Malware Analysis Report

2024-09-09 18:08

Sample ID 240618-r8plassfjj
Target 2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo
SHA256 6826b60fcf9993178042f62c206c54a2ace4f8c114dbdd94601db464d6f16a59
Tags
defense_evasion discovery privilege_escalation
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

6826b60fcf9993178042f62c206c54a2ace4f8c114dbdd94601db464d6f16a59

Threat Level: Shows suspicious behavior

The file 2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery privilege_escalation

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Checks system information in the registry

Enumerates physical storage devices

Access Token Manipulation: Create Process with Token

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-18 14:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 14:52

Reported

2024-06-18 14:54

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424884232" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9031af438fc1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c1cfc630f3a200ffa576a1f0f9fdf0bf7336cf5aea74c42312dfa1eade245644000000000e800000000200002000000044085250add70d8241769203ff84a6ff61bf1d5d0e20747bb6e8e414e66ad56e200000000ee8c17030102b56a3559d8be6aeea9fd49963bdb08d46fb7b623df2912d495240000000f8fe7663a5d3096c87da07d349d334133b7c1c5e67f17abc6f4e8a6adfaff484c1937074a416659c59119a64ca52372deabf2b6a565884880770a8befa63155e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E1BBFD1-2D82-11EF-AE43-7A4B76010719} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000004c2867779884aefe665dc9c4911ad2cb85f0d4504de6745806898f4745ace5d0000000000e80000000020000200000005e8092c70e3a69187aa0071d7e607075fd187ebb542115d3c67476ceaf62662490000000f80461cf1630dfc8b0c9128b77d97cdb3fb3dfd3da46d37fbc3adb055552a729644cbcb5e9a68edee2aff0b40a286f9e713e28749da7912c9b706115322d9447d6f8f11eb20144318451c124fcd4f2e2e065c0ea57469f9c3fa3b441a68009a0fe551a624e6fe06d163d82291e4ae12d2aa4eeb5ff6ddca53457c4d10426cd068238fdd02ad2d8432c41e18043bc404440000000f1503cc8bb24567e5f5a46e82be3cf1ae8056da475881ba69ce73d54dd692ddf3fcd00c54f09b384ede7c8158ce1fb48dfad90682e97bf3237a7f9db6a1b61b5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://zoom.us/support/down4j?os=win&err=20030003&v=2_6_1

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.zoom.us udp
US 8.8.8.8:53 zoom.us udp
US 8.8.8.8:53 zoom.us udp
US 8.8.8.8:53 zoom.us udp

Files

memory/1668-0-0x0000000000340000-0x0000000000342000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-18 14:52

Reported

2024-06-18 14:54

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoomus\WarnOnOpen = "0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\UseOriginalUrlEncoding = "1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\ = "URL:ZoomPhoneCall Protocol" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\UseOriginalUrlEncoding = "1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\ = "URL:Zoom Launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoom\ = "ZoomRecording" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoommtg\ = "ZoomLauncher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoommtg\Content Type = "application/x-zoommtg-launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher\Extension = ".zoommtg" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\ = "Zoom Recording File" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\ = "Zoom Launcher - 3.0.1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\zTscoder.exe\" \"%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\ = "URL:ZoomPhoneCall Protocol" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\ = "URL:Zoom Launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoom C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe"

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

"C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe --cid= --conf.no= --zc= --pwd= --pk= --tk= --browser= --sid= --stype= --token= --uid= --uname= --rtoken= --action=launch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe Zoom.exe --promptupdateaction=installed

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2ec 0x530

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runaszvideo=TRUE

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.zoom.us udp
US 170.114.52.2:443 www.zoom.us tcp
US 8.8.8.8:53 2.52.114.170.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 cdn.zoom.us udp
US 52.84.151.41:443 cdn.zoom.us tcp
US 8.8.8.8:53 41.151.84.52.in-addr.arpa udp
US 170.114.52.2:443 www.zoom.us tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 35.166.122.92.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 zoom.us udp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 cdn.zoom.us udp
US 52.84.151.62:443 cdn.zoom.us tcp
US 52.84.151.62:443 cdn.zoom.us tcp
US 8.8.8.8:53 62.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

MD5 5e572810acb449f97c810fd677b3b98e
SHA1 543d44dea7c62e4471a035c78ed602e74e2a73b5
SHA256 2536404bd2c99721aa6e47d98e6d2623215b5aa8eaff346aa46ba74ef166e7c6
SHA512 37778a1ba5d206cfc68328bc2aa49e7dfd8819dbfb1935416b58e79662226e850c8f195397dd3a53c438591987b8878d044f0227d55d3283cc568b7524bb65fd

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi

MD5 ae77cc45bf77e8a42c5c5f5cc633bab6
SHA1 f392ebc9451b1c09ab730097037bcdd16795c21a
SHA256 c8ca6e74d08d519367fee68fe0213a8b61062f03d6280c291b2a73f2d7d3e81e
SHA512 5b153f11be334692d7328784b95d476f99a1fa693e2b359ebde9fd644f60b405352206b8c9c070adce99f3c4cb782ecc335d35283b21c05206e3f5bafbd7d62d

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\msaalib.dll

MD5 351c11d22533527b9248923f8b186a7f
SHA1 0ac6c288f1f80b80167238c3d2802afa9e84dea0
SHA256 813d49f3fb6781bd7c719c2bc8e0f6c804d1ace911bf024bf1a16c62926cc114
SHA512 f6e6fbc42f89df8217a8c85d8a5adf0bbe38a015ed22821dce721f1ebfcd032e8543a389bd9f83d2ea04b0c2a036ce3a8f6099f63aff96556d4154d2e53c8bf5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll

MD5 3aac25823efbb713c8556d78ded16e6e
SHA1 7901f9bc36570a2a528098f8fc04269c5337f787
SHA256 b2ee051cef7fc58eb65ab87be2dde3d7739c4dc948b12d226972b2313cb3f51a
SHA512 1c4b900d23fd43543990d9bb27a108fc68617d745568e3c1f3a55ebb5e42b734b553aa13f8f5df8717b9f7abf6e53e3a7b4fdae36f5548ffdbcfd002c6f0567b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll

MD5 9185774eec412e306f35ffac450abe78
SHA1 5d12a87105c8d9c81acee258fb6f104f3b077141
SHA256 9b61311cd3cde980d7681eb747a5eaa849dd6a8065dc72e2d90cb9408108e2b8
SHA512 34fede5f6257bb1df9094a01e773d41618e4b8dee6f13d18e42a63104c67eca02ea4b8a36a89b31395efb15b3ee0b372db5fcf9902e3dddc39c2c28ee6e6f8a5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cmmbiz.dll

MD5 9296c922e51367ccb0d4669ce9098968
SHA1 6e7f0ef46f0783915f543989a303e3f11ac03920
SHA256 69636b3781c91ff5f233e3e2a3ebf7e202cf46d1ea031f4710cb50a88a89098a
SHA512 5647bdde45d3a113a2f41310df0f379156ad4ca54ab930dd36e02e57d54eb7b481835207061d39398653f819101a72223eaa911cb27884f603147c5f4c3c49ab

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe

MD5 cc9a0e6583d7a3a026abde10910d8442
SHA1 8294592708a3440374a2d497960989886737863e
SHA256 acb0f5fc27c97e8377fefd3c6fc6739090d440131afa7555aadc5db6230fcf41
SHA512 ca8741b1ec7bb03ddb2e0af0b96945b670a0932ce058ece43131225cb43e4732bc724139c4d89bcf9d04ae3b5416b0a7c42e257ad39e1e74f6dd7c4e6c6fdb36

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll

MD5 53802822d8bfd56b266ba24d85597d67
SHA1 ae8f806b165265f3cc346e7b6beadd9d8ab2c98b
SHA256 b0bf5ff05fa5a5cdeea3b3f289c56a9767e786564e506f11b1fe42b95312c8f4
SHA512 32576724d78197530f543eefd7b78151bfd1df1f69f3d714f07f981217600c3a32e8855e8158f1b84b4da5b3be9bafd5f409aec90d113aae36085d7a8aea3436

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll

MD5 ce7ffd179a3d5b267c29e0ed86bc9906
SHA1 5c9da3e9a1d9061376fbc728d1fc3ce8320e757f
SHA256 8b0ee3364af6f124bbc3d0fd52ac472730a4008548b93b9418ffa4125fc187b5
SHA512 d55ac2374eb39a6fc107da1dbdfeb20024719ba42d57cf7f9d8dcad8656336ac067a3fdc270a25a48e5d232df93b3be178c4856a7535e704c902de40dd74b5e6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\crashrpt_lang.ini

MD5 fcf61aed8f093bfcf571cdd8f8162a05
SHA1 8de8177798aae82d5bcc0870c1ca5365f5d9966d
SHA256 1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb
SHA512 8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcrypto-3-zm.dll

MD5 8501ffd5e8a0e3c06006716a8dd373bc
SHA1 2efcbd9b21c472e8e5516f4a8979a271ba86222d
SHA256 dbec3f93f15e4090114c6bb32f93e75159555de4f9ca13ea5b617fd24e6ec63c
SHA512 b56c9eea8bf93c62032435c115ab1f315d07e141db85c39e95f4d519da6c57745a502091e0f7bc84d748056f4b35963b9991b351c22e6a82d5f83669cec403e6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mcm.dll

MD5 534c9f07f7b5a1795a92efc7f72ba1e4
SHA1 773791c7e9617954a6e967a3b2dde85d0c8eac51
SHA256 13b900b825f60ade153ceaec882e60ceab1779aa0946c53cdbe3f4b0e62aaadb
SHA512 0f346a2f87f406c68dd2c9f33d45725fbd1b96af6c9aec3ee6311f489cf86fc8ecc048c31c7fd681cdbfcd77b9cabf17e24338f83bd979fa92895023edefb05f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\nydus.dll

MD5 8626052bde592f2dbd68b83bcd963042
SHA1 6a88e14837ab04870f410ece8d58a38c41fcd248
SHA256 8e1a966228a5d7e40df4b19ceef03e5182888aed98029c43c0bf697d5c9f050b
SHA512 499a29796b88be321fa437d9d3d1da73a06d9268d0a31d9297715afe3dd4c05d36ac25469961baab5f08786da5e5690d2f87ad7e65ffa33c2bb4df3c6e18cb68

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring.pcm

MD5 15f886cbaee088418b6ffcc29115c64d
SHA1 9147beae4e9138ba609f67e75f9cbea7651ca307
SHA256 29792a0893ed2457c3872c4418bdd71f5e6c1b8e5894c2c921f8a8f8d797d4dc
SHA512 e5228897cffb5e05a7a66471c52089ddb682d544ac3b4ac312804883a2d335b60edb6236286dbfb6934ed12715709f8ffa09dc7014844acb89bb1b0e205a2daa

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\wr_ding.pcm

MD5 c9318cc2306bf6b1ee74a5987a8d371a
SHA1 f482d3de9e8dd7c04344fab37d067a08233b64dd
SHA256 58cbaef9b7177a4e4427ceb303b852463964a5ac4e979055021eed1901ff164c
SHA512 04ccca6ed6c13872e8d967a9eceb7b485c5f0f7442259395773a1ef168fcf317e60e22ad2840579e4d8b849d1606190cf5dca0e00c2f88cd1891b8206e9a5ec6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_stop.pcm

MD5 0001fecb6b6e044d221fbc6a7e22e313
SHA1 c73a6506c92d9a1188aaa793afbfc1951cd5340a
SHA256 8cd8b4d3e8447d82dd045c7a3a8f175b97376c3db5895506cab0af6a0075226f
SHA512 1588169348727306e9c4ab444a7857924bcb88e4dca2be8e3526a2227cf117702c47431325df1c83f71da34bb35c28d1589eb3f59cffddbb3dbbe1d00d8d76de

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_start.pcm

MD5 ab8a5f2981e225d3edaacb520083835a
SHA1 c60c383fdb6850cb5013065576de87610270fba7
SHA256 193c4ffea3de04802e97e9e62fcd8533d8ca53e7306ba113a2234959b5262eb4
SHA512 4381f709c5e9d0172027fd2fe65ce37b0444087d3e9d7864cd54651cdae6e8429653c02ebb7a55a5de194ccf0d674f376961b012b088e131a11b7352f1ba69dd

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong1.pcm

MD5 8fe86d9e8aa5c709bb0563243172e580
SHA1 c22bb02d82516a66f8473dbb4209bf22bb60fa14
SHA256 2fbbb9ae6a463b360e1459bee558dafa8d864db2423f0fe4d2c56d22c3f3a5a2
SHA512 6c47e964421ebab2c0c6199b97fb9c61b0a228fc654abf2e4d2bbaeec9640be2a5acca92474dfdd0b43facc71c60a9c9ba727d300cadb6128ef1f3dcd9a6c10f

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong.pcm

MD5 54511224e61e71d2915ff67e57dcb268
SHA1 ba45f16f12d2e29480952367c0c6bd34fcd16827
SHA256 7aadf0e317831d287b51e41992b43f0f381ae48a312cb77a426eeb3b6129d6d7
SHA512 46b4ea771328a25c6384d5cdff7643ced94dd446830b165f80fb69df2dd2754062dca0636604602a7ebad4ce29b3f8ef62a81f59cf5502bfc78468c8c67a41ff

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring_spatial.pcm

MD5 d60d149441ac263dcb477cc17f29cf35
SHA1 a5f8bb83e31164070b9b904a1af694f87be96a33
SHA256 5358f9d08ca9c8f97c66109cc804d90d2d61c3d18a7c0da230299cbaab239b17
SHA512 af3ccdf19b7088e491ad98f0e23e448253c87fecaac9f9434fc49ff201750dfa22e1941a6bafc0faa4930e9bd9e2c3a8db38b4d10edc999b7034fa760e8d3758

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll

MD5 8fac14165e2a61ffbca3eb81335a726e
SHA1 aa868f78764900b8ee49356f54d6981f5ab631bd
SHA256 cf657edb8ec22878d954af73c020d8e4609f6b44ba3cb1310f5656f71ae646a9
SHA512 f73ef8e2bc70d50032f3d893812bb8c747aca8f5338071ec8fdf3a56d69d1fda60b023514d9dd6520566dba3b4607472ee27aba7d1b5a52c13655a81fc8865a6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll

MD5 0b1439c61bceff53b6e26cbc75ef5f1b
SHA1 c12573b72278c87082b3210e81444906f4b3bf4d
SHA256 2de65e8936ee472acd7ce6e366768b5284f77d05c4e8322c71326c5c65e0e6c7
SHA512 4476166161dffb44a098f0c193e79d1ec25a66b332d7355d63a98c207b834e36f8403f2ccd7f3b4841ea74d6b8216b41ae3c1a2b569f4289d380cfebbc934770

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tp.dll

MD5 d580841038006d854e40d039f94eb6ef
SHA1 590945174374e0a8031c75c4f6899c125fa7abc2
SHA256 45fce12c39ac0fe6055c67a82b5d75457a30a139736a305541e2b72a02915649
SHA512 1bd5bca2b76338ff7ca4d096dc795deab4d0fc25e07f3561b653b19a55d36e08a3f91d37e0617091f5d077e9ead0c3d0e387e5faa6a72e9193e6b414212e9e4f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll

MD5 49167f33c981213aa56b79785124ab23
SHA1 29b4469f5c3b15cc3185d160015070c656d22e9a
SHA256 37e8ffd6d314b9efa4addafd558837045cf477786fb56a947a346a98b3d6fac8
SHA512 04c8392f3214264600917b30994d50fed1a56b0625a42a143597787263d796bc1497c7d5c5922aeee9f1ae909014a6ad7cfa127955661fe42686feacc7cd4d13

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\util.dll

MD5 4eec71b1bef17002d0d4c1a6b39a9433
SHA1 7c653b50c8d12a9bbb2782fbc1354f2061107876
SHA256 84372429b5815bffbd54103f0febe899f0a5f199b4cd5fde1aa527c07b031527
SHA512 12ed961d14d21df4400fed9f08d61a5ff64d455aea7a123441510ea713f4c4870b8f8ab9aeb103bb3375974f1cb117919241317b7e5735de18696b024140314f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper.dll

MD5 ab3644725e3225fe1c443f1a55da3085
SHA1 dc866d495a8c9a6a818b571f9f1349daa3d2468f
SHA256 715f8d1e72a3b2d8d8801a6e34c114d155c4bf90dbd077f18a29418885ea721f
SHA512 bc589cd25c4bf18044ba747c5fbc04470340e2796fcf8da3197c870756a4082d1d886859ff811cd16eb6768f5efa85190f1be3a92518ed28d25412dd46668c43

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll

MD5 da4c37f8889125e180cbc6f6c0be4b8b
SHA1 fdc87c311779c9e9c502ca352e554d3fd2130f6f
SHA256 b5c4ef6477399fada9f4e4ad72d47c3b539c67db43108b75237d9e4e7ff2527f
SHA512 841bd2315d0a355868a91e04b9d09634efb26d4d1be2a21aeffdd35831a979636bbd3230e615780a96ee4f489921227611e4f0b9e4a5ac74eacb7b3f5395cac5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll

MD5 7c15ea6639ee9573d7490a40f2f2a44f
SHA1 51257a8a4cc55fca71f2b27e32500cd876af1022
SHA256 9e4741e15f8c6487f4354247a88764ac02f05f044b2f2cbf8e35893f5ca65014
SHA512 4d09403ee4bbaa85fe89f86c20ed9e3bfdc0d9b4c8b7925df4d82a3d977d64eb41a84d384a2d107f81cd783658cd1127531c16a0c29d9066f4caedefb917d2e6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll

MD5 3fb0f9273a6b5b56977f350e2eac6e09
SHA1 c38be223d686857e62f41b5b78ec35f284710110
SHA256 cbbd2479077a5b829025fbdbc0dc6b98a0d28aebec055f8ed3451143056d903d
SHA512 699130c047f04c16ba1f4b85b62ab1e46bf9dbb57292b5a4cbdb482667eea5ec192dd228268c40677f4936d7875e0881f78b59edb79213fd7331403773b5074a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll

MD5 e764d88d60b4f0bb420576a3f77b83b9
SHA1 ad8313f1457f1beff259dd1fae0920d760cf33b5
SHA256 2ba05626917e47b714d245e946824a1a333a16172b0b9dc6b4f5f1fb507547f9
SHA512 94c47efd8b1e5646d5893ea2bdd8745a514a2f35b60a29a576971410b181247cd288102df8350772ac96c9b2b094e55a4e230a7d6a81e91b927745d94342dd01

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll

MD5 77834b3f4092b38a0687b97f2b340f58
SHA1 994acdbd57bb04d8bb4556e4b3c5aadd96ee7b68
SHA256 3afc3ebca4243e3f3ad66d2747bd3d99e886d77670bb66ccc4ae1d2ddb64f328
SHA512 35c5453ec6d05ce472d28a453cc9d173a26da3b1c5f85eeb1ee6b8b0a7d24a6354e2b462727d6cea1b39facab9f372685cae7aad2fe86eaace204d7269b2b0e1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll

MD5 a868f7af45652da384695b730bee044b
SHA1 ca7bdac8be1712f484dfe98e54a8ceb396b6d342
SHA256 612b9b1f8e64e2bc8c871563b38442e7cac81db909cdef46305224fe489939b9
SHA512 d3d9280b2b6c1401f244770bc17e2235ed8ef12ed04ab8cdf914e85c812c29300e91e9398d6a5c20150a717378b7c1106063581cf9f1dadee2bb41e570a38ff9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll

MD5 6320df1b0353527face88f81e1da9f9b
SHA1 ef21783a834400482f59fbf4fdbd59504bcc3a57
SHA256 8966c315fb28dac16fcc153e6cdca0e10bf412bc000983e07d7c0b25411bcd8c
SHA512 34ff7cba89b5147d8b1d2be4a8021a780bd75657ce5104c6eeaf519133f9374a32b92f7054b267f2bc5af298bed066fe1b653a95fddf13e9b0ae92ca069768e1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.dll

MD5 9f399fc9451039dd23077a27c32360a4
SHA1 050bc9814c69021de7fc3b8cec52547892ec55e5
SHA256 c342ed800bd359faecb3fa0f73c9eeff53669079bf558fabaddda164f81c00ea
SHA512 30357a6c22c274c249af636daa9899b50bd0ae69328dfe3a356f1ffcccb4db3eb5582142a021f874f857dcb654bd5c6065d3dc461fedc1a777a06dc06ce9fe3e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.exe

MD5 19baec924ca56944b8a29ed2d399fac1
SHA1 a29f466e5c2c06427da79dfa10c6bce536663606
SHA256 244a1df8fb18a5d5ed502cd1c4ef982a8c9a89b6c4385249cd99fd6784f5f340
SHA512 92bbb0af832b564140e5e5cd9d2354f2bc833b1bd023ec257f85899faf83e3e19e08e4c697fb54226700fc3a046bbc5b83ee7b90eff5d18ddaed48e7e14aa944

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zData.dll

MD5 6af3d46c1313652da59ee31ec4607a74
SHA1 edef820408670f7f0efdb212567ff80c3c78579a
SHA256 301a0d45dac3669e8ced7208d1441a2dae233bbef515251453984ac8b377c485
SHA512 70978141046edce0ce18d9a499e04aa8572caddb2b1f3a594ade6c5f8edea62c1c37e0f256068b50145db641fdfbccd38e5cc50ed39a8680e59b4a961d6c418d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll

MD5 1e8d62f2f488bb9f57919abc107c337b
SHA1 9d8dbeeda57ff5263bda14ede5588576d87957a0
SHA256 2da49e63d2a35be289fdbfd3bc0b504aa0440db0f207c2078fb654cfbf090de9
SHA512 cb00bdb4774916183a12a1c41e0c4b74a70cc17e7c2c6a95c4cad4ce372ff53bdaa4c1bd00ca779c1cca898e0036c9fa7b079daaf5751af1e0826ea0b63038cb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zm6Res.dll

MD5 b97f38ff98f3fd80a208706319d651cf
SHA1 94d83bf7372fa8200f0049ef7245271bf84b1c94
SHA256 ef0176c308f3a7ae8878d583adce1f74e8db27deefcf3503e3623089ef6f28fe
SHA512 6b9b84abb81762fe850b674a437d1d92d73f45175c622ed2682ce789318e5d02eac46ac11bf4085fb0ab076284dcfc151437a8c24d7ffd427888d8eb4d7fb771

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zlt.dll

MD5 1cfd891349d7c1fe288d7b2ea7932174
SHA1 ee7b60ce1659345665ec059fddd605e502258597
SHA256 843f03c826cb713ac982a3dc1f58922333f57de5692849981f8a55d7d28aa0e8
SHA512 4c3445075d91e454a3ee9ff941e879c85b7509e7cbf56df6d3ee72b5d0c043c9eb38d207abe050e40c403c5e2977addf783829fff157c461093020e3a37cc941

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmb.dll

MD5 5050bf6933f115a7cfe70a5c00caf8fa
SHA1 7508158d34dca8e93d315dba305d07a6d088488c
SHA256 cb68c61e19e804563c4e54bc92cdb92b7fa9d3fb27f6eadb014add5e8e812d9c
SHA512 3504423988b0d1fa5bf0499baab09df8db7d061b916c76525877d7bdd21a42d48301b7b6ab5028e197705c1f0ba9ddaa4fe569394d02ecbecf6c2fcd0979295b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe

MD5 a3455bd29755628b6b28250803c753f6
SHA1 3452ee9390aa7e5db4dde7aee7b5fa02fe353d6e
SHA256 4840fb290fd848b74e5a96e9a08bc9b1c6f6fe2f99c153b98b5705d3f4af81ef
SHA512 03f4507ba624aa2cd6d349cd5ca4634e4cd63842e7848be3c7185ef769c4a0bd6e00cc9321f7f5d647a4b362008db9ece64a1595903a75d1735d4b95ef4381eb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml

MD5 5226816dfc8c9cc491e9305e78541bc7
SHA1 aac8f504ef8d0ddded7a6451ff327882a468265d
SHA256 72742a9bbb0192e347c6e76c0b09d73d7edc211ba7c535b4771b5a316a51c776
SHA512 3ebe73e52d1a117605477731df607fd6036eb45eafcbb4765c89f75b37707c23b227a87a46cf24490078ab88ed2029a60ec0352342ce67aa4411f4d0a8554407

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe

MD5 15f6d0ef634ccbb06d07aa70a3ba89c6
SHA1 a550f71751406a13fbfbffed3a7c24cc75ba6b68
SHA256 2294b1eff3b467ba58c47cd79fdac9b1bc2d80e2b2d296fba0e7eb93e4f53e59
SHA512 4dcfe6034b49576d5337463cab26a66a9ef74acae0e21a5a2c6cf0185320c3e1ca76c014ad3cbe21dc8d5cd3bcbd91e2faf80620b44acf16f2d6e6edc7cea0e5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe

MD5 b6f7e985b53b60daff41bea91fc305df
SHA1 2fac9ab220933ed930ef723168d3a9a79170be96
SHA256 44a07489caefb8ae0a08f0b6b748a240a7b87e188911a3a6792f796b66d253e5
SHA512 623efefb59289494c645a81637474ad1e0b3aacea210a9dc8716092907ebec5080cdff05dbbc97fdf90c334ac825ca4ed5a59ed42115d2aeb4b067907c9c052e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll

MD5 e63826f08f267558359aeacfd138c7cd
SHA1 2b23920c8675822886d74e24986832f1e02e3050
SHA256 e9fb35d3106c288acb4d4c7411a8a5277b49f7a6a3d6e06337986f16a0c7c97e
SHA512 1c85110c6394d5dc568b0714a4eb74757dcbfbdb01d01ba6e89d1eae818def8d7bc9b2aed6001da7ffea411b4033d59db0856682657b2924caba66416696579b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll

MD5 356079004e8ff1ff9974177c556d36af
SHA1 5fc8645cd5c30346683a1e5adf6eef9e8f79e40e
SHA256 04f84b2b83e8443d2e51a57484a6d5e1ed1787074b945d0f96053b9be431f3a6
SHA512 aa4ae26280f28d37baa91f9d621755dfef8577fb81fce2eb2077fa2c854c59407843beedffdc3465932355fc71b5cc7069f2039137e8f2b3fac11f42185819e0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll

MD5 e6ef5cffc5b8d845c681b30c3796ad21
SHA1 32cdc93a592773a12c41b6f02233cfd8f7bab73f
SHA256 945bec054088bb02e2cf5779024633dbcc22c68d786d3d979585f36e45441f90
SHA512 f6558b23b77e3ea2e94d6372278ecaf0fbdad6214f7c172f6b7f8fd20ab9eb5270bd84d0da60b270f63e20dc85a73c34c27c8f550cfeb43bc494ffade341db74

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll

MD5 89170d73d6a7e46c86f8e241994d4071
SHA1 d134d18825b7080454e395c4541327a988c3878d
SHA256 ae1239b4f05bf059b0fc3525855a1da733845576efbf74dfb9edcc8474a3f79d
SHA512 dffb874f060e49b09d8b9c54587a802267081fb216adac7a0a8f51e10aeab5f22ea5e1a3290d757982e8cd241a9506f10958955a57b0cd8c2c5d9665ff7ddbe2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cares.dll

MD5 02e07b0c3ab69d2521532afb8e68d8d1
SHA1 e41c09a12e4dbfcf5b63ce1e74a6697e350c4930
SHA256 9d374af34a390a7b436f721d8ae44cb1ca40b7e48dedd0bd23f6d2f144af2502
SHA512 a76421f128771df29d1d96047c92d83e1456c4e68f197cca56526e313b45969fd10d5cc5bd0edaa37fc4b49d331609300f3140beb2c422046a1452c664ac4256

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\annoter.dll

MD5 a40f946b9fa6cc2f4d39ad13a0cd7e1a
SHA1 82aa9cde8e181d5be0f7455dd20a98c515cc0624
SHA256 ae05a017e5be3d6521d243348e44b30a9939ae012e1ae7cb95fb385965eff1ac
SHA512 3ec05b01d6baa6891be7ffad08778a71699440a4f6510f48922d4467e4c46e9a1239955381865e3a89356679b690cb2fac019cd212e74b4cf8fe17fa27ce4a68

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll

MD5 a7d7c7d566d094f38a12e614445ca23c
SHA1 39dfdfafe5f3c9ad9474435b5d40d49d5c4303b2
SHA256 1b98b48b82c8cf5a97ed130963150b752f6eede8f7f424925b8ac8468c5b1623
SHA512 f98e1f7eb0704ed8365a1ee2e8013700315d814c6af7298898ac07a3db74a62da160c1bae15a7906bf091ff03f5e82549fefab2fbe523a40dcc5c296ef64d923

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll

MD5 a7628252321611af920b847db0cf8d8d
SHA1 99fcdf6d291c30af8e0b666e76f5a7af7fd33192
SHA256 fd634d78df17a8248577b826a352dbc047c3d863ca79ef702bccc44f4de7afdb
SHA512 b84c0a54597cdfc9d5cbcf72ccefd57a6ea4b9ba9330aa8e6e2396deeac6cdcec289ffa59ec1d317ee0900dbf65858fa6cc1ee83445bf2b7837db3cb7129ed9d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZRCSdk.dll

MD5 c96919290e7199d1ea93a151a20401d1
SHA1 70c21977dfc82ecb21fb3682dc5c4e967eafe0a8
SHA256 d4b357278aebab4013e0957a13a4eeca897d20e97317b841240fba77f58d1aa0
SHA512 f487aa1859f3448136e5b5dc68d147b1ec59a2f4372078fa9ac38bdf584df9e84cfddb415d4fdd02a20bd3c49bf87ac5549470704beaab83f489e19c7290b891

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-high.pcm

MD5 c32f95839557340b4b4197a68847ca1d
SHA1 0feed637c4766b9b30ab6732259670f8c12c5538
SHA256 0a16435cb3f7b8b1787476575ad646361e6fb4c07587df874940413de004dd08
SHA512 f5f0dd4a313ff6686bed5090aaa64885d319b8fba51fb2722b764668b26f06ce95164444652661b027e35f3c6928d3919422e4816bbb81bbd0f7914869004700

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-medium.pcm

MD5 aa93ab138ec89cf7cfb8b4b0ea8990a6
SHA1 d13b139d666c76cb12e1c0280c1343770adc8aac
SHA256 d754fc9d9378772b7a17a53e6598c9cfe4a0f3ec492f0ed30241020562f58509
SHA512 f91c59cf1b1645b24997a1201bddb52953c0904f855b78add275d71401e4f9e6bcef59fe1d7205e222470689dacf2d55ae752cc2be66bbee5258db284b42e6c6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll

MD5 e3bd48278d81b36c40ddc30df429e350
SHA1 a4898bd776b21f958dd02de9901bbf1a3903abb4
SHA256 cb6d0ee57770ec5ab139a662500da9af812882abcd862ba4d70a2e01c479bfbb
SHA512 490057d37bbf63e78ba0239d4bb3ec81428b3c919fb9071cb92b2e03975a1a7f758a4dfcae7128b2ba4e01f26e6bd718d4633ff432f695a8c039660e0595a437

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\reslib.dll

MD5 4d064cb7928188a4cf7addb5b98ac790
SHA1 b7cd219e1ee9eb32a9a3b2230beda2203eb0f861
SHA256 29939d477c24afbde31b2e320afadc65a51cfd7dbe2a1841f916cff41986a5c6
SHA512 f8218c6bbbc19fb4540066ce2b3366c5983b0c6132e19f9eb86254a77c644be915e000de643b8bd723b52ad8534c33f5e812ab00a969df6b9039d85807ddedc9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll

MD5 c83538afd204193fe91d430ee53f49fa
SHA1 8166d3d82261adb68ea62fd2899dc70b69fadfd0
SHA256 c097891002a0acf22c6e835feb3b0a98055d8fbef3718d1aa296b14f6f416f30
SHA512 45bf733ea0bc357bd9d9798f88b18ba96a5fa192df51c853b00ddc09211e1fc61c3c6f5ed3ebb58859761aa6c90a58d2519f9f722e7eac44208531d8ec91a04b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt

MD5 7faec2006bb231d14b794a9f31769448
SHA1 c2b5a34fe521502f6fca3031201b47074f30f258
SHA256 7ed2acca31a243ba107d8c12fddecd52462fd326d3d2c73b04d4cf10c76765ff
SHA512 777e0ec5d6b599fb0eabb8180fb6f302012ff12245e3de6a3dc568798cb057858eff18b08dacd28a72250236c4767abc2583670d92a946f684b45cb5144bd7e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\directui_license.txt

MD5 ab54b14548a4cc76dd7c27414d971111
SHA1 68a3888b33ee1c5d5efb913846867c9a8788cadb
SHA256 6033476be3d1d41166b65984e2be94c87ac98dce55bfec887e932b696e859295
SHA512 cc8c4d90efedf4aeb3ba3b64ebd0e938576867618a334bccf3cb6790338c6a1da239393a618f6e6a1186cb363cb514ac9528ada51f0090fe2fc709e5c666d971

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll

MD5 22340cf5cf73d4dbe4c5cc925d088063
SHA1 7d73e645c265d1771b53adfc93cc354e7289aac8
SHA256 76a5fc6f30b5d93eff59d713dfd3879012e19d079b5a98d82ce8d166536cde9b
SHA512 5a83ed7ca5604291a3d4f0ddfd1cbdf3aa61ed78e5cd81e29138aac572101d16e9b696ab6db1fe83a1c6e7f2ff0f0146c988020650748c3a94fccb3a97031680

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe

MD5 11e06f55adbe5ec5d4d4f915037b895f
SHA1 fb40e711c0ae602e662de0300c621885c3f7ff1b
SHA256 2fb14bd5d762d46f1cdb86778199fb033a8d5ee915aee82e11fc1a5df97c8c13
SHA512 76631b3bceea8edc91b900bcb2bd451099a1559d7f52333680cf72a352c5d78f5d3f280a5a76f72901f7cc7bfb3e47509f3635e19a3203a49a56e6c49a59d564

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\leave.pcm

MD5 3fcc19f6a199e97646a0ab32423c9332
SHA1 05613b14d6c7336b24e9779963d245098e73b40c
SHA256 efbd514b0ea241a560f1333cdbb90a9885d5c70c01ed032d11b8a672b1096a04
SHA512 b370ad863badd0d86d982eada1fd98306b686ef1cca4cc522558cbde40257effa96afd7327141beb08d9927a6b190e0047ad7978e87a41bf299f030c1cee121c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll

MD5 c2f17ed9062323779ae4b8bafcd37d26
SHA1 e79ba9a04926c226eb3fe5dbc60bed775cec7752
SHA256 2f2c05cdff9b32c9619d5fd794e7419b1b4baafea82daebfae8681d7e2eedd77
SHA512 cd7ac80eced616848d9cce7f1c84da71b315e989152242feb8b84b2862f0b116e444056d8486253f55c006706be657c496dbf1af0da85191116df32c432bb3db

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptService.exe

MD5 59e15d5e981605b5ca57f2893de68e32
SHA1 21784a3640861aa9194befcab6faf0cf92689eb7
SHA256 764fa9d27d5dc877c1a7b278ef424999835b06bf0c11ada5d4603bc5554e481e
SHA512 7706639abaadd40d6303b4f5c4e54e6ee1343c71a15eeb43fa3a455b6c821e4d4cf8f5d0655708bd4afe2c31b2fa22f43d62b521edbfa8256c808814618449f6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe

MD5 512c7fe581f6be5d0b00834d83a88d17
SHA1 d8fa44c0f00289ce23cb4129db7af17d1f26fe10
SHA256 edbf04b1bd52a2cd31c0bdae6413990e58c5fd9228d38cc782a4f63ee8cdb004
SHA512 88c37b38028658f4428f2f09738ff31f125e3664d0d12af70b1429b751e3c07508f01ac87788a41147ae8a78c178f803dc384c133f6d94b51f494e0410212781

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll

MD5 510a35180701aa6792018ff26278f952
SHA1 237d5b70fac4a24f19c0c096405d6e57035d9c6b
SHA256 d3ddae370ce8bca15a495dd59d2dd79b90f8f0ef3152380abdba86d0e4bfd0b6
SHA512 d4da2cb5700c7fc9e408e28a89b1d0aa5fce0fed44740d2ab0425dbb1d6896c2d2fbbe8f0fb551fed1b7b30a81e87c27eb442d271b1654ba526120f6c32fd601

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll

MD5 b3fe4be216d09265840a772a24dbff38
SHA1 19087908f4244a2cda13224c86c72838dbaebdd4
SHA256 afabd83ec16df75132283ce012c0ae14e8d780d7fc3f7dc7b94f80c1e8ae10f8
SHA512 3d25ef88c2c1b4d9111ae20b1ba3906fc09c5cfc24406ca51ba7270989c0b9c751bac10f88f5bf6fd4fe8fcaf8486a9dd5fa74be7e0f683f5c0597f68a62104f

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt

MD5 078690812af4ba8567fcc2af2ca1d307
SHA1 f4f94babc436555d2f5992e29aacc47433fbadb4
SHA256 e82bc3dd03400aecabe12201219ba14750dbc4b36faab58663a7a6068548d372
SHA512 f4e1f1092ab90f380a63ed1954023722d265e32f7f3d9b86100fbfa7d6ecd8c584a7dc22b4e3cc4182957136e2d765d0d6a293694b739377c09b076e5fe448fb

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_chat_chime.pcm

MD5 b30a997b4a9df68d8796eef6f457f4aa
SHA1 23890fbc1f66c1061c60b8287659566c69b297d1
SHA256 f2ff5d73ee2a89135094ecb5165b30e351bb24ee4eeee95508f311eecdc9811f
SHA512 8cfc3b13d7c2ffa0438ab12669aef756bac76063cbf317e449e5ba4127c0604bab6fba793866857f4a68806e9ed779c0c521fc46c5ae3aab42de7c72d98613f4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe

MD5 acb250c392580e5c857e057b8ba3b9f1
SHA1 c55838c4955e460cf1389e3dcd9b0be9c10a8f0a
SHA256 ca7e602cd04673030a73e89dac5c45ee1694c8d9d0662098acc2589144f4bf50
SHA512 9aec438a06e73f2249910ee67892f056379cbf6dd51048e8b0d48b3f018446fcbe8ce5d81447d20f981cdc8ba31e9aa348bb5fa317bc00f0d14b51242a6d86d9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Droplet.pcm

MD5 923d4747324854f50ecf69324741c8ca
SHA1 4c19f847fa8fdf55e27b2847bfe09789adfb9e59
SHA256 3568dba00a55d25b736737a48163c13c1348afc5d4022a29ca0d3724d29ffe9f
SHA512 4ae265a89f693304fbeeb661d46d0cd96304083af75b5c245db63a632f40e08ca280a68f20115c6c38f5202801b29084633ffed4da16304689c4379f77693a0d

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_raisehand_chime.pcm

MD5 cd7d41d5204013ce176c99c225016d6d
SHA1 996ea48981e81ecb107cd77fd0d6e35edc4d4214
SHA256 cd9b81d47633fe9aa3f1020d895161de8c31797b365f93dfb22a60d920cc2eb3
SHA512 44afe616a2596abc76cf9f862837b26c00e6214a08b61c6569e7ee07ab4331f4968d718889863cffc74ceed55ff377932432c7191dba4efdb638ea3b96badebc

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll

MD5 9efa4b13874c695f349a594cbb6eb061
SHA1 06529d3a3af3dc42aaee7891f13c4b06c19f785f
SHA256 cb8a235958fb8e9579f3c2fc7cf06bd9501e6623cc9ef1aa082cd0d02deaa17a
SHA512 64d46ab2dc4cb6473482d78891d465f3bdad43696106053d00267bb2a4f21481f2a78985d48d54f4202fcbae36dc9090eb1f135d98380322c486bb2781298096

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe

MD5 21ad12d806a357f1e5213943b79bd189
SHA1 f550c05a7039b151e353b1ca2b246e8d7990af2a
SHA256 d22dfec1e2446e50d26b8573c49e37c0f0290edb73eb3519c5d1eb8221498147
SHA512 ffec312978d6ed18ca4f95a5872049e631e95697ea9d02578d1ac8d6fbf7e8b7f685e681a163ebadad53c2d23f4ba8572e00371a13c7b2a245f96c1a594e5966

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe

MD5 aedcb12bae7c5a414f7356e979001cf6
SHA1 89edf14f3735e36cf89cafdca257644880fac1fe
SHA256 b7e0ca1bb4dd76a0ba07007b3566bf0a8b032b382ac542565a7070887e14975e
SHA512 8f14258647cb0cf49a016043144b28b306926c1e7b84d9e3b559f003b3ba5724ecd48176540f7ecd706e90d566d636bbde25191241c409f794bb3309abc29585

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll

MD5 8ef1e20efde0c1f3e6878a27c5861c5f
SHA1 8cda8c4972f23faea33be4966f6099dcd5a24591
SHA256 68716e17c9281c64ad844f3aa13804f6d3d374c1dc4161dbf0116b18cd8fdabd
SHA512 facc1eb72a223db1527b35b84d40f5fe2304055e9cb56a621b2d3540078fdc95d98a7fea1c0f58d75eaacc94cbb9ce9d36632dd194aafb4c3439d164c84b4249

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll

MD5 d8f4b2be768437ce073126e899c8d554
SHA1 80796913ddbbb3e37dd521b9551795657f17f4d8
SHA256 80e78362465a7e2eca78f13b8c130105e245960deb8a8354cf22b6b9a02b99bd
SHA512 f21a4a9cbd9208d10c5dbeee7e8311e3fb25525c76c0798d583bebe25446537c5fafe8566eac46ea154213b9b3ca0ef8a5647d6ee6aa2fe323c152f16b0a7979

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll

MD5 86ea7832ba631ceff7fe008da3169cd9
SHA1 e6089e721411a79e986fa8ceab908950446e62f1
SHA256 00740cc77dbf6eff3d02c8829eccf257509bd2b4ca531251461ba59189078bed
SHA512 89f9fd1b6516d1e8131c9ddf94bac979a360823419bed18e387d5d95dba166c30f172f07b9e64cda1aa722b08532502541879df18ec48943f05afa8b7e5cfb7a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll

MD5 ffffd77b3850ab9057c26d0705c3c1c3
SHA1 8cbd2e35f72451969543f5a31dfa999ee548973b
SHA256 6ffe8dcf16c71a1d39eeaf48a92731c2ed1d5b410eb400574d168aa0d230b707
SHA512 dedd369e6b19decb3945ec14856f9f2484d17438239dd54e20701a91340d837de923b895f0b8659cac0233cde4e8f6e6d7f381b01d6a25fc831ddef4411b1621

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll

MD5 c596f387fd98889da5af6f8cd1e0827c
SHA1 7ae054955b98cdbd946098eca8617ea24a8356fa
SHA256 067f2032fb36025ec33d9e644eaf3459b4e607fa71f07b01e8d72830afc17243
SHA512 addf34b8f68f921f0c9d35dfdffdd7c3b685e22cb5fbdeb7279b65b5554b12401f0bb401f00b33a63b1b96bfe3e747514a424b1a0c47ccf39c387097b49499c6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll

MD5 9514ab2a03b8f7965ccbc82ce2d59434
SHA1 2736af9532eea7b9d4d5f529a4ed29b84845fc8c
SHA256 f470cfb962fa8fa4a97d61c5727bfee527d380f6c5815e6fb33bca9c26d5e9b1
SHA512 3ded17c1e9d079b39156f10e20e89bd4bb9da15a9acb6361312a5bc9cfcc516600bd50806ad2f10dd1140c349fddbb29f990cee5ca4851d3e8c20906ba1db2b6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll

MD5 4f0585a9667e6a29e9216922773cab1a
SHA1 12718380a204e27d00f9f335b7682089b8a60b90
SHA256 00d65c3c7fc5a419bab16a4a1fd836f23e6ed108da962c982f5ac5a0e823b3a9
SHA512 216efcf8d26268cd0350c15fa073e1577ae40c9928209d1877b3b1f6266e1eb6629712754a95796406ac8f8e18c5fdc63842856266abb46fee5bb303cbd21e28

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe

MD5 30e9de73f90a218b08bc5a184564a72b
SHA1 e6ad8c2b7b4a68c853afe5af8c8008c9225b2742
SHA256 909624f1dfd36907645205092a429b2368abb52458851e8955d0e7d2e828997c
SHA512 eb7766c4cb4484fdef881e21e319aa05aded0a9b3d6b7df770208085e423e498f0362797faf52fbaa47d3a0af43373ab1e5e3de7916390ddb9b8b5098262aba1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll

MD5 9a9df483ed55bd568cccdd7485804931
SHA1 1c0d0363af131aab8cd81108c16354947007856f
SHA256 ad5cfe82f102739d4cc15c3eb38a411525762520c9c4229c902f67dbab23c5fb
SHA512 0c989ea9e3c3ccfb7f8990098b1f5b0c7bfa311f83438aeb5047fdf3abcda872905927ddbd17245a9de2e73defd69dfee5271be2db254154c2f8e5478096de8d

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion_pause.pcm

MD5 fddc411010d812fb444d70781e253ed7
SHA1 70f75fbb27a50f80e78c1c08485928ed0f05b3d9
SHA256 e8c8ae4267e1a14352d631418b4fb16d767e3d42aa9528adb5cf378a219b96f1
SHA512 155176a313b5534963f1166139403301cdebc5ffc082d48058975da4f60e083ef25e21dc262e20f0414aed049b746d630bf668961ca486200c327ebc554c6488

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\archival.pcm

MD5 2da32e501e9720b40d438ff7352a5573
SHA1 e59fdecd75b2c8cb4b26bb4a2b3c622dca8a2e3b
SHA256 5e7d1491e7d6969eb67646f87ab2dbf0ff1d1cb4f5cf631128a305e2b67d4a1b
SHA512 5da2c201bfd01fc1ef1724acb0f6fddd7be39f83b6fff5c80aef71c96f14d30c694da82b1c41183b2b9ab9ef99d45faa657c4f6a984f87a97aef08d9e824ccee

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\percussion.pcm

MD5 388728657dd2d77d2257a90b9c935650
SHA1 17c15f9be8b263c52dc165b3395d8d92e72ec313
SHA256 dafa23315ef2893d200a88b65b8f455e788acd616d0634c35385d460f07c6a61
SHA512 5b4b298df61c4bafa4f2b4ffe2193ed331460ed922a17f2abedcd20f6f1b1af8719694299e367af0ba757ec3496d99fc67ff1963e27195ed30a95e5dbe97a2b5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll

MD5 c706460c19843dbb8337d06534f48e2a
SHA1 76a133ab4b2e3ecb88a1c9aeaa1531816ab5b00e
SHA256 4df8697c39a9a14adda5c8b98376ce41710dd96137495bfd84917119bd36a84c
SHA512 8f63f7e0dea66c286bc31c62a404315eeee13ab6616a2beed67a0cdb21a8389d4796363df884caf7b9c224455890c8b99c01cc4cb3cae0c25c8a7ab156373900

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetDiagnostic.dll

MD5 ada2be8b2401c084be6cf39e33995822
SHA1 e8b168a3066be60f73aafffced256c3e0f80cb5f
SHA256 fe42caecaf785234f8be2c74525bdd40026c6a8ee124ee75ab379bd821e170d2
SHA512 50376b2d86ed358fae5595de385fd12e329594d82611df6fb322187bc7ebebb2d3afd0c3cab7b72ba404fc731d5fe0cbb2da22c18be56e9bf5edc81f766dae0b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_0.pcm

MD5 285974390c5114e6a8e91a2d63266a38
SHA1 f5b5b5ce959380d0358c463e2dcb9cafbe709843
SHA256 394c441e19f6d34b46baeb7820726f279bc71d21e6911070dbb58e67568ecb9c
SHA512 de85e1fc198fa235bc233cfd45747c30a8247af71b83e8ca30800cd754e6c45ae2d9754e4de0d51e3f2aed26ff8cc829d29374960f3b434e48acbbdf530ebe43

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_5.pcm

MD5 532231d1e36ea53a168830033cc0aec5
SHA1 4407c14ffe5b12b7100db43fb011564269f702a0
SHA256 83ef758561576bbaa981e976510b74eeeacc181834064ba7412eaf876cc25290
SHA512 05bb2d8ae7cf3ead9dfbf05fef4983ebfd4f5a8991ba43a92191a1a97b485dcf17e315b9a8d39300c71be7114f15f0113a75c6648fcdfc46b46e6cfd2b3ca0fe

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_4.pcm

MD5 065ce5dc0d49c48589a3eb19603510fc
SHA1 d0852569e60486c2d9206c35be826ac4d23f79be
SHA256 c50e689f830fea83f82c6cb2e5472b3827c5635490f0d2b0e56c346bad616a64
SHA512 c4661a30868376a7ed681d4d984efcbb8af4a7449059f31225c63ce1cc88a3b4a7fba3e3047f2b29a0e0e437e8b4832e888f65ef86ea40c2063aa0f736c61307

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_3.pcm

MD5 3913cdfca0b0dfad1c11ab3cdb81dcbb
SHA1 92e17b1f78788d5b98bb539aaed018fd72244411
SHA256 f8902a24f7dd5f4355e684ac1cb0029992581c610ad011ed2c900f8957c104ad
SHA512 43d22a611b65e10b9bb4b8405a993a77618c24d8866032672d43911707ac9f6497826cb6c975ae422c7d61412d6bb2d2df0412fc7fadc0e5e5f84ea09c7475ff

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_2.pcm

MD5 d30328c7ec556e0fc8537d1a2316c418
SHA1 bbd09bfd865686297bc06ff35fbd5f56374e3dc3
SHA256 37db0a7b3ab878fcdc1da65dc21c006daba8791c87ae37d000d516cdea9d4804
SHA512 913c7f778f1a954c43c275e544689a528fc4a59d30f1d315359191de60f9bc9544bd322fc6842b63e8931e8f0ee8579f63a3e810f165d92a2f702ad3d8e5b6e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_1.pcm

MD5 842932d135c62a4866c698cf415a13d1
SHA1 7977e8280576cdfe14449e0522a824342899e21b
SHA256 1a5eb409a8dd747b37e24b3a7a0c3c8aa7c55778a9bf4a71f4bdf3b5ad298c5d
SHA512 a34ae285e13cf25beb93153f1de77c6bb61941fd4d8f91b9689cb84d37204072ed4ddcf17a7f2319393db6383a949d4d0a8722245116f6aee8ef62524a403e29

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_6.pcm

MD5 a8e1e6ab27026fcc27307250e40dc64a
SHA1 a3d1bcd57edd4aa3f52c259a5b72c120f040d583
SHA256 ffc6da3e558a9b25cc03249f675aff3bd3ac21d54435fa8b23f37cbaf54dded8
SHA512 c82fb729e9aa1fb56efae9b76f42567b871b2626c29945d0e6b51e4f876f43b97b8bc5f0bbaefa56cd8b881def405c6b8a44f331500f169de80aba120c98f766

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_8.pcm

MD5 a9293ed20c46e09ebb87caf37e92f3be
SHA1 dd6e3ca3ef79d26f71fe432a2d928e9177f13205
SHA256 4c682a59d37c32715d7e82c1592fcfd51ceaaca7fc4464817f74d0c005a02372
SHA512 ae2572da5274f686ab5b2ca05c273e103e037f1b2d21775f86e780a6a4e97f61059387a063e86f276253011bdaf188b2ca20cb29ffca5803fce5cdd9a69f38a6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\double_beep.pcm

MD5 a2243b1ddd8cca6c40030020b57c606e
SHA1 9d0084832970caaf750335d5b27a3104623e2275
SHA256 e00dbb2ed88cd107bf384102e1353bb8d3a777dd9624a680579e4267080888d7
SHA512 04ba003ef55787f3d19006e8a3489b861ab86834acec445ec463172f5530fe72472c0bb39f62ff8d0222f388b63a6b2e28f5919fbbccea416654d7cc13f68b49

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\beep_intercom.pcm

MD5 618a307ef3efad70399a6107cb1ce9e3
SHA1 8b42e7fc116a27a3fa868db49b3d0204f42cd913
SHA256 32567197286cbb2dffc282f7cae8d46d13af9d5e83bc98773a836904d244326f
SHA512 3181f538cf34e09de3ced6b702eb55654888b3b533a339eaff97f6f6da9014900f076c76ddd407c0c3736156a896fd23a07952c04c06664103cc74f317b8ea74

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\ring_pstn.pcm

MD5 f199df8ed884c5af8fd07aa0e046d19b
SHA1 507ca087de97053c4e65f4576f78157813e6c174
SHA256 0a23d9800db639dd5f40ff0e1ca3df5729df7ab81affd1a02db445b4b0ab235b
SHA512 176a88eb7df30c78442c435f102f865e1f8c8a6d0fa03f1af823cf6b7a3c290e50df229b8775c9234f09a0ab5643410f5e00bb4eae550c13cb59ee3d4147d5f9

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_hash.pcm

MD5 569480b0dfe8b64b44f72e5740a58230
SHA1 6f4ed602780fdb7c3eda983bcb29007bcd8fbf77
SHA256 1a256021a62abb1386eabe58974db5bac91c622f9fecddc9f87216c102c23628
SHA512 89f6452afa3aee5265de3eac9ce0a5830163187abe6c5415141133a0b9c7ea091dfc198cad0b4662588b8f3785c93e310feccca3200b13af0c15caff7ab45d1a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_star.pcm

MD5 814b4f610592e7d68725f87b04dd5691
SHA1 9e3f0489d1889b3201753730211fb14ea1fc1e21
SHA256 719f8aa3842eef2b413eb8dff026c2b442acf051af040b295af595ef207dc32c
SHA512 929f10fc51e71759d375d82681f6b9106932b27e0cd39fcd0fbacc2359d1907631a912d34958628c651c37617bd4d5d9db93d321f0592c30d0294428890abbd0

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_a.pcm

MD5 6a95093e7fe3117bb1e614fa9727bfdf
SHA1 1df81e069ed43aeaedd8dce9d1c8bf56fa6b96a7
SHA256 d705d27155e39da52d84034389fbc3953d98f2e7a6007c44cf0ea1bdda4b3bb5
SHA512 925d6b17cec73d8ea98ddc3b55d17c6e014a5d4504251563c5d5d55a9b7f8caa43dcc6d7989bbce72a62e1708a54ab7b09bdd84f79da9010bfebf6cff7534c99

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_9.pcm

MD5 cedbfc417b6ea8e076c99471e4d746ad
SHA1 11d95a6490613c3d7f350f5525ae47ddf244a5f0
SHA256 c5e274011991477635400e5a2c81d3b6cc12c50a61267b0ecc70077cb92a9aa7
SHA512 358120f75fb51a89979cbec3c1dd0227e286019025be9308e81f5e2f4c02cd9bb0022bed4db357d42990c5f0503aadb88963d7062382d9cd832440e12a338cd7

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_7.pcm

MD5 4f9cb5dbacddb4099469ff30fb61490f
SHA1 0a338b3aaa04309584af7ee0f14f1767afbe1da7
SHA256 79f7a132b33c6525ee483231a53b8298620700ab21343cfa70d716e96fd12b8f
SHA512 488fba0f24d2382dddd25c05531a5f61683f774dd86d41b652ce9473224607de9744a5a4463907930eb3b010e6f97f7b7d1ac5a9daba8453525735d338399a5a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dll

MD5 a142c77ec7dfd200b9f4647f4e1ae16c
SHA1 e657e5c861489e115235ab8309c41e1b14c73d21
SHA256 7ca512df8287a3ecc0734de58ff85fb7c01516afd2bdf7cb67c79d4e5de305e8
SHA512 24e5523405c667f7432ee64e179e658320cd932a6c4c8ea03c75cac1170df5571548c810b2d0230c6b075aa61b633e78a90c205d468b3606fa334752c3f4e0f0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll

MD5 202d6dcbdefa4d3186abb62c3dbe2ac1
SHA1 3aa51e54226b14cbbbb46be5bb8d7db48746c48c
SHA256 6cede2720ba207e6958405fbe63f2c49bd098a78af9a3ebf6c88c59c3798e477
SHA512 48ec7adb2710753cc8b1b6d32eb24170d0b007a73adf7aecd69b104aa2751ed580df8fc417aea871369aea0b922b8318db24cca8aa1a12e803e55b0fc28119e7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dll

MD5 5f0d888f451381c52d62d46de3135cc7
SHA1 9900789c8af4b8a8f9004e9481e36b96dce03844
SHA256 f9ac8dd5dac9b033be31a9604e5824c2cdf6ba31237f548c8c3b6bf808f2222e
SHA512 f84fa3ca7723812615964e3c4eeee1c729786d9394074344754608297a0048c4eea50cc0cd479a8035a1d748fe4ce9013d517a29680d3377f0a1d35465b21998

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dll

MD5 0365afad0263a5607ec9998eef39f00b
SHA1 9a2a6b0bbeac4536a127f022ad790bdf60d83948
SHA256 ad5a482c5450aa0138a9c5b1a4e7fc25608b4966b54ca8cc4a555ff528cdf866
SHA512 3ac2fcfdfd6e6c1a02327541553d431051c817d3bfc2846580f373992d6d9f59f9af6d1b1d77d9f3d724912034e83c73ebd0e3ccf0dca7d185dd8b634833848b

C:\Users\Admin\AppData\Roaming\Zoom\bin\ucrtbase.dll

MD5 2040cdcd779bbebad36d36035c675d99
SHA1 918bc19f55e656f6d6b1e4713604483eb997ea15
SHA256 2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359
SHA512 83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

C:\Users\Admin\AppData\Roaming\Zoom\bin\msvcp140.dll

MD5 e0dd94aada0b034b212de071c33054da
SHA1 6c4f1b3f66d07bbcdcf41eb39b1480bb335efcc8
SHA256 08442853f19ce4ff3acae37d87eab33ef81c4c6da62a3432d43253ba79842b64
SHA512 76c877056f448e5dab820e990cc186ba886b2d331d689a99295aaff31a63aadb941c2693b0be98d53bd06cd8041a270eb82ddedfbde305cd9a85bcbe42fcf5a2

C:\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll

MD5 87dd91c56be82866bf96ef1666f30a99
SHA1 3b78cb150110166ded8ea51fbde8ea506f72aeaf
SHA256 49b0fd1751342c253cac588dda82ec08e4ef43cebc5a9d80deb7928109b90c4f
SHA512 58c3ec6761624d14c7c897d8d0842dbeab200d445b4339905dac8a3635d174cdfb7b237d338d2829bc6c602c47503120af5be0c7de6abf2e71c81726285e44d6

memory/4372-1039-0x000000006F4E0000-0x000000006FCF2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 2b0f22a930c45750962420a653fb6029
SHA1 830c4a4b39dadc3cf5da8ac5d8139398ed8c4dcc
SHA256 fcd5f4e14b0b8dcaba9203084671696891a45aec7bfad2ea9efe74da309cea8d
SHA512 4f899dc26ae9bd1623f4c1d7ec161e2c7511cfa9a091fcb67ee390a6fbc8901d119264905489458c25c6a1c5a8d4a0e3ff7e28228d259a16dde909f71e69475b

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 b431c6859c402cce48bea98de114e44a
SHA1 26f1ce179b9c6ad641c5bb85cb7c3012dbd5649c
SHA256 69aaf5c54c81fcf05323101847da4dc38329fb7c6fce17f0f90dd2578947839a
SHA512 31731456fb8f4e5aa7e5bc9f5b91ba7b45dca28caaf5e6f4c97b2d9897c3e0bc9932fa09a052b4db1b1d18231be5b8491d4328a79258e6c54d20b0138fcf2925

C:\Users\Admin\AppData\Local\Temp\ZCOMPT~1.CAB.zmdownload

MD5 6ba1ae543e15acda835f92ecdb5f83ba
SHA1 78ec81a6aa8f637d68b36093409515f0cf3a8820
SHA256 d4d1e9b2b44f6c6f4168f453f9b02748430b8360c6ed373ed66a3efbc6e101fa
SHA512 e4d5c113035d85e7579e217dffac5897b15811d275f109c9dba349e4938f306db8555187fce097b322ab59749c86efea59796a99483f9a0b0337f5b4ed8b9580

C:\Users\Admin\AppData\Local\Temp\ZCLIPS~1

MD5 60d244f4abde9e6c5bc9e30c66af09c8
SHA1 090cdb5302d9dd99e90fcdad208352f2cbc0449a
SHA256 89a6ee511368adea5fcf3d67a445ac4c66fbe1b2dc24ab2f9f72f724a4493d91
SHA512 cab41ce11f930c604fa9af9b5456f13df5ef193e6700c366dcb19a1259fc409f41f5ea367f453caa09ae55c63321813ec941339a17471c1d38396ced823ef093

C:\Users\Admin\AppData\Roaming\Zoom\bin\zPreMeetingApp.dll

MD5 934e8d8bede8f9ebc555df66b1b349bc
SHA1 cdf04716367cabeb72da34950d74a0b3d756b310
SHA256 9c63eebb6b4e9f77a94564b15b09f9e0ffa2f4dfbf55ec0967b5ddb2b0911f45
SHA512 9efa5ed77b19ab8179554eabed849dde6327a2c539fe9d86eeeb604c9e60f93209d40c37f880a0669dda11e4b7527e5b9758aacc37fd1ec286fdc015b72a603a

memory/1644-1395-0x000000006A2C0000-0x000000006ACB0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Zoom\bin\zAppUISdk.dll

MD5 051253f740634990c0bacbe04bacfc96
SHA1 3e32a1198a18e83bbb1eccd73b29c690c33b621f
SHA256 b63f9c103d8cc115b5342ba22792a88bd5050d4c1ca489e3b82dfb7ae54baea2
SHA512 15ca2258c0d9e77bae1cbe5a4a13a09f7d3e6750881d49d49cf208aad83e75e47033694634c1ffd016594e467d9645c03ecfc9c51e2d29c1f856bc18bbd16331

C:\Users\Admin\AppData\Roaming\Zoom\bin\zDiagnostic.dll

MD5 961d95d890dead1bc1e224fb6da45d48
SHA1 28698bf1e420cb4c19e79f686aecb2abb6a19a17
SHA256 4bd7736000b78270dbd030961f3cedf1e2a9ba2253710292997cdb29da0e5003
SHA512 42b3e8c1acae72cf59b66146d45ee9aec8a238a85c6d0cd326098b484d49e6855a6743cfd4a63f7e345eb8e017f3b20800f2a7c8f83375f207de37aa8ce50fbe

C:\Users\Admin\AppData\Roaming\Zoom\bin\zPSUI.dll

MD5 d0e0d6bfb9eb426077eb50611461e003
SHA1 5c3afb225ef2fb1114b4a4a2000950c39d6d44da
SHA256 fbf637c12bfccaf9a8f49181b96720af2d92589c7b215a260eb8404f01b5f638
SHA512 1caa7b0389876b26542d0f0f44c5cafecce74b77a75fbae4681387566c0cc9c8f2a609735827edc2a2bc3f5c5ec9b4587c23591573dc95e70e3002e1c920f0d6

C:\Users\Admin\AppData\Roaming\Zoom\bin\swscale_zm-6.dll

MD5 f18a4c8f5eb4dd9cab846ce0f3e4c5dc
SHA1 46210a22744c651a84fc3e82d21f9d4cacf4a2aa
SHA256 d2eab1db26a74522506a65c3976b6bc51b83dd1cdf657d7eb811a27509a041ef
SHA512 90d2d57c15881e622e5e0b129023799f7be8d56985c47dfe009077c56027b21bd648ebd63e43d01d12fafad123440d0597405d049216f6ab5b339daaf25e3660

C:\Users\Admin\AppData\Roaming\Zoom\bin\swresample_zm-4.dll

MD5 7840ac35ee7ee9068e355706d39f74d5
SHA1 8f8085632a8aab5394f1e67758587dc6a329442b
SHA256 b75945ddd3f12904eafe049dcc880ce99c7a4f4e87543caeea3abd5f132d1a72
SHA512 cb60f7a4695d34eddf16653241a727da8d3ee3349257d84e53260af5e300dd274f242b787f84d7313dddb3422f24a6976f28ed705c292fb40a5c0b32b88301eb

C:\Users\Admin\AppData\Roaming\Zoom\bin\avutil_zm-57.dll

MD5 116ff1bd0056f114dbd7d260a324bc9e
SHA1 e8a0553cc761d2a9b6d7ca48dd4724a953233e2b
SHA256 f9634a206e2669e782a015aedbebe940799d3c7a14b181e3eaac048d5c30fde2
SHA512 7f742bf7be6801b184d1886b7a4b096959216f9786b79987e300810d3444f97fc0ca51c89a406a5998646c85dd9b03a66501a8f28acb7f766b6457c33ded9885

C:\Users\Admin\AppData\Roaming\Zoom\bin\avformat_zm-59.dll

MD5 9323800d4631ff5d242c35b21f4401f0
SHA1 5a1ddbb6a2833bcaf8f65b390a294f06b36c2dc4
SHA256 6f53eafdc3f93d68c7690918b614c54ab505cc1d7528ac67cf9ce490f0ecf385
SHA512 cfa04d9a376ddc8d420107b9e7d58dbbe3b16e2bc7f7b31eb9322e0f4de1c7f58c5a6d57d6dd4110d73d6a32845fd2919bc11aa921149f8752ce54a232d6656d

C:\Users\Admin\AppData\Roaming\Zoom\bin\avcodec_zm-59.dll

MD5 5ffa29e40fdbd69a1cbe66fa3d374855
SHA1 24cf9d81619ad02d5159fa2ced283f7c95b6d6bf
SHA256 54309e795bf119b7854ccc84c127cf91bfd07cd812def6163cc560322a5572fe
SHA512 3580f7bbd4cad6a6dc0ed1c6411f449fe21eb1ed5f6a8280fa31d1c9e5fc40ac832e1f7baed07a0f080bb3b69d851d4e75b8a2fc24789584ac0b07602f82900c

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84