| SHA256 | ab3aa5c4a672c6dc0634c3933499c755194636a96759c4d369fcc459b8a85b23 |
| SHA512 | 04d7152295e6502de5d86700099fdc32fcf6fc0e48499d556eb809a2b0a9602c3d7744e261ad36a721042db3e55613de11ae65a77478d8cce733e958e9d79911 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2f98992cff73a74d0c9eeb9fd5e29ff |
| SHA1 | 54b6a46911516005425fd391f9d4e5dac921f6d2 |
| SHA256 | dafad8c02ba17fc6e385994b0a4739b26bf77694de7315463600ab359e62deed |
| SHA512 | 26fa29dd0dc8afd335d2cb475d5206b690223c9440a3c92a048fecfdc1363eae18a20232aff55d90d156f481097a3dd88b5e3c348d9df6604e70830f9556b63f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75fd189558e072e2ecfbfcb18f435696 |
| SHA1 | ca03d91f0d782b36cf6cf3cd90df8f5713b8b8de |
| SHA256 | ee330c64b0d13a9b332b3daf550389a96b215c0d423e11da2f51f712fe747df7 |
| SHA512 | 0428375771ca22e7534e0ef1b56b9a497f038f6bf7f413e074fab7633d9f9679fdb95981227f4f1c8a4a6322d8f5bd0d54343c9f5c68e9b3da11b9b5285e8067 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0f4dc05cd0889ee6c2ffe693b4832d6 |
| SHA1 | 16c803166255a7090c169ad313492ca6b8c50f60 |
| SHA256 | 0034786dee380398a6df9281a6a347a97f4705c535ff9202ac9f038b7efd9a63 |
| SHA512 | 47f3cd726014c1c97f8f94e8d986fce24ceb9c191d3e5e1cfc8af2b5fc0f3fc562d09923001669fcc1aaf5bf11813bca3d26a07fb5d8279a73c4dc378befd68c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 827b74532634b3d4ef3e86b363380522 |
| SHA1 | 73f29e9994c8e09833539c3e0c8c3053adbc9ec0 |
| SHA256 | b2a3f2f1aeff7b7dcfe23a5ed250d627ac20226e25f407f5a3387dd7794f16a6 |
| SHA512 | 83268cf5102c90fe8f5d97a9130b9d53bcfb5ebbfdc4fce33b0948550fc6136018736718a55b8e9f89094a7edb6b731441135f174cb10e20102c5be44d6b6158 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a562bf471dce2fec060a7992277dc7a |
| SHA1 | 6fcae21dd303480231e4fc28f5778af5b8280412 |
| SHA256 | c5d5bf5bb3c097ae98f5b9c669efd62bd6b1dd308d5bbeda92fd0368f9389d49 |
| SHA512 | ea041053680e152d513cf6e3594c60b22921792e4c02efb08edee8b23a8fc2a1075289672ff097ffaeb2ae03933012de2ebeb6a953007ad8a529f304a51309d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dd3e8db3b780a13657f732a2a41073f |
| SHA1 | 3eeac52fd99c86b8b9589817207dfc80087ffe3e |
| SHA256 | 589bf934d5c4d4d361e7f2f8b443bcb1b2e15be71d9f922f2819819db3d1d9db |
| SHA512 | c0bc2d9ec255d0991f83a3bf8cdb5f0c7ac6f15bda3bf7dbcbd916f2b2b726da39f2d499c08bbf32ce8dde8121454a164232f9af3f9e3d5ba3e154e5fad2c900 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f593eee629639c724d0ef4ff3b472f21 |
| SHA1 | bfa1b458a44e56576422b485be9d1faec64b4281 |
| SHA256 | 83bac4d28d311626d0fb92e601b4d06381c3c2131a0b23c3cfad2af27023ca78 |
| SHA512 | 43c6f33cb1d9e2f3c31f4b3abb0abe8165c6bf52360d67b2a977c527e59a32ec066f7451d06689d2ac5a802f3e9865884639b0f359cfb57873c42325bcf6e9e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a85d1b65d2c4efbb2832ba17d4650db |
| SHA1 | 6a975b29cd82d0a194e09b21ae0d71180f452b36 |
| SHA256 | d4e80092d8b1bd02f2917ae3c8d1fc8e2bae1a9d3a8e6b1628dd73f54d95fe21 |
| SHA512 | ebd236d41e82a8d527147ed0211a321792fa4cb800fc147fedc3f23a9b7e2f40b659928ca2a5982907b8bd38e7fdfc7e804cdee52dde8a886ed1695484285713 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7386eda5e44dbcb578b2896d6e6f6afd |
| SHA1 | 5375b81a5d3c4f84a5ec3a171903eb868e86a6a4 |
| SHA256 | 09046daf0a788daac28e1db2438e27f122148fd6df71e2a8af9d3c934c1eadbd |
| SHA512 | 5c36a3574aaef8bc0747b43d02fe9b9814da4aadb08afe0a7aff29061a6ae170a315018ecf6e3e858577d096c001da961bb997467198df6863de9e84020f7aa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7d81d7c40aa58ff159da9c7537b7ba2 |
| SHA1 | 3aa4f3717545904c8110e9c336b0a63f14b6910f |
| SHA256 | 7e99f22303b3d7e0436f3471df5a49ed918d91cf90b675eb0f92d812daf79287 |
| SHA512 | 1bd42b0230d1bafa9456e58b45162522f67ff3b415e042bfec2ed2a39fd12bc4cd93c4b5e94b83bab748e6a19a2400a48cf3882d590119629dddc4f80e6d4d0e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 14:49
Reported
2024-06-18 14:51
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo.exe | N/A |
Checks installed software on the system
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Loads dropped DLL
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoomus\WarnOnOpen = "0" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\ = "URL:Zoom Launcher" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomRecording | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomRecording\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",0" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall\ = "URL:ZoomPhoneCall Protocol" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\.zoommtg\Content Type = "application/x-zoommtg-launcher" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomLauncher\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\.zoom\ = "ZoomRecording" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\URL Protocol | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomLauncher | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomRecording\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\zTscoder.exe\" \"%1\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\.zoommtg\ = "ZoomLauncher" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher\Extension = ".zoommtg" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\.zoom | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomRecording\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\.zoommtg | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomRecording\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall\ = "URL:ZoomPhoneCall Protocol" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\UseOriginalUrlEncoding = "1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPbx.zoomphonecall\URL Protocol | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomRecording\ = "Zoom Recording File" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomRecording\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomLauncher\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\UseOriginalUrlEncoding = "1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\ = "URL:Zoom Launcher" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomRecording\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomPhoneCall\URL Protocol | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomLauncher\ = "Zoom Launcher - 3.0.1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomLauncher\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\ZoomLauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoommtg\URL Protocol | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\zoomus\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-18_3d5241ae5c8f5c2973b2573ea545999a_avoslocker_cobalt-strike_metamorfo.exe"
C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
"C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe --cid= --conf.no= --zc= --pwd= --pk= --tk= --browser= --sid= --stype= --token= --uid= --uname= --rtoken= --action=launch
C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe
C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe Zoom.exe --promptupdateaction=installed
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c 0x518
C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe
"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runaszvideo=TRUE
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.zoom.us | udp |
| US | 170.114.52.2:443 | www.zoom.us | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 2.17.107.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cdn.zoom.us | udp |
| US | 52.84.151.39:443 | cdn.zoom.us | tcp |
| US | 8.8.8.8:53 | 2.52.114.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.151.84.52.in-addr.arpa | udp |
| US | 170.114.52.2:443 | www.zoom.us | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| BE | 2.17.107.131:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | zoom.us | udp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 52.84.151.39:443 | cdn.zoom.us | tcp |
| US | 52.84.151.39:443 | cdn.zoom.us | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
| MD5 | 5e572810acb449f97c810fd677b3b98e |
| SHA1 | 543d44dea7c62e4471a035c78ed602e74e2a73b5 |
| SHA256 | 2536404bd2c99721aa6e47d98e6d2623215b5aa8eaff346aa46ba74ef166e7c6 |
| SHA512 | 37778a1ba5d206cfc68328bc2aa49e7dfd8819dbfb1935416b58e79662226e850c8f195397dd3a53c438591987b8878d044f0227d55d3283cc568b7524bb65fd |
C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi
| MD5 | ae77cc45bf77e8a42c5c5f5cc633bab6 |
| SHA1 | f392ebc9451b1c09ab730097037bcdd16795c21a |
| SHA256 | c8ca6e74d08d519367fee68fe0213a8b61062f03d6280c291b2a73f2d7d3e81e |
| SHA512 | 5b153f11be334692d7328784b95d476f99a1fa693e2b359ebde9fd644f60b405352206b8c9c070adce99f3c4cb782ecc335d35283b21c05206e3f5bafbd7d62d |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll
| MD5 | 351c11d22533527b9248923f8b186a7f |
| SHA1 | 0ac6c288f1f80b80167238c3d2802afa9e84dea0 |
| SHA256 | 813d49f3fb6781bd7c719c2bc8e0f6c804d1ace911bf024bf1a16c62926cc114 |
| SHA512 | f6e6fbc42f89df8217a8c85d8a5adf0bbe38a015ed22821dce721f1ebfcd032e8543a389bd9f83d2ea04b0c2a036ce3a8f6099f63aff96556d4154d2e53c8bf5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll
| MD5 | 3aac25823efbb713c8556d78ded16e6e |
| SHA1 | 7901f9bc36570a2a528098f8fc04269c5337f787 |
| SHA256 | b2ee051cef7fc58eb65ab87be2dde3d7739c4dc948b12d226972b2313cb3f51a |
| SHA512 | 1c4b900d23fd43543990d9bb27a108fc68617d745568e3c1f3a55ebb5e42b734b553aa13f8f5df8717b9f7abf6e53e3a7b4fdae36f5548ffdbcfd002c6f0567b |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll
| MD5 | 9185774eec412e306f35ffac450abe78 |
| SHA1 | 5d12a87105c8d9c81acee258fb6f104f3b077141 |
| SHA256 | 9b61311cd3cde980d7681eb747a5eaa849dd6a8065dc72e2d90cb9408108e2b8 |
| SHA512 | 34fede5f6257bb1df9094a01e773d41618e4b8dee6f13d18e42a63104c67eca02ea4b8a36a89b31395efb15b3ee0b372db5fcf9902e3dddc39c2c28ee6e6f8a5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cmmbiz.dll
| MD5 | 9296c922e51367ccb0d4669ce9098968 |
| SHA1 | 6e7f0ef46f0783915f543989a303e3f11ac03920 |
| SHA256 | 69636b3781c91ff5f233e3e2a3ebf7e202cf46d1ea031f4710cb50a88a89098a |
| SHA512 | 5647bdde45d3a113a2f41310df0f379156ad4ca54ab930dd36e02e57d54eb7b481835207061d39398653f819101a72223eaa911cb27884f603147c5f4c3c49ab |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll
| MD5 | 53802822d8bfd56b266ba24d85597d67 |
| SHA1 | ae8f806b165265f3cc346e7b6beadd9d8ab2c98b |
| SHA256 | b0bf5ff05fa5a5cdeea3b3f289c56a9767e786564e506f11b1fe42b95312c8f4 |
| SHA512 | 32576724d78197530f543eefd7b78151bfd1df1f69f3d714f07f981217600c3a32e8855e8158f1b84b4da5b3be9bafd5f409aec90d113aae36085d7a8aea3436 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe
| MD5 | cc9a0e6583d7a3a026abde10910d8442 |
| SHA1 | 8294592708a3440374a2d497960989886737863e |
| SHA256 | acb0f5fc27c97e8377fefd3c6fc6739090d440131afa7555aadc5db6230fcf41 |
| SHA512 | ca8741b1ec7bb03ddb2e0af0b96945b670a0932ce058ece43131225cb43e4732bc724139c4d89bcf9d04ae3b5416b0a7c42e257ad39e1e74f6dd7c4e6c6fdb36 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\crashrpt_lang.ini
| MD5 | fcf61aed8f093bfcf571cdd8f8162a05 |
| SHA1 | 8de8177798aae82d5bcc0870c1ca5365f5d9966d |
| SHA256 | 1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb |
| SHA512 | 8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll
| MD5 | ce7ffd179a3d5b267c29e0ed86bc9906 |
| SHA1 | 5c9da3e9a1d9061376fbc728d1fc3ce8320e757f |
| SHA256 | 8b0ee3364af6f124bbc3d0fd52ac472730a4008548b93b9418ffa4125fc187b5 |
| SHA512 | d55ac2374eb39a6fc107da1dbdfeb20024719ba42d57cf7f9d8dcad8656336ac067a3fdc270a25a48e5d232df93b3be178c4856a7535e704c902de40dd74b5e6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcrypto-3-zm.dll
| MD5 | 8501ffd5e8a0e3c06006716a8dd373bc |
| SHA1 | 2efcbd9b21c472e8e5516f4a8979a271ba86222d |
| SHA256 | dbec3f93f15e4090114c6bb32f93e75159555de4f9ca13ea5b617fd24e6ec63c |
| SHA512 | b56c9eea8bf93c62032435c115ab1f315d07e141db85c39e95f4d519da6c57745a502091e0f7bc84d748056f4b35963b9991b351c22e6a82d5f83669cec403e6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mcm.dll
| MD5 | 534c9f07f7b5a1795a92efc7f72ba1e4 |
| SHA1 | 773791c7e9617954a6e967a3b2dde85d0c8eac51 |
| SHA256 | 13b900b825f60ade153ceaec882e60ceab1779aa0946c53cdbe3f4b0e62aaadb |
| SHA512 | 0f346a2f87f406c68dd2c9f33d45725fbd1b96af6c9aec3ee6311f489cf86fc8ecc048c31c7fd681cdbfcd77b9cabf17e24338f83bd979fa92895023edefb05f |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\nydus.dll
| MD5 | 8626052bde592f2dbd68b83bcd963042 |
| SHA1 | 6a88e14837ab04870f410ece8d58a38c41fcd248 |
| SHA256 | 8e1a966228a5d7e40df4b19ceef03e5182888aed98029c43c0bf697d5c9f050b |
| SHA512 | 499a29796b88be321fa437d9d3d1da73a06d9268d0a31d9297715afe3dd4c05d36ac25469961baab5f08786da5e5690d2f87ad7e65ffa33c2bb4df3c6e18cb68 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\wr_ding.pcm
| MD5 | c9318cc2306bf6b1ee74a5987a8d371a |
| SHA1 | f482d3de9e8dd7c04344fab37d067a08233b64dd |
| SHA256 | 58cbaef9b7177a4e4427ceb303b852463964a5ac4e979055021eed1901ff164c |
| SHA512 | 04ccca6ed6c13872e8d967a9eceb7b485c5f0f7442259395773a1ef168fcf317e60e22ad2840579e4d8b849d1606190cf5dca0e00c2f88cd1891b8206e9a5ec6 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_stop.pcm
| MD5 | 0001fecb6b6e044d221fbc6a7e22e313 |
| SHA1 | c73a6506c92d9a1188aaa793afbfc1951cd5340a |
| SHA256 | 8cd8b4d3e8447d82dd045c7a3a8f175b97376c3db5895506cab0af6a0075226f |
| SHA512 | 1588169348727306e9c4ab444a7857924bcb88e4dca2be8e3526a2227cf117702c47431325df1c83f71da34bb35c28d1589eb3f59cffddbb3dbbe1d00d8d76de |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_start.pcm
| MD5 | ab8a5f2981e225d3edaacb520083835a |
| SHA1 | c60c383fdb6850cb5013065576de87610270fba7 |
| SHA256 | 193c4ffea3de04802e97e9e62fcd8533d8ca53e7306ba113a2234959b5262eb4 |
| SHA512 | 4381f709c5e9d0172027fd2fe65ce37b0444087d3e9d7864cd54651cdae6e8429653c02ebb7a55a5de194ccf0d674f376961b012b088e131a11b7352f1ba69dd |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong1.pcm
| MD5 | 8fe86d9e8aa5c709bb0563243172e580 |
| SHA1 | c22bb02d82516a66f8473dbb4209bf22bb60fa14 |
| SHA256 | 2fbbb9ae6a463b360e1459bee558dafa8d864db2423f0fe4d2c56d22c3f3a5a2 |
| SHA512 | 6c47e964421ebab2c0c6199b97fb9c61b0a228fc654abf2e4d2bbaeec9640be2a5acca92474dfdd0b43facc71c60a9c9ba727d300cadb6128ef1f3dcd9a6c10f |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong.pcm
| MD5 | 54511224e61e71d2915ff67e57dcb268 |
| SHA1 | ba45f16f12d2e29480952367c0c6bd34fcd16827 |
| SHA256 | 7aadf0e317831d287b51e41992b43f0f381ae48a312cb77a426eeb3b6129d6d7 |
| SHA512 | 46b4ea771328a25c6384d5cdff7643ced94dd446830b165f80fb69df2dd2754062dca0636604602a7ebad4ce29b3f8ef62a81f59cf5502bfc78468c8c67a41ff |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring_spatial.pcm
| MD5 | d60d149441ac263dcb477cc17f29cf35 |
| SHA1 | a5f8bb83e31164070b9b904a1af694f87be96a33 |
| SHA256 | 5358f9d08ca9c8f97c66109cc804d90d2d61c3d18a7c0da230299cbaab239b17 |
| SHA512 | af3ccdf19b7088e491ad98f0e23e448253c87fecaac9f9434fc49ff201750dfa22e1941a6bafc0faa4930e9bd9e2c3a8db38b4d10edc999b7034fa760e8d3758 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring.pcm
| MD5 | 15f886cbaee088418b6ffcc29115c64d |
| SHA1 | 9147beae4e9138ba609f67e75f9cbea7651ca307 |
| SHA256 | 29792a0893ed2457c3872c4418bdd71f5e6c1b8e5894c2c921f8a8f8d797d4dc |
| SHA512 | e5228897cffb5e05a7a66471c52089ddb682d544ac3b4ac312804883a2d335b60edb6236286dbfb6934ed12715709f8ffa09dc7014844acb89bb1b0e205a2daa |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll
| MD5 | 8fac14165e2a61ffbca3eb81335a726e |
| SHA1 | aa868f78764900b8ee49356f54d6981f5ab631bd |
| SHA256 | cf657edb8ec22878d954af73c020d8e4609f6b44ba3cb1310f5656f71ae646a9 |
| SHA512 | f73ef8e2bc70d50032f3d893812bb8c747aca8f5338071ec8fdf3a56d69d1fda60b023514d9dd6520566dba3b4607472ee27aba7d1b5a52c13655a81fc8865a6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll
| MD5 | 0b1439c61bceff53b6e26cbc75ef5f1b |
| SHA1 | c12573b72278c87082b3210e81444906f4b3bf4d |
| SHA256 | 2de65e8936ee472acd7ce6e366768b5284f77d05c4e8322c71326c5c65e0e6c7 |
| SHA512 | 4476166161dffb44a098f0c193e79d1ec25a66b332d7355d63a98c207b834e36f8403f2ccd7f3b4841ea74d6b8216b41ae3c1a2b569f4289d380cfebbc934770 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tp.dll
| MD5 | d580841038006d854e40d039f94eb6ef |
| SHA1 | 590945174374e0a8031c75c4f6899c125fa7abc2 |
| SHA256 | 45fce12c39ac0fe6055c67a82b5d75457a30a139736a305541e2b72a02915649 |
| SHA512 | 1bd5bca2b76338ff7ca4d096dc795deab4d0fc25e07f3561b653b19a55d36e08a3f91d37e0617091f5d077e9ead0c3d0e387e5faa6a72e9193e6b414212e9e4f |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll
| MD5 | 49167f33c981213aa56b79785124ab23 |
| SHA1 | 29b4469f5c3b15cc3185d160015070c656d22e9a |
| SHA256 | 37e8ffd6d314b9efa4addafd558837045cf477786fb56a947a346a98b3d6fac8 |
| SHA512 | 04c8392f3214264600917b30994d50fed1a56b0625a42a143597787263d796bc1497c7d5c5922aeee9f1ae909014a6ad7cfa127955661fe42686feacc7cd4d13 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\util.dll
| MD5 | 4eec71b1bef17002d0d4c1a6b39a9433 |
| SHA1 | 7c653b50c8d12a9bbb2782fbc1354f2061107876 |
| SHA256 | 84372429b5815bffbd54103f0febe899f0a5f199b4cd5fde1aa527c07b031527 |
| SHA512 | 12ed961d14d21df4400fed9f08d61a5ff64d455aea7a123441510ea713f4c4870b8f8ab9aeb103bb3375974f1cb117919241317b7e5735de18696b024140314f |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper.dll
| MD5 | ab3644725e3225fe1c443f1a55da3085 |
| SHA1 | dc866d495a8c9a6a818b571f9f1349daa3d2468f |
| SHA256 | 715f8d1e72a3b2d8d8801a6e34c114d155c4bf90dbd077f18a29418885ea721f |
| SHA512 | bc589cd25c4bf18044ba747c5fbc04470340e2796fcf8da3197c870756a4082d1d886859ff811cd16eb6768f5efa85190f1be3a92518ed28d25412dd46668c43 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll
| MD5 | da4c37f8889125e180cbc6f6c0be4b8b |
| SHA1 | fdc87c311779c9e9c502ca352e554d3fd2130f6f |
| SHA256 | b5c4ef6477399fada9f4e4ad72d47c3b539c67db43108b75237d9e4e7ff2527f |
| SHA512 | 841bd2315d0a355868a91e04b9d09634efb26d4d1be2a21aeffdd35831a979636bbd3230e615780a96ee4f489921227611e4f0b9e4a5ac74eacb7b3f5395cac5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll
| MD5 | 3fb0f9273a6b5b56977f350e2eac6e09 |
| SHA1 | c38be223d686857e62f41b5b78ec35f284710110 |
| SHA256 | cbbd2479077a5b829025fbdbc0dc6b98a0d28aebec055f8ed3451143056d903d |
| SHA512 | 699130c047f04c16ba1f4b85b62ab1e46bf9dbb57292b5a4cbdb482667eea5ec192dd228268c40677f4936d7875e0881f78b59edb79213fd7331403773b5074a |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll
| MD5 | 7c15ea6639ee9573d7490a40f2f2a44f |
| SHA1 | 51257a8a4cc55fca71f2b27e32500cd876af1022 |
| SHA256 | 9e4741e15f8c6487f4354247a88764ac02f05f044b2f2cbf8e35893f5ca65014 |
| SHA512 | 4d09403ee4bbaa85fe89f86c20ed9e3bfdc0d9b4c8b7925df4d82a3d977d64eb41a84d384a2d107f81cd783658cd1127531c16a0c29d9066f4caedefb917d2e6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll
| MD5 | e764d88d60b4f0bb420576a3f77b83b9 |
| SHA1 | ad8313f1457f1beff259dd1fae0920d760cf33b5 |
| SHA256 | 2ba05626917e47b714d245e946824a1a333a16172b0b9dc6b4f5f1fb507547f9 |
| SHA512 | 94c47efd8b1e5646d5893ea2bdd8745a514a2f35b60a29a576971410b181247cd288102df8350772ac96c9b2b094e55a4e230a7d6a81e91b927745d94342dd01 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll
| MD5 | 77834b3f4092b38a0687b97f2b340f58 |
| SHA1 | 994acdbd57bb04d8bb4556e4b3c5aadd96ee7b68 |
| SHA256 | 3afc3ebca4243e3f3ad66d2747bd3d99e886d77670bb66ccc4ae1d2ddb64f328 |
| SHA512 | 35c5453ec6d05ce472d28a453cc9d173a26da3b1c5f85eeb1ee6b8b0a7d24a6354e2b462727d6cea1b39facab9f372685cae7aad2fe86eaace204d7269b2b0e1 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll
| MD5 | a868f7af45652da384695b730bee044b |
| SHA1 | ca7bdac8be1712f484dfe98e54a8ceb396b6d342 |
| SHA256 | 612b9b1f8e64e2bc8c871563b38442e7cac81db909cdef46305224fe489939b9 |
| SHA512 | d3d9280b2b6c1401f244770bc17e2235ed8ef12ed04ab8cdf914e85c812c29300e91e9398d6a5c20150a717378b7c1106063581cf9f1dadee2bb41e570a38ff9 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll
| MD5 | 6320df1b0353527face88f81e1da9f9b |
| SHA1 | ef21783a834400482f59fbf4fdbd59504bcc3a57 |
| SHA256 | 8966c315fb28dac16fcc153e6cdca0e10bf412bc000983e07d7c0b25411bcd8c |
| SHA512 | 34ff7cba89b5147d8b1d2be4a8021a780bd75657ce5104c6eeaf519133f9374a32b92f7054b267f2bc5af298bed066fe1b653a95fddf13e9b0ae92ca069768e1 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zData.dll
| MD5 | 6af3d46c1313652da59ee31ec4607a74 |
| SHA1 | edef820408670f7f0efdb212567ff80c3c78579a |
| SHA256 | 301a0d45dac3669e8ced7208d1441a2dae233bbef515251453984ac8b377c485 |
| SHA512 | 70978141046edce0ce18d9a499e04aa8572caddb2b1f3a594ade6c5f8edea62c1c37e0f256068b50145db641fdfbccd38e5cc50ed39a8680e59b4a961d6c418d |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.exe
| MD5 | 19baec924ca56944b8a29ed2d399fac1 |
| SHA1 | a29f466e5c2c06427da79dfa10c6bce536663606 |
| SHA256 | 244a1df8fb18a5d5ed502cd1c4ef982a8c9a89b6c4385249cd99fd6784f5f340 |
| SHA512 | 92bbb0af832b564140e5e5cd9d2354f2bc833b1bd023ec257f85899faf83e3e19e08e4c697fb54226700fc3a046bbc5b83ee7b90eff5d18ddaed48e7e14aa944 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.dll
| MD5 | 9f399fc9451039dd23077a27c32360a4 |
| SHA1 | 050bc9814c69021de7fc3b8cec52547892ec55e5 |
| SHA256 | c342ed800bd359faecb3fa0f73c9eeff53669079bf558fabaddda164f81c00ea |
| SHA512 | 30357a6c22c274c249af636daa9899b50bd0ae69328dfe3a356f1ffcccb4db3eb5582142a021f874f857dcb654bd5c6065d3dc461fedc1a777a06dc06ce9fe3e |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll
| MD5 | 1e8d62f2f488bb9f57919abc107c337b |
| SHA1 | 9d8dbeeda57ff5263bda14ede5588576d87957a0 |
| SHA256 | 2da49e63d2a35be289fdbfd3bc0b504aa0440db0f207c2078fb654cfbf090de9 |
| SHA512 | cb00bdb4774916183a12a1c41e0c4b74a70cc17e7c2c6a95c4cad4ce372ff53bdaa4c1bd00ca779c1cca898e0036c9fa7b079daaf5751af1e0826ea0b63038cb |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zm6Res.dll
| MD5 | b97f38ff98f3fd80a208706319d651cf |
| SHA1 | 94d83bf7372fa8200f0049ef7245271bf84b1c94 |
| SHA256 | ef0176c308f3a7ae8878d583adce1f74e8db27deefcf3503e3623089ef6f28fe |
| SHA512 | 6b9b84abb81762fe850b674a437d1d92d73f45175c622ed2682ce789318e5d02eac46ac11bf4085fb0ab076284dcfc151437a8c24d7ffd427888d8eb4d7fb771 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zlt.dll
| MD5 | 1cfd891349d7c1fe288d7b2ea7932174 |
| SHA1 | ee7b60ce1659345665ec059fddd605e502258597 |
| SHA256 | 843f03c826cb713ac982a3dc1f58922333f57de5692849981f8a55d7d28aa0e8 |
| SHA512 | 4c3445075d91e454a3ee9ff941e879c85b7509e7cbf56df6d3ee72b5d0c043c9eb38d207abe050e40c403c5e2977addf783829fff157c461093020e3a37cc941 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmb.dll
| MD5 | 5050bf6933f115a7cfe70a5c00caf8fa |
| SHA1 | 7508158d34dca8e93d315dba305d07a6d088488c |
| SHA256 | cb68c61e19e804563c4e54bc92cdb92b7fa9d3fb27f6eadb014add5e8e812d9c |
| SHA512 | 3504423988b0d1fa5bf0499baab09df8db7d061b916c76525877d7bdd21a42d48301b7b6ab5028e197705c1f0ba9ddaa4fe569394d02ecbecf6c2fcd0979295b |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe
| MD5 | a3455bd29755628b6b28250803c753f6 |
| SHA1 | 3452ee9390aa7e5db4dde7aee7b5fa02fe353d6e |
| SHA256 | 4840fb290fd848b74e5a96e9a08bc9b1c6f6fe2f99c153b98b5705d3f4af81ef |
| SHA512 | 03f4507ba624aa2cd6d349cd5ca4634e4cd63842e7848be3c7185ef769c4a0bd6e00cc9321f7f5d647a4b362008db9ece64a1595903a75d1735d4b95ef4381eb |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml
| MD5 | 5226816dfc8c9cc491e9305e78541bc7 |
| SHA1 | aac8f504ef8d0ddded7a6451ff327882a468265d |
| SHA256 | 72742a9bbb0192e347c6e76c0b09d73d7edc211ba7c535b4771b5a316a51c776 |
| SHA512 | 3ebe73e52d1a117605477731df607fd6036eb45eafcbb4765c89f75b37707c23b227a87a46cf24490078ab88ed2029a60ec0352342ce67aa4411f4d0a8554407 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe
| MD5 | 15f6d0ef634ccbb06d07aa70a3ba89c6 |
| SHA1 | a550f71751406a13fbfbffed3a7c24cc75ba6b68 |
| SHA256 | 2294b1eff3b467ba58c47cd79fdac9b1bc2d80e2b2d296fba0e7eb93e4f53e59 |
| SHA512 | 4dcfe6034b49576d5337463cab26a66a9ef74acae0e21a5a2c6cf0185320c3e1ca76c014ad3cbe21dc8d5cd3bcbd91e2faf80620b44acf16f2d6e6edc7cea0e5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe
| MD5 | b6f7e985b53b60daff41bea91fc305df |
| SHA1 | 2fac9ab220933ed930ef723168d3a9a79170be96 |
| SHA256 | 44a07489caefb8ae0a08f0b6b748a240a7b87e188911a3a6792f796b66d253e5 |
| SHA512 | 623efefb59289494c645a81637474ad1e0b3aacea210a9dc8716092907ebec5080cdff05dbbc97fdf90c334ac825ca4ed5a59ed42115d2aeb4b067907c9c052e |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll
| MD5 | e63826f08f267558359aeacfd138c7cd |
| SHA1 | 2b23920c8675822886d74e24986832f1e02e3050 |
| SHA256 | e9fb35d3106c288acb4d4c7411a8a5277b49f7a6a3d6e06337986f16a0c7c97e |
| SHA512 | 1c85110c6394d5dc568b0714a4eb74757dcbfbdb01d01ba6e89d1eae818def8d7bc9b2aed6001da7ffea411b4033d59db0856682657b2924caba66416696579b |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll
| MD5 | 356079004e8ff1ff9974177c556d36af |
| SHA1 | 5fc8645cd5c30346683a1e5adf6eef9e8f79e40e |
| SHA256 | 04f84b2b83e8443d2e51a57484a6d5e1ed1787074b945d0f96053b9be431f3a6 |
| SHA512 | aa4ae26280f28d37baa91f9d621755dfef8577fb81fce2eb2077fa2c854c59407843beedffdc3465932355fc71b5cc7069f2039137e8f2b3fac11f42185819e0 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll
| MD5 | e6ef5cffc5b8d845c681b30c3796ad21 |
| SHA1 | 32cdc93a592773a12c41b6f02233cfd8f7bab73f |
| SHA256 | 945bec054088bb02e2cf5779024633dbcc22c68d786d3d979585f36e45441f90 |
| SHA512 | f6558b23b77e3ea2e94d6372278ecaf0fbdad6214f7c172f6b7f8fd20ab9eb5270bd84d0da60b270f63e20dc85a73c34c27c8f550cfeb43bc494ffade341db74 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cares.dll
| MD5 | 02e07b0c3ab69d2521532afb8e68d8d1 |
| SHA1 | e41c09a12e4dbfcf5b63ce1e74a6697e350c4930 |
| SHA256 | 9d374af34a390a7b436f721d8ae44cb1ca40b7e48dedd0bd23f6d2f144af2502 |
| SHA512 | a76421f128771df29d1d96047c92d83e1456c4e68f197cca56526e313b45969fd10d5cc5bd0edaa37fc4b49d331609300f3140beb2c422046a1452c664ac4256 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll
| MD5 | 89170d73d6a7e46c86f8e241994d4071 |
| SHA1 | d134d18825b7080454e395c4541327a988c3878d |
| SHA256 | ae1239b4f05bf059b0fc3525855a1da733845576efbf74dfb9edcc8474a3f79d |
| SHA512 | dffb874f060e49b09d8b9c54587a802267081fb216adac7a0a8f51e10aeab5f22ea5e1a3290d757982e8cd241a9506f10958955a57b0cd8c2c5d9665ff7ddbe2 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\annoter.dll
| MD5 | a40f946b9fa6cc2f4d39ad13a0cd7e1a |
| SHA1 | 82aa9cde8e181d5be0f7455dd20a98c515cc0624 |
| SHA256 | ae05a017e5be3d6521d243348e44b30a9939ae012e1ae7cb95fb385965eff1ac |
| SHA512 | 3ec05b01d6baa6891be7ffad08778a71699440a4f6510f48922d4467e4c46e9a1239955381865e3a89356679b690cb2fac019cd212e74b4cf8fe17fa27ce4a68 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll
| MD5 | a7d7c7d566d094f38a12e614445ca23c |
| SHA1 | 39dfdfafe5f3c9ad9474435b5d40d49d5c4303b2 |
| SHA256 | 1b98b48b82c8cf5a97ed130963150b752f6eede8f7f424925b8ac8468c5b1623 |
| SHA512 | f98e1f7eb0704ed8365a1ee2e8013700315d814c6af7298898ac07a3db74a62da160c1bae15a7906bf091ff03f5e82549fefab2fbe523a40dcc5c296ef64d923 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll
| MD5 | a7628252321611af920b847db0cf8d8d |
| SHA1 | 99fcdf6d291c30af8e0b666e76f5a7af7fd33192 |
| SHA256 | fd634d78df17a8248577b826a352dbc047c3d863ca79ef702bccc44f4de7afdb |
| SHA512 | b84c0a54597cdfc9d5cbcf72ccefd57a6ea4b9ba9330aa8e6e2396deeac6cdcec289ffa59ec1d317ee0900dbf65858fa6cc1ee83445bf2b7837db3cb7129ed9d |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZRCSdk.dll
| MD5 | c96919290e7199d1ea93a151a20401d1 |
| SHA1 | 70c21977dfc82ecb21fb3682dc5c4e967eafe0a8 |
| SHA256 | d4b357278aebab4013e0957a13a4eeca897d20e97317b841240fba77f58d1aa0 |
| SHA512 | f487aa1859f3448136e5b5dc68d147b1ec59a2f4372078fa9ac38bdf584df9e84cfddb415d4fdd02a20bd3c49bf87ac5549470704beaab83f489e19c7290b891 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll
| MD5 | e3bd48278d81b36c40ddc30df429e350 |
| SHA1 | a4898bd776b21f958dd02de9901bbf1a3903abb4 |
| SHA256 | cb6d0ee57770ec5ab139a662500da9af812882abcd862ba4d70a2e01c479bfbb |
| SHA512 | 490057d37bbf63e78ba0239d4bb3ec81428b3c919fb9071cb92b2e03975a1a7f758a4dfcae7128b2ba4e01f26e6bd718d4633ff432f695a8c039660e0595a437 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-medium.pcm
| MD5 | aa93ab138ec89cf7cfb8b4b0ea8990a6 |
| SHA1 | d13b139d666c76cb12e1c0280c1343770adc8aac |
| SHA256 | d754fc9d9378772b7a17a53e6598c9cfe4a0f3ec492f0ed30241020562f58509 |
| SHA512 | f91c59cf1b1645b24997a1201bddb52953c0904f855b78add275d71401e4f9e6bcef59fe1d7205e222470689dacf2d55ae752cc2be66bbee5258db284b42e6c6 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-high.pcm
| MD5 | c32f95839557340b4b4197a68847ca1d |
| SHA1 | 0feed637c4766b9b30ab6732259670f8c12c5538 |
| SHA256 | 0a16435cb3f7b8b1787476575ad646361e6fb4c07587df874940413de004dd08 |
| SHA512 | f5f0dd4a313ff6686bed5090aaa64885d319b8fba51fb2722b764668b26f06ce95164444652661b027e35f3c6928d3919422e4816bbb81bbd0f7914869004700 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\reslib.dll
| MD5 | 4d064cb7928188a4cf7addb5b98ac790 |
| SHA1 | b7cd219e1ee9eb32a9a3b2230beda2203eb0f861 |
| SHA256 | 29939d477c24afbde31b2e320afadc65a51cfd7dbe2a1841f916cff41986a5c6 |
| SHA512 | f8218c6bbbc19fb4540066ce2b3366c5983b0c6132e19f9eb86254a77c644be915e000de643b8bd723b52ad8534c33f5e812ab00a969df6b9039d85807ddedc9 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt
| MD5 | 7faec2006bb231d14b794a9f31769448 |
| SHA1 | c2b5a34fe521502f6fca3031201b47074f30f258 |
| SHA256 | 7ed2acca31a243ba107d8c12fddecd52462fd326d3d2c73b04d4cf10c76765ff |
| SHA512 | 777e0ec5d6b599fb0eabb8180fb6f302012ff12245e3de6a3dc568798cb057858eff18b08dacd28a72250236c4767abc2583670d92a946f684b45cb5144bd7e2 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\directui_license.txt
| MD5 | ab54b14548a4cc76dd7c27414d971111 |
| SHA1 | 68a3888b33ee1c5d5efb913846867c9a8788cadb |
| SHA256 | 6033476be3d1d41166b65984e2be94c87ac98dce55bfec887e932b696e859295 |
| SHA512 | cc8c4d90efedf4aeb3ba3b64ebd0e938576867618a334bccf3cb6790338c6a1da239393a618f6e6a1186cb363cb514ac9528ada51f0090fe2fc709e5c666d971 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll
| MD5 | c83538afd204193fe91d430ee53f49fa |
| SHA1 | 8166d3d82261adb68ea62fd2899dc70b69fadfd0 |
| SHA256 | c097891002a0acf22c6e835feb3b0a98055d8fbef3718d1aa296b14f6f416f30 |
| SHA512 | 45bf733ea0bc357bd9d9798f88b18ba96a5fa192df51c853b00ddc09211e1fc61c3c6f5ed3ebb58859761aa6c90a58d2519f9f722e7eac44208531d8ec91a04b |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll
| MD5 | 22340cf5cf73d4dbe4c5cc925d088063 |
| SHA1 | 7d73e645c265d1771b53adfc93cc354e7289aac8 |
| SHA256 | 76a5fc6f30b5d93eff59d713dfd3879012e19d079b5a98d82ce8d166536cde9b |
| SHA512 | 5a83ed7ca5604291a3d4f0ddfd1cbdf3aa61ed78e5cd81e29138aac572101d16e9b696ab6db1fe83a1c6e7f2ff0f0146c988020650748c3a94fccb3a97031680 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe
| MD5 | 11e06f55adbe5ec5d4d4f915037b895f |
| SHA1 | fb40e711c0ae602e662de0300c621885c3f7ff1b |
| SHA256 | 2fb14bd5d762d46f1cdb86778199fb033a8d5ee915aee82e11fc1a5df97c8c13 |
| SHA512 | 76631b3bceea8edc91b900bcb2bd451099a1559d7f52333680cf72a352c5d78f5d3f280a5a76f72901f7cc7bfb3e47509f3635e19a3203a49a56e6c49a59d564 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptService.exe
| MD5 | 59e15d5e981605b5ca57f2893de68e32 |
| SHA1 | 21784a3640861aa9194befcab6faf0cf92689eb7 |
| SHA256 | 764fa9d27d5dc877c1a7b278ef424999835b06bf0c11ada5d4603bc5554e481e |
| SHA512 | 7706639abaadd40d6303b4f5c4e54e6ee1343c71a15eeb43fa3a455b6c821e4d4cf8f5d0655708bd4afe2c31b2fa22f43d62b521edbfa8256c808814618449f6 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\leave.pcm
| MD5 | 3fcc19f6a199e97646a0ab32423c9332 |
| SHA1 | 05613b14d6c7336b24e9779963d245098e73b40c |
| SHA256 | efbd514b0ea241a560f1333cdbb90a9885d5c70c01ed032d11b8a672b1096a04 |
| SHA512 | b370ad863badd0d86d982eada1fd98306b686ef1cca4cc522558cbde40257effa96afd7327141beb08d9927a6b190e0047ad7978e87a41bf299f030c1cee121c |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll
| MD5 | c2f17ed9062323779ae4b8bafcd37d26 |
| SHA1 | e79ba9a04926c226eb3fe5dbc60bed775cec7752 |
| SHA256 | 2f2c05cdff9b32c9619d5fd794e7419b1b4baafea82daebfae8681d7e2eedd77 |
| SHA512 | cd7ac80eced616848d9cce7f1c84da71b315e989152242feb8b84b2862f0b116e444056d8486253f55c006706be657c496dbf1af0da85191116df32c432bb3db |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe
| MD5 | 512c7fe581f6be5d0b00834d83a88d17 |
| SHA1 | d8fa44c0f00289ce23cb4129db7af17d1f26fe10 |
| SHA256 | edbf04b1bd52a2cd31c0bdae6413990e58c5fd9228d38cc782a4f63ee8cdb004 |
| SHA512 | 88c37b38028658f4428f2f09738ff31f125e3664d0d12af70b1429b751e3c07508f01ac87788a41147ae8a78c178f803dc384c133f6d94b51f494e0410212781 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll
| MD5 | 510a35180701aa6792018ff26278f952 |
| SHA1 | 237d5b70fac4a24f19c0c096405d6e57035d9c6b |
| SHA256 | d3ddae370ce8bca15a495dd59d2dd79b90f8f0ef3152380abdba86d0e4bfd0b6 |
| SHA512 | d4da2cb5700c7fc9e408e28a89b1d0aa5fce0fed44740d2ab0425dbb1d6896c2d2fbbe8f0fb551fed1b7b30a81e87c27eb442d271b1654ba526120f6c32fd601 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll
| MD5 | b3fe4be216d09265840a772a24dbff38 |
| SHA1 | 19087908f4244a2cda13224c86c72838dbaebdd4 |
| SHA256 | afabd83ec16df75132283ce012c0ae14e8d780d7fc3f7dc7b94f80c1e8ae10f8 |
| SHA512 | 3d25ef88c2c1b4d9111ae20b1ba3906fc09c5cfc24406ca51ba7270989c0b9c751bac10f88f5bf6fd4fe8fcaf8486a9dd5fa74be7e0f683f5c0597f68a62104f |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt
| MD5 | 078690812af4ba8567fcc2af2ca1d307 |
| SHA1 | f4f94babc436555d2f5992e29aacc47433fbadb4 |
| SHA256 | e82bc3dd03400aecabe12201219ba14750dbc4b36faab58663a7a6068548d372 |
| SHA512 | f4e1f1092ab90f380a63ed1954023722d265e32f7f3d9b86100fbfa7d6ecd8c584a7dc22b4e3cc4182957136e2d765d0d6a293694b739377c09b076e5fe448fb |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll
| MD5 | 9efa4b13874c695f349a594cbb6eb061 |
| SHA1 | 06529d3a3af3dc42aaee7891f13c4b06c19f785f |
| SHA256 | cb8a235958fb8e9579f3c2fc7cf06bd9501e6623cc9ef1aa082cd0d02deaa17a |
| SHA512 | 64d46ab2dc4cb6473482d78891d465f3bdad43696106053d00267bb2a4f21481f2a78985d48d54f4202fcbae36dc9090eb1f135d98380322c486bb2781298096 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_chat_chime.pcm
| MD5 | b30a997b4a9df68d8796eef6f457f4aa |
| SHA1 | 23890fbc1f66c1061c60b8287659566c69b297d1 |
| SHA256 | f2ff5d73ee2a89135094ecb5165b30e351bb24ee4eeee95508f311eecdc9811f |
| SHA512 | 8cfc3b13d7c2ffa0438ab12669aef756bac76063cbf317e449e5ba4127c0604bab6fba793866857f4a68806e9ed779c0c521fc46c5ae3aab42de7c72d98613f4 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe
| MD5 | acb250c392580e5c857e057b8ba3b9f1 |
| SHA1 | c55838c4955e460cf1389e3dcd9b0be9c10a8f0a |
| SHA256 | ca7e602cd04673030a73e89dac5c45ee1694c8d9d0662098acc2589144f4bf50 |
| SHA512 | 9aec438a06e73f2249910ee67892f056379cbf6dd51048e8b0d48b3f018446fcbe8ce5d81447d20f981cdc8ba31e9aa348bb5fa317bc00f0d14b51242a6d86d9 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Droplet.pcm
| MD5 | 923d4747324854f50ecf69324741c8ca |
| SHA1 | 4c19f847fa8fdf55e27b2847bfe09789adfb9e59 |
| SHA256 | 3568dba00a55d25b736737a48163c13c1348afc5d4022a29ca0d3724d29ffe9f |
| SHA512 | 4ae265a89f693304fbeeb661d46d0cd96304083af75b5c245db63a632f40e08ca280a68f20115c6c38f5202801b29084633ffed4da16304689c4379f77693a0d |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_raisehand_chime.pcm
| MD5 | cd7d41d5204013ce176c99c225016d6d |
| SHA1 | 996ea48981e81ecb107cd77fd0d6e35edc4d4214 |
| SHA256 | cd9b81d47633fe9aa3f1020d895161de8c31797b365f93dfb22a60d920cc2eb3 |
| SHA512 | 44afe616a2596abc76cf9f862837b26c00e6214a08b61c6569e7ee07ab4331f4968d718889863cffc74ceed55ff377932432c7191dba4efdb638ea3b96badebc |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe
| MD5 | aedcb12bae7c5a414f7356e979001cf6 |
| SHA1 | 89edf14f3735e36cf89cafdca257644880fac1fe |
| SHA256 | b7e0ca1bb4dd76a0ba07007b3566bf0a8b032b382ac542565a7070887e14975e |
| SHA512 | 8f14258647cb0cf49a016043144b28b306926c1e7b84d9e3b559f003b3ba5724ecd48176540f7ecd706e90d566d636bbde25191241c409f794bb3309abc29585 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe
| MD5 | 21ad12d806a357f1e5213943b79bd189 |
| SHA1 | f550c05a7039b151e353b1ca2b246e8d7990af2a |
| SHA256 | d22dfec1e2446e50d26b8573c49e37c0f0290edb73eb3519c5d1eb8221498147 |
| SHA512 | ffec312978d6ed18ca4f95a5872049e631e95697ea9d02578d1ac8d6fbf7e8b7f685e681a163ebadad53c2d23f4ba8572e00371a13c7b2a245f96c1a594e5966 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll
| MD5 | 8ef1e20efde0c1f3e6878a27c5861c5f |
| SHA1 | 8cda8c4972f23faea33be4966f6099dcd5a24591 |
| SHA256 | 68716e17c9281c64ad844f3aa13804f6d3d374c1dc4161dbf0116b18cd8fdabd |
| SHA512 | facc1eb72a223db1527b35b84d40f5fe2304055e9cb56a621b2d3540078fdc95d98a7fea1c0f58d75eaacc94cbb9ce9d36632dd194aafb4c3439d164c84b4249 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll
| MD5 | d8f4b2be768437ce073126e899c8d554 |
| SHA1 | 80796913ddbbb3e37dd521b9551795657f17f4d8 |
| SHA256 | 80e78362465a7e2eca78f13b8c130105e245960deb8a8354cf22b6b9a02b99bd |
| SHA512 | f21a4a9cbd9208d10c5dbeee7e8311e3fb25525c76c0798d583bebe25446537c5fafe8566eac46ea154213b9b3ca0ef8a5647d6ee6aa2fe323c152f16b0a7979 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll
| MD5 | 86ea7832ba631ceff7fe008da3169cd9 |
| SHA1 | e6089e721411a79e986fa8ceab908950446e62f1 |
| SHA256 | 00740cc77dbf6eff3d02c8829eccf257509bd2b4ca531251461ba59189078bed |
| SHA512 | 89f9fd1b6516d1e8131c9ddf94bac979a360823419bed18e387d5d95dba166c30f172f07b9e64cda1aa722b08532502541879df18ec48943f05afa8b7e5cfb7a |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll
| MD5 | ffffd77b3850ab9057c26d0705c3c1c3 |
| SHA1 | 8cbd2e35f72451969543f5a31dfa999ee548973b |
| SHA256 | 6ffe8dcf16c71a1d39eeaf48a92731c2ed1d5b410eb400574d168aa0d230b707 |
| SHA512 | dedd369e6b19decb3945ec14856f9f2484d17438239dd54e20701a91340d837de923b895f0b8659cac0233cde4e8f6e6d7f381b01d6a25fc831ddef4411b1621 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll
| MD5 | 9514ab2a03b8f7965ccbc82ce2d59434 |
| SHA1 | 2736af9532eea7b9d4d5f529a4ed29b84845fc8c |
| SHA256 | f470cfb962fa8fa4a97d61c5727bfee527d380f6c5815e6fb33bca9c26d5e9b1 |
| SHA512 | 3ded17c1e9d079b39156f10e20e89bd4bb9da15a9acb6361312a5bc9cfcc516600bd50806ad2f10dd1140c349fddbb29f990cee5ca4851d3e8c20906ba1db2b6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll
| MD5 | c596f387fd98889da5af6f8cd1e0827c |
| SHA1 | 7ae054955b98cdbd946098eca8617ea24a8356fa |
| SHA256 | 067f2032fb36025ec33d9e644eaf3459b4e607fa71f07b01e8d72830afc17243 |
| SHA512 | addf34b8f68f921f0c9d35dfdffdd7c3b685e22cb5fbdeb7279b65b5554b12401f0bb401f00b33a63b1b96bfe3e747514a424b1a0c47ccf39c387097b49499c6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll
| MD5 | 4f0585a9667e6a29e9216922773cab1a |
| SHA1 | 12718380a204e27d00f9f335b7682089b8a60b90 |
| SHA256 | 00d65c3c7fc5a419bab16a4a1fd836f23e6ed108da962c982f5ac5a0e823b3a9 |
| SHA512 | 216efcf8d26268cd0350c15fa073e1577ae40c9928209d1877b3b1f6266e1eb6629712754a95796406ac8f8e18c5fdc63842856266abb46fee5bb303cbd21e28 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe
| MD5 | 30e9de73f90a218b08bc5a184564a72b |
| SHA1 | e6ad8c2b7b4a68c853afe5af8c8008c9225b2742 |
| SHA256 | 909624f1dfd36907645205092a429b2368abb52458851e8955d0e7d2e828997c |
| SHA512 | eb7766c4cb4484fdef881e21e319aa05aded0a9b3d6b7df770208085e423e498f0362797faf52fbaa47d3a0af43373ab1e5e3de7916390ddb9b8b5098262aba1 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll
| MD5 | 9a9df483ed55bd568cccdd7485804931 |
| SHA1 | 1c0d0363af131aab8cd81108c16354947007856f |
| SHA256 | ad5cfe82f102739d4cc15c3eb38a411525762520c9c4229c902f67dbab23c5fb |
| SHA512 | 0c989ea9e3c3ccfb7f8990098b1f5b0c7bfa311f83438aeb5047fdf3abcda872905927ddbd17245a9de2e73defd69dfee5271be2db254154c2f8e5478096de8d |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion_pause.pcm
| MD5 | fddc411010d812fb444d70781e253ed7 |
| SHA1 | 70f75fbb27a50f80e78c1c08485928ed0f05b3d9 |
| SHA256 | e8c8ae4267e1a14352d631418b4fb16d767e3d42aa9528adb5cf378a219b96f1 |
| SHA512 | 155176a313b5534963f1166139403301cdebc5ffc082d48058975da4f60e083ef25e21dc262e20f0414aed049b746d630bf668961ca486200c327ebc554c6488 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion.pcm
| MD5 | 388728657dd2d77d2257a90b9c935650 |
| SHA1 | 17c15f9be8b263c52dc165b3395d8d92e72ec313 |
| SHA256 | dafa23315ef2893d200a88b65b8f455e788acd616d0634c35385d460f07c6a61 |
| SHA512 | 5b4b298df61c4bafa4f2b4ffe2193ed331460ed922a17f2abedcd20f6f1b1af8719694299e367af0ba757ec3496d99fc67ff1963e27195ed30a95e5dbe97a2b5 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\archival.pcm
| MD5 | 2da32e501e9720b40d438ff7352a5573 |
| SHA1 | e59fdecd75b2c8cb4b26bb4a2b3c622dca8a2e3b |
| SHA256 | 5e7d1491e7d6969eb67646f87ab2dbf0ff1d1cb4f5cf631128a305e2b67d4a1b |
| SHA512 | 5da2c201bfd01fc1ef1724acb0f6fddd7be39f83b6fff5c80aef71c96f14d30c694da82b1c41183b2b9ab9ef99d45faa657c4f6a984f87a97aef08d9e824ccee |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll
| MD5 | c706460c19843dbb8337d06534f48e2a |
| SHA1 | 76a133ab4b2e3ecb88a1c9aeaa1531816ab5b00e |
| SHA256 | 4df8697c39a9a14adda5c8b98376ce41710dd96137495bfd84917119bd36a84c |
| SHA512 | 8f63f7e0dea66c286bc31c62a404315eeee13ab6616a2beed67a0cdb21a8389d4796363df884caf7b9c224455890c8b99c01cc4cb3cae0c25c8a7ab156373900 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetDiagnostic.dll
| MD5 | ada2be8b2401c084be6cf39e33995822 |
| SHA1 | e8b168a3066be60f73aafffced256c3e0f80cb5f |
| SHA256 | fe42caecaf785234f8be2c74525bdd40026c6a8ee124ee75ab379bd821e170d2 |
| SHA512 | 50376b2d86ed358fae5595de385fd12e329594d82611df6fb322187bc7ebebb2d3afd0c3cab7b72ba404fc731d5fe0cbb2da22c18be56e9bf5edc81f766dae0b |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_0.pcm
| MD5 | 285974390c5114e6a8e91a2d63266a38 |
| SHA1 | f5b5b5ce959380d0358c463e2dcb9cafbe709843 |
| SHA256 | 394c441e19f6d34b46baeb7820726f279bc71d21e6911070dbb58e67568ecb9c |
| SHA512 | de85e1fc198fa235bc233cfd45747c30a8247af71b83e8ca30800cd754e6c45ae2d9754e4de0d51e3f2aed26ff8cc829d29374960f3b434e48acbbdf530ebe43 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_1.pcm
| MD5 | 842932d135c62a4866c698cf415a13d1 |
| SHA1 | 7977e8280576cdfe14449e0522a824342899e21b |
| SHA256 | 1a5eb409a8dd747b37e24b3a7a0c3c8aa7c55778a9bf4a71f4bdf3b5ad298c5d |
| SHA512 | a34ae285e13cf25beb93153f1de77c6bb61941fd4d8f91b9689cb84d37204072ed4ddcf17a7f2319393db6383a949d4d0a8722245116f6aee8ef62524a403e29 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_2.pcm
| MD5 | d30328c7ec556e0fc8537d1a2316c418 |
| SHA1 | bbd09bfd865686297bc06ff35fbd5f56374e3dc3 |
| SHA256 | 37db0a7b3ab878fcdc1da65dc21c006daba8791c87ae37d000d516cdea9d4804 |
| SHA512 | 913c7f778f1a954c43c275e544689a528fc4a59d30f1d315359191de60f9bc9544bd322fc6842b63e8931e8f0ee8579f63a3e810f165d92a2f702ad3d8e5b6e2 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_4.pcm
| MD5 | 065ce5dc0d49c48589a3eb19603510fc |
| SHA1 | d0852569e60486c2d9206c35be826ac4d23f79be |
| SHA256 | c50e689f830fea83f82c6cb2e5472b3827c5635490f0d2b0e56c346bad616a64 |
| SHA512 | c4661a30868376a7ed681d4d984efcbb8af4a7449059f31225c63ce1cc88a3b4a7fba3e3047f2b29a0e0e437e8b4832e888f65ef86ea40c2063aa0f736c61307 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_5.pcm
| MD5 | 532231d1e36ea53a168830033cc0aec5 |
| SHA1 | 4407c14ffe5b12b7100db43fb011564269f702a0 |
| SHA256 | 83ef758561576bbaa981e976510b74eeeacc181834064ba7412eaf876cc25290 |
| SHA512 | 05bb2d8ae7cf3ead9dfbf05fef4983ebfd4f5a8991ba43a92191a1a97b485dcf17e315b9a8d39300c71be7114f15f0113a75c6648fcdfc46b46e6cfd2b3ca0fe |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_3.pcm
| MD5 | 3913cdfca0b0dfad1c11ab3cdb81dcbb |
| SHA1 | 92e17b1f78788d5b98bb539aaed018fd72244411 |
| SHA256 | f8902a24f7dd5f4355e684ac1cb0029992581c610ad011ed2c900f8957c104ad |
| SHA512 | 43d22a611b65e10b9bb4b8405a993a77618c24d8866032672d43911707ac9f6497826cb6c975ae422c7d61412d6bb2d2df0412fc7fadc0e5e5f84ea09c7475ff |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_a.pcm
| MD5 | 6a95093e7fe3117bb1e614fa9727bfdf |
| SHA1 | 1df81e069ed43aeaedd8dce9d1c8bf56fa6b96a7 |
| SHA256 | d705d27155e39da52d84034389fbc3953d98f2e7a6007c44cf0ea1bdda4b3bb5 |
| SHA512 | 925d6b17cec73d8ea98ddc3b55d17c6e014a5d4504251563c5d5d55a9b7f8caa43dcc6d7989bbce72a62e1708a54ab7b09bdd84f79da9010bfebf6cff7534c99 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_9.pcm
| MD5 | cedbfc417b6ea8e076c99471e4d746ad |
| SHA1 | 11d95a6490613c3d7f350f5525ae47ddf244a5f0 |
| SHA256 | c5e274011991477635400e5a2c81d3b6cc12c50a61267b0ecc70077cb92a9aa7 |
| SHA512 | 358120f75fb51a89979cbec3c1dd0227e286019025be9308e81f5e2f4c02cd9bb0022bed4db357d42990c5f0503aadb88963d7062382d9cd832440e12a338cd7 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_8.pcm
| MD5 | a9293ed20c46e09ebb87caf37e92f3be |
| SHA1 | dd6e3ca3ef79d26f71fe432a2d928e9177f13205 |
| SHA256 | 4c682a59d37c32715d7e82c1592fcfd51ceaaca7fc4464817f74d0c005a02372 |
| SHA512 | ae2572da5274f686ab5b2ca05c273e103e037f1b2d21775f86e780a6a4e97f61059387a063e86f276253011bdaf188b2ca20cb29ffca5803fce5cdd9a69f38a6 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_7.pcm
| MD5 | 4f9cb5dbacddb4099469ff30fb61490f |
| SHA1 | 0a338b3aaa04309584af7ee0f14f1767afbe1da7 |
| SHA256 | 79f7a132b33c6525ee483231a53b8298620700ab21343cfa70d716e96fd12b8f |
| SHA512 | 488fba0f24d2382dddd25c05531a5f61683f774dd86d41b652ce9473224607de9744a5a4463907930eb3b010e6f97f7b7d1ac5a9daba8453525735d338399a5a |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_6.pcm
| MD5 | a8e1e6ab27026fcc27307250e40dc64a |
| SHA1 | a3d1bcd57edd4aa3f52c259a5b72c120f040d583 |
| SHA256 | ffc6da3e558a9b25cc03249f675aff3bd3ac21d54435fa8b23f37cbaf54dded8 |
| SHA512 | c82fb729e9aa1fb56efae9b76f42567b871b2626c29945d0e6b51e4f876f43b97b8bc5f0bbaefa56cd8b881def405c6b8a44f331500f169de80aba120c98f766 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\double_beep.pcm
| MD5 | a2243b1ddd8cca6c40030020b57c606e |
| SHA1 | 9d0084832970caaf750335d5b27a3104623e2275 |
| SHA256 | e00dbb2ed88cd107bf384102e1353bb8d3a777dd9624a680579e4267080888d7 |
| SHA512 | 04ba003ef55787f3d19006e8a3489b861ab86834acec445ec463172f5530fe72472c0bb39f62ff8d0222f388b63a6b2e28f5919fbbccea416654d7cc13f68b49 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dll
| MD5 | a142c77ec7dfd200b9f4647f4e1ae16c |
| SHA1 | e657e5c861489e115235ab8309c41e1b14c73d21 |
| SHA256 | 7ca512df8287a3ecc0734de58ff85fb7c01516afd2bdf7cb67c79d4e5de305e8 |
| SHA512 | 24e5523405c667f7432ee64e179e658320cd932a6c4c8ea03c75cac1170df5571548c810b2d0230c6b075aa61b633e78a90c205d468b3606fa334752c3f4e0f0 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dll
| MD5 | 5f0d888f451381c52d62d46de3135cc7 |
| SHA1 | 9900789c8af4b8a8f9004e9481e36b96dce03844 |
| SHA256 | f9ac8dd5dac9b033be31a9604e5824c2cdf6ba31237f548c8c3b6bf808f2222e |
| SHA512 | f84fa3ca7723812615964e3c4eeee1c729786d9394074344754608297a0048c4eea50cc0cd479a8035a1d748fe4ce9013d517a29680d3377f0a1d35465b21998 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll
| MD5 | 202d6dcbdefa4d3186abb62c3dbe2ac1 |
| SHA1 | 3aa51e54226b14cbbbb46be5bb8d7db48746c48c |
| SHA256 | 6cede2720ba207e6958405fbe63f2c49bd098a78af9a3ebf6c88c59c3798e477 |
| SHA512 | 48ec7adb2710753cc8b1b6d32eb24170d0b007a73adf7aecd69b104aa2751ed580df8fc417aea871369aea0b922b8318db24cca8aa1a12e803e55b0fc28119e7 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\beep_intercom.pcm
| MD5 | 618a307ef3efad70399a6107cb1ce9e3 |
| SHA1 | 8b42e7fc116a27a3fa868db49b3d0204f42cd913 |
| SHA256 | 32567197286cbb2dffc282f7cae8d46d13af9d5e83bc98773a836904d244326f |
| SHA512 | 3181f538cf34e09de3ced6b702eb55654888b3b533a339eaff97f6f6da9014900f076c76ddd407c0c3736156a896fd23a07952c04c06664103cc74f317b8ea74 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\ring_pstn.pcm
| MD5 | f199df8ed884c5af8fd07aa0e046d19b |
| SHA1 | 507ca087de97053c4e65f4576f78157813e6c174 |
| SHA256 | 0a23d9800db639dd5f40ff0e1ca3df5729df7ab81affd1a02db445b4b0ab235b |
| SHA512 | 176a88eb7df30c78442c435f102f865e1f8c8a6d0fa03f1af823cf6b7a3c290e50df229b8775c9234f09a0ab5643410f5e00bb4eae550c13cb59ee3d4147d5f9 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_hash.pcm
| MD5 | 569480b0dfe8b64b44f72e5740a58230 |
| SHA1 | 6f4ed602780fdb7c3eda983bcb29007bcd8fbf77 |
| SHA256 | 1a256021a62abb1386eabe58974db5bac91c622f9fecddc9f87216c102c23628 |
| SHA512 | 89f6452afa3aee5265de3eac9ce0a5830163187abe6c5415141133a0b9c7ea091dfc198cad0b4662588b8f3785c93e310feccca3200b13af0c15caff7ab45d1a |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_star.pcm
| MD5 | 814b4f610592e7d68725f87b04dd5691 |
| SHA1 | 9e3f0489d1889b3201753730211fb14ea1fc1e21 |
| SHA256 | 719f8aa3842eef2b413eb8dff026c2b442acf051af040b295af595ef207dc32c |
| SHA512 | 929f10fc51e71759d375d82681f6b9106932b27e0cd39fcd0fbacc2359d1907631a912d34958628c651c37617bd4d5d9db93d321f0592c30d0294428890abbd0 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dll
| MD5 | 0365afad0263a5607ec9998eef39f00b |
| SHA1 | 9a2a6b0bbeac4536a127f022ad790bdf60d83948 |
| SHA256 | ad5a482c5450aa0138a9c5b1a4e7fc25608b4966b54ca8cc4a555ff528cdf866 |
| SHA512 | 3ac2fcfdfd6e6c1a02327541553d431051c817d3bfc2846580f373992d6d9f59f9af6d1b1d77d9f3d724912034e83c73ebd0e3ccf0dca7d185dd8b634833848b |
C:\Users\Admin\AppData\Roaming\Zoom\bin\ucrtbase.dll
| MD5 | 2040cdcd779bbebad36d36035c675d99 |
| SHA1 | 918bc19f55e656f6d6b1e4713604483eb997ea15 |
| SHA256 | 2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359 |
| SHA512 | 83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f |
C:\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll
| MD5 | 87dd91c56be82866bf96ef1666f30a99 |
| SHA1 | 3b78cb150110166ded8ea51fbde8ea506f72aeaf |
| SHA256 | 49b0fd1751342c253cac588dda82ec08e4ef43cebc5a9d80deb7928109b90c4f |
| SHA512 | 58c3ec6761624d14c7c897d8d0842dbeab200d445b4339905dac8a3635d174cdfb7b237d338d2829bc6c602c47503120af5be0c7de6abf2e71c81726285e44d6 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\msvcp140.dll
| MD5 | e0dd94aada0b034b212de071c33054da |
| SHA1 | 6c4f1b3f66d07bbcdcf41eb39b1480bb335efcc8 |
| SHA256 | 08442853f19ce4ff3acae37d87eab33ef81c4c6da62a3432d43253ba79842b64 |
| SHA512 | 76c877056f448e5dab820e990cc186ba886b2d331d689a99295aaff31a63aadb941c2693b0be98d53bd06cd8041a270eb82ddedfbde305cd9a85bcbe42fcf5a2 |
memory/3728-1039-0x000000006FA20000-0x0000000070232000-memory.dmp
C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini
| MD5 | f0f91f4e03bfe3e6a11a54744d41f968 |
| SHA1 | 21306de816420daad4f844275f3f5a182ce332b0 |
| SHA256 | 04ea4a39652a8ebdb5f397c138b08321bc1ec207afc54ad33f328053cac1d092 |
| SHA512 | 1acd7b000fb9645395c1bb637cd13d21f6c090ac7ac4c20d5b5fd773c42d8dfe509397439e25dc2fb2ae83c51bfe645125a7245eac6dff6384369889b34576fb |
C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini
| MD5 | 5ca10b25699bbc1bae024680bf2288f7 |
| SHA1 | 003859ae17ef0946f89e17b8540b2800884dce17 |
| SHA256 | 673304a16c941289e7d15041a1dae8c324eed03c1f201fea20d615d21d070741 |
| SHA512 | e01941e8c9556db8fd85ccd0bdb7b3c83e0c4dff975f82b0171a9521d0eea7d4f0d84a426c514075d49023828787dd50cbe8c3fbaf42ed0443648414359ab807 |
C:\Users\Admin\AppData\Local\Temp\ZCLIPS~1.zmdownload
| MD5 | 60d244f4abde9e6c5bc9e30c66af09c8 |
| SHA1 | 090cdb5302d9dd99e90fcdad208352f2cbc0449a |
| SHA256 | 89a6ee511368adea5fcf3d67a445ac4c66fbe1b2dc24ab2f9f72f724a4493d91 |
| SHA512 | cab41ce11f930c604fa9af9b5456f13df5ef193e6700c366dcb19a1259fc409f41f5ea367f453caa09ae55c63321813ec941339a17471c1d38396ced823ef093 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\zPSUI.dll
| MD5 | d0e0d6bfb9eb426077eb50611461e003 |
| SHA1 | 5c3afb225ef2fb1114b4a4a2000950c39d6d44da |
| SHA256 | fbf637c12bfccaf9a8f49181b96720af2d92589c7b215a260eb8404f01b5f638 |
| SHA512 | 1caa7b0389876b26542d0f0f44c5cafecce74b77a75fbae4681387566c0cc9c8f2a609735827edc2a2bc3f5c5ec9b4587c23591573dc95e70e3002e1c920f0d6 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\swscale_zm-6.dll
| MD5 | f18a4c8f5eb4dd9cab846ce0f3e4c5dc |
| SHA1 | 46210a22744c651a84fc3e82d21f9d4cacf4a2aa |
| SHA256 | d2eab1db26a74522506a65c3976b6bc51b83dd1cdf657d7eb811a27509a041ef |
| SHA512 | 90d2d57c15881e622e5e0b129023799f7be8d56985c47dfe009077c56027b21bd648ebd63e43d01d12fafad123440d0597405d049216f6ab5b339daaf25e3660 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\swresample_zm-4.dll
| MD5 | 7840ac35ee7ee9068e355706d39f74d5 |
| SHA1 | 8f8085632a8aab5394f1e67758587dc6a329442b |
| SHA256 | b75945ddd3f12904eafe049dcc880ce99c7a4f4e87543caeea3abd5f132d1a72 |
| SHA512 | cb60f7a4695d34eddf16653241a727da8d3ee3349257d84e53260af5e300dd274f242b787f84d7313dddb3422f24a6976f28ed705c292fb40a5c0b32b88301eb |
C:\Users\Admin\AppData\Roaming\Zoom\bin\avutil_zm-57.dll
| MD5 | 116ff1bd0056f114dbd7d260a324bc9e |
| SHA1 | e8a0553cc761d2a9b6d7ca48dd4724a953233e2b |
| SHA256 | f9634a206e2669e782a015aedbebe940799d3c7a14b181e3eaac048d5c30fde2 |
| SHA512 | 7f742bf7be6801b184d1886b7a4b096959216f9786b79987e300810d3444f97fc0ca51c89a406a5998646c85dd9b03a66501a8f28acb7f766b6457c33ded9885 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\avformat_zm-59.dll
| MD5 | 9323800d4631ff5d242c35b21f4401f0 |
| SHA1 | 5a1ddbb6a2833bcaf8f65b390a294f06b36c2dc4 |
| SHA256 | 6f53eafdc3f93d68c7690918b614c54ab505cc1d7528ac67cf9ce490f0ecf385 |
| SHA512 | cfa04d9a376ddc8d420107b9e7d58dbbe3b16e2bc7f7b31eb9322e0f4de1c7f58c5a6d57d6dd4110d73d6a32845fd2919bc11aa921149f8752ce54a232d6656d |
C:\Users\Admin\AppData\Roaming\Zoom\bin\avcodec_zm-59.dll
| MD5 | 5ffa29e40fdbd69a1cbe66fa3d374855 |
| SHA1 | 24cf9d81619ad02d5159fa2ced283f7c95b6d6bf |
| SHA256 | 54309e795bf119b7854ccc84c127cf91bfd07cd812def6163cc560322a5572fe |
| SHA512 | 3580f7bbd4cad6a6dc0ed1c6411f449fe21eb1ed5f6a8280fa31d1c9e5fc40ac832e1f7baed07a0f080bb3b69d851d4e75b8a2fc24789584ac0b07602f82900c |
C:\Users\Admin\AppData\Local\Temp\ZCOMPT~1.CAB
| MD5 | 6ba1ae543e15acda835f92ecdb5f83ba |
| SHA1 | 78ec81a6aa8f637d68b36093409515f0cf3a8820 |
| SHA256 | d4d1e9b2b44f6c6f4168f453f9b02748430b8360c6ed373ed66a3efbc6e101fa |
| SHA512 | e4d5c113035d85e7579e217dffac5897b15811d275f109c9dba349e4938f306db8555187fce097b322ab59749c86efea59796a99483f9a0b0337f5b4ed8b9580 |
memory/2908-1389-0x000000006A680000-0x000000006B070000-memory.dmp
C:\Users\Admin\AppData\Roaming\Zoom\bin\zPreMeetingApp.dll
| MD5 | 934e8d8bede8f9ebc555df66b1b349bc |
| SHA1 | cdf04716367cabeb72da34950d74a0b3d756b310 |
| SHA256 | 9c63eebb6b4e9f77a94564b15b09f9e0ffa2f4dfbf55ec0967b5ddb2b0911f45 |
| SHA512 | 9efa5ed77b19ab8179554eabed849dde6327a2c539fe9d86eeeb604c9e60f93209d40c37f880a0669dda11e4b7527e5b9758aacc37fd1ec286fdc015b72a603a |
C:\Users\Admin\AppData\Roaming\Zoom\bin\zAppUISdk.dll
| MD5 | 051253f740634990c0bacbe04bacfc96 |
| SHA1 | 3e32a1198a18e83bbb1eccd73b29c690c33b621f |
| SHA256 | b63f9c103d8cc115b5342ba22792a88bd5050d4c1ca489e3b82dfb7ae54baea2 |
| SHA512 | 15ca2258c0d9e77bae1cbe5a4a13a09f7d3e6750881d49d49cf208aad83e75e47033694634c1ffd016594e467d9645c03ecfc9c51e2d29c1f856bc18bbd16331 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\zDiagnostic.dll
| MD5 | 961d95d890dead1bc1e224fb6da45d48 |
| SHA1 | 28698bf1e420cb4c19e79f686aecb2abb6a19a17 |
| SHA256 | 4bd7736000b78270dbd030961f3cedf1e2a9ba2253710292997cdb29da0e5003 |
| SHA512 | 42b3e8c1acae72cf59b66146d45ee9aec8a238a85c6d0cd326098b484d49e6855a6743cfd4a63f7e345eb8e017f3b20800f2a7c8f83375f207de37aa8ce50fbe |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |