Analysis Overview
SHA256
6826b60fcf9993178042f62c206c54a2ace4f8c114dbdd94601db464d6f16a59
Threat Level: Shows suspicious behavior
The file 2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo was found to be: Shows suspicious behavior.
Malicious Activity Summary
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Checks system information in the registry
Enumerates physical storage devices
Access Token Manipulation: Create Process with Token
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 14:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 14:52
Reported
2024-06-18 14:54
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424884232" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9031af438fc1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c1cfc630f3a200ffa576a1f0f9fdf0bf7336cf5aea74c42312dfa1eade245644000000000e800000000200002000000044085250add70d8241769203ff84a6ff61bf1d5d0e20747bb6e8e414e66ad56e200000000ee8c17030102b56a3559d8be6aeea9fd49963bdb08d46fb7b623df2912d495240000000f8fe7663a5d3096c87da07d349d334133b7c1c5e67f17abc6f4e8a6adfaff484c1937074a416659c59119a64ca52372deabf2b6a565884880770a8befa63155e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E1BBFD1-2D82-11EF-AE43-7A4B76010719} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000004c2867779884aefe665dc9c4911ad2cb85f0d4504de6745806898f4745ace5d0000000000e80000000020000200000005e8092c70e3a69187aa0071d7e607075fd187ebb542115d3c67476ceaf62662490000000f80461cf1630dfc8b0c9128b77d97cdb3fb3dfd3da46d37fbc3adb055552a729644cbcb5e9a68edee2aff0b40a286f9e713e28749da7912c9b706115322d9447d6f8f11eb20144318451c124fcd4f2e2e065c0ea57469f9c3fa3b441a68009a0fe551a624e6fe06d163d82291e4ae12d2aa4eeb5ff6ddca53457c4d10426cd068238fdd02ad2d8432c41e18043bc404440000000f1503cc8bb24567e5f5a46e82be3cf1ae8056da475881ba69ce73d54dd692ddf3fcd00c54f09b384ede7c8158ce1fb48dfad90682e97bf3237a7f9db6a1b61b5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2600 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2600 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2600 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2600 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://zoom.us/support/down4j?os=win&err=20030003&v=2_6_1
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.zoom.us | udp |
| US | 8.8.8.8:53 | zoom.us | udp |
| US | 8.8.8.8:53 | zoom.us | udp |
| US | 8.8.8.8:53 | zoom.us | udp |
Files
memory/1668-0-0x0000000000340000-0x0000000000342000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 14:52
Reported
2024-06-18 14:54
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe | N/A |
Checks installed software on the system
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Loads dropped DLL
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoomus\WarnOnOpen = "0" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\UseOriginalUrlEncoding = "1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\URL Protocol | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\ = "URL:ZoomPhoneCall Protocol" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\URL Protocol | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\UseOriginalUrlEncoding = "1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",0" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\ = "URL:Zoom Launcher" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoom\ = "ZoomRecording" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoommtg\ = "ZoomLauncher" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoommtg\Content Type = "application/x-zoommtg-launcher" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher\Extension = ".zoommtg" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\ = "Zoom Recording File" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\URL Protocol | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoommtg | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\ = "Zoom Launcher - 3.0.1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\zTscoder.exe\" \"%1\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\shell\open | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPhoneCall\ = "URL:ZoomPhoneCall Protocol" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\ = "URL:Zoom Launcher" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoommtg\URL Protocol | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\zoomus\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomRecording\shell | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.zoom | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\shell\open\command | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ZoomLauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-18_7c345a3408d0555cdaead86fa4955a09_avoslocker_cobalt-strike_metamorfo.exe"
C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
"C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe --cid= --conf.no= --zc= --pwd= --pk= --tk= --browser= --sid= --stype= --token= --uid= --uname= --rtoken= --action=launch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe
C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe Zoom.exe --promptupdateaction=installed
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x530
C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe
"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runaszvideo=TRUE
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.zoom.us | udp |
| US | 170.114.52.2:443 | www.zoom.us | tcp |
| US | 8.8.8.8:53 | 2.52.114.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.zoom.us | udp |
| US | 52.84.151.41:443 | cdn.zoom.us | tcp |
| US | 8.8.8.8:53 | 41.151.84.52.in-addr.arpa | udp |
| US | 170.114.52.2:443 | www.zoom.us | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.200.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zoom.us | udp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 170.114.52.2:443 | zoom.us | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.zoom.us | udp |
| US | 52.84.151.62:443 | cdn.zoom.us | tcp |
| US | 52.84.151.62:443 | cdn.zoom.us | tcp |
| US | 8.8.8.8:53 | 62.151.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
| MD5 | 5e572810acb449f97c810fd677b3b98e |
| SHA1 | 543d44dea7c62e4471a035c78ed602e74e2a73b5 |
| SHA256 | 2536404bd2c99721aa6e47d98e6d2623215b5aa8eaff346aa46ba74ef166e7c6 |
| SHA512 | 37778a1ba5d206cfc68328bc2aa49e7dfd8819dbfb1935416b58e79662226e850c8f195397dd3a53c438591987b8878d044f0227d55d3283cc568b7524bb65fd |
C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi
| MD5 | ae77cc45bf77e8a42c5c5f5cc633bab6 |
| SHA1 | f392ebc9451b1c09ab730097037bcdd16795c21a |
| SHA256 | c8ca6e74d08d519367fee68fe0213a8b61062f03d6280c291b2a73f2d7d3e81e |
| SHA512 | 5b153f11be334692d7328784b95d476f99a1fa693e2b359ebde9fd644f60b405352206b8c9c070adce99f3c4cb782ecc335d35283b21c05206e3f5bafbd7d62d |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\msaalib.dll
| MD5 | 351c11d22533527b9248923f8b186a7f |
| SHA1 | 0ac6c288f1f80b80167238c3d2802afa9e84dea0 |
| SHA256 | 813d49f3fb6781bd7c719c2bc8e0f6c804d1ace911bf024bf1a16c62926cc114 |
| SHA512 | f6e6fbc42f89df8217a8c85d8a5adf0bbe38a015ed22821dce721f1ebfcd032e8543a389bd9f83d2ea04b0c2a036ce3a8f6099f63aff96556d4154d2e53c8bf5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll
| MD5 | 3aac25823efbb713c8556d78ded16e6e |
| SHA1 | 7901f9bc36570a2a528098f8fc04269c5337f787 |
| SHA256 | b2ee051cef7fc58eb65ab87be2dde3d7739c4dc948b12d226972b2313cb3f51a |
| SHA512 | 1c4b900d23fd43543990d9bb27a108fc68617d745568e3c1f3a55ebb5e42b734b553aa13f8f5df8717b9f7abf6e53e3a7b4fdae36f5548ffdbcfd002c6f0567b |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll
| MD5 | 9185774eec412e306f35ffac450abe78 |
| SHA1 | 5d12a87105c8d9c81acee258fb6f104f3b077141 |
| SHA256 | 9b61311cd3cde980d7681eb747a5eaa849dd6a8065dc72e2d90cb9408108e2b8 |
| SHA512 | 34fede5f6257bb1df9094a01e773d41618e4b8dee6f13d18e42a63104c67eca02ea4b8a36a89b31395efb15b3ee0b372db5fcf9902e3dddc39c2c28ee6e6f8a5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cmmbiz.dll
| MD5 | 9296c922e51367ccb0d4669ce9098968 |
| SHA1 | 6e7f0ef46f0783915f543989a303e3f11ac03920 |
| SHA256 | 69636b3781c91ff5f233e3e2a3ebf7e202cf46d1ea031f4710cb50a88a89098a |
| SHA512 | 5647bdde45d3a113a2f41310df0f379156ad4ca54ab930dd36e02e57d54eb7b481835207061d39398653f819101a72223eaa911cb27884f603147c5f4c3c49ab |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe
| MD5 | cc9a0e6583d7a3a026abde10910d8442 |
| SHA1 | 8294592708a3440374a2d497960989886737863e |
| SHA256 | acb0f5fc27c97e8377fefd3c6fc6739090d440131afa7555aadc5db6230fcf41 |
| SHA512 | ca8741b1ec7bb03ddb2e0af0b96945b670a0932ce058ece43131225cb43e4732bc724139c4d89bcf9d04ae3b5416b0a7c42e257ad39e1e74f6dd7c4e6c6fdb36 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll
| MD5 | 53802822d8bfd56b266ba24d85597d67 |
| SHA1 | ae8f806b165265f3cc346e7b6beadd9d8ab2c98b |
| SHA256 | b0bf5ff05fa5a5cdeea3b3f289c56a9767e786564e506f11b1fe42b95312c8f4 |
| SHA512 | 32576724d78197530f543eefd7b78151bfd1df1f69f3d714f07f981217600c3a32e8855e8158f1b84b4da5b3be9bafd5f409aec90d113aae36085d7a8aea3436 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll
| MD5 | ce7ffd179a3d5b267c29e0ed86bc9906 |
| SHA1 | 5c9da3e9a1d9061376fbc728d1fc3ce8320e757f |
| SHA256 | 8b0ee3364af6f124bbc3d0fd52ac472730a4008548b93b9418ffa4125fc187b5 |
| SHA512 | d55ac2374eb39a6fc107da1dbdfeb20024719ba42d57cf7f9d8dcad8656336ac067a3fdc270a25a48e5d232df93b3be178c4856a7535e704c902de40dd74b5e6 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\crashrpt_lang.ini
| MD5 | fcf61aed8f093bfcf571cdd8f8162a05 |
| SHA1 | 8de8177798aae82d5bcc0870c1ca5365f5d9966d |
| SHA256 | 1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb |
| SHA512 | 8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcrypto-3-zm.dll
| MD5 | 8501ffd5e8a0e3c06006716a8dd373bc |
| SHA1 | 2efcbd9b21c472e8e5516f4a8979a271ba86222d |
| SHA256 | dbec3f93f15e4090114c6bb32f93e75159555de4f9ca13ea5b617fd24e6ec63c |
| SHA512 | b56c9eea8bf93c62032435c115ab1f315d07e141db85c39e95f4d519da6c57745a502091e0f7bc84d748056f4b35963b9991b351c22e6a82d5f83669cec403e6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mcm.dll
| MD5 | 534c9f07f7b5a1795a92efc7f72ba1e4 |
| SHA1 | 773791c7e9617954a6e967a3b2dde85d0c8eac51 |
| SHA256 | 13b900b825f60ade153ceaec882e60ceab1779aa0946c53cdbe3f4b0e62aaadb |
| SHA512 | 0f346a2f87f406c68dd2c9f33d45725fbd1b96af6c9aec3ee6311f489cf86fc8ecc048c31c7fd681cdbfcd77b9cabf17e24338f83bd979fa92895023edefb05f |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\nydus.dll
| MD5 | 8626052bde592f2dbd68b83bcd963042 |
| SHA1 | 6a88e14837ab04870f410ece8d58a38c41fcd248 |
| SHA256 | 8e1a966228a5d7e40df4b19ceef03e5182888aed98029c43c0bf697d5c9f050b |
| SHA512 | 499a29796b88be321fa437d9d3d1da73a06d9268d0a31d9297715afe3dd4c05d36ac25469961baab5f08786da5e5690d2f87ad7e65ffa33c2bb4df3c6e18cb68 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring.pcm
| MD5 | 15f886cbaee088418b6ffcc29115c64d |
| SHA1 | 9147beae4e9138ba609f67e75f9cbea7651ca307 |
| SHA256 | 29792a0893ed2457c3872c4418bdd71f5e6c1b8e5894c2c921f8a8f8d797d4dc |
| SHA512 | e5228897cffb5e05a7a66471c52089ddb682d544ac3b4ac312804883a2d335b60edb6236286dbfb6934ed12715709f8ffa09dc7014844acb89bb1b0e205a2daa |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\wr_ding.pcm
| MD5 | c9318cc2306bf6b1ee74a5987a8d371a |
| SHA1 | f482d3de9e8dd7c04344fab37d067a08233b64dd |
| SHA256 | 58cbaef9b7177a4e4427ceb303b852463964a5ac4e979055021eed1901ff164c |
| SHA512 | 04ccca6ed6c13872e8d967a9eceb7b485c5f0f7442259395773a1ef168fcf317e60e22ad2840579e4d8b849d1606190cf5dca0e00c2f88cd1891b8206e9a5ec6 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_stop.pcm
| MD5 | 0001fecb6b6e044d221fbc6a7e22e313 |
| SHA1 | c73a6506c92d9a1188aaa793afbfc1951cd5340a |
| SHA256 | 8cd8b4d3e8447d82dd045c7a3a8f175b97376c3db5895506cab0af6a0075226f |
| SHA512 | 1588169348727306e9c4ab444a7857924bcb88e4dca2be8e3526a2227cf117702c47431325df1c83f71da34bb35c28d1589eb3f59cffddbb3dbbe1d00d8d76de |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_start.pcm
| MD5 | ab8a5f2981e225d3edaacb520083835a |
| SHA1 | c60c383fdb6850cb5013065576de87610270fba7 |
| SHA256 | 193c4ffea3de04802e97e9e62fcd8533d8ca53e7306ba113a2234959b5262eb4 |
| SHA512 | 4381f709c5e9d0172027fd2fe65ce37b0444087d3e9d7864cd54651cdae6e8429653c02ebb7a55a5de194ccf0d674f376961b012b088e131a11b7352f1ba69dd |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong1.pcm
| MD5 | 8fe86d9e8aa5c709bb0563243172e580 |
| SHA1 | c22bb02d82516a66f8473dbb4209bf22bb60fa14 |
| SHA256 | 2fbbb9ae6a463b360e1459bee558dafa8d864db2423f0fe4d2c56d22c3f3a5a2 |
| SHA512 | 6c47e964421ebab2c0c6199b97fb9c61b0a228fc654abf2e4d2bbaeec9640be2a5acca92474dfdd0b43facc71c60a9c9ba727d300cadb6128ef1f3dcd9a6c10f |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong.pcm
| MD5 | 54511224e61e71d2915ff67e57dcb268 |
| SHA1 | ba45f16f12d2e29480952367c0c6bd34fcd16827 |
| SHA256 | 7aadf0e317831d287b51e41992b43f0f381ae48a312cb77a426eeb3b6129d6d7 |
| SHA512 | 46b4ea771328a25c6384d5cdff7643ced94dd446830b165f80fb69df2dd2754062dca0636604602a7ebad4ce29b3f8ef62a81f59cf5502bfc78468c8c67a41ff |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring_spatial.pcm
| MD5 | d60d149441ac263dcb477cc17f29cf35 |
| SHA1 | a5f8bb83e31164070b9b904a1af694f87be96a33 |
| SHA256 | 5358f9d08ca9c8f97c66109cc804d90d2d61c3d18a7c0da230299cbaab239b17 |
| SHA512 | af3ccdf19b7088e491ad98f0e23e448253c87fecaac9f9434fc49ff201750dfa22e1941a6bafc0faa4930e9bd9e2c3a8db38b4d10edc999b7034fa760e8d3758 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll
| MD5 | 8fac14165e2a61ffbca3eb81335a726e |
| SHA1 | aa868f78764900b8ee49356f54d6981f5ab631bd |
| SHA256 | cf657edb8ec22878d954af73c020d8e4609f6b44ba3cb1310f5656f71ae646a9 |
| SHA512 | f73ef8e2bc70d50032f3d893812bb8c747aca8f5338071ec8fdf3a56d69d1fda60b023514d9dd6520566dba3b4607472ee27aba7d1b5a52c13655a81fc8865a6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll
| MD5 | 0b1439c61bceff53b6e26cbc75ef5f1b |
| SHA1 | c12573b72278c87082b3210e81444906f4b3bf4d |
| SHA256 | 2de65e8936ee472acd7ce6e366768b5284f77d05c4e8322c71326c5c65e0e6c7 |
| SHA512 | 4476166161dffb44a098f0c193e79d1ec25a66b332d7355d63a98c207b834e36f8403f2ccd7f3b4841ea74d6b8216b41ae3c1a2b569f4289d380cfebbc934770 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tp.dll
| MD5 | d580841038006d854e40d039f94eb6ef |
| SHA1 | 590945174374e0a8031c75c4f6899c125fa7abc2 |
| SHA256 | 45fce12c39ac0fe6055c67a82b5d75457a30a139736a305541e2b72a02915649 |
| SHA512 | 1bd5bca2b76338ff7ca4d096dc795deab4d0fc25e07f3561b653b19a55d36e08a3f91d37e0617091f5d077e9ead0c3d0e387e5faa6a72e9193e6b414212e9e4f |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll
| MD5 | 49167f33c981213aa56b79785124ab23 |
| SHA1 | 29b4469f5c3b15cc3185d160015070c656d22e9a |
| SHA256 | 37e8ffd6d314b9efa4addafd558837045cf477786fb56a947a346a98b3d6fac8 |
| SHA512 | 04c8392f3214264600917b30994d50fed1a56b0625a42a143597787263d796bc1497c7d5c5922aeee9f1ae909014a6ad7cfa127955661fe42686feacc7cd4d13 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\util.dll
| MD5 | 4eec71b1bef17002d0d4c1a6b39a9433 |
| SHA1 | 7c653b50c8d12a9bbb2782fbc1354f2061107876 |
| SHA256 | 84372429b5815bffbd54103f0febe899f0a5f199b4cd5fde1aa527c07b031527 |
| SHA512 | 12ed961d14d21df4400fed9f08d61a5ff64d455aea7a123441510ea713f4c4870b8f8ab9aeb103bb3375974f1cb117919241317b7e5735de18696b024140314f |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper.dll
| MD5 | ab3644725e3225fe1c443f1a55da3085 |
| SHA1 | dc866d495a8c9a6a818b571f9f1349daa3d2468f |
| SHA256 | 715f8d1e72a3b2d8d8801a6e34c114d155c4bf90dbd077f18a29418885ea721f |
| SHA512 | bc589cd25c4bf18044ba747c5fbc04470340e2796fcf8da3197c870756a4082d1d886859ff811cd16eb6768f5efa85190f1be3a92518ed28d25412dd46668c43 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll
| MD5 | da4c37f8889125e180cbc6f6c0be4b8b |
| SHA1 | fdc87c311779c9e9c502ca352e554d3fd2130f6f |
| SHA256 | b5c4ef6477399fada9f4e4ad72d47c3b539c67db43108b75237d9e4e7ff2527f |
| SHA512 | 841bd2315d0a355868a91e04b9d09634efb26d4d1be2a21aeffdd35831a979636bbd3230e615780a96ee4f489921227611e4f0b9e4a5ac74eacb7b3f5395cac5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll
| MD5 | 7c15ea6639ee9573d7490a40f2f2a44f |
| SHA1 | 51257a8a4cc55fca71f2b27e32500cd876af1022 |
| SHA256 | 9e4741e15f8c6487f4354247a88764ac02f05f044b2f2cbf8e35893f5ca65014 |
| SHA512 | 4d09403ee4bbaa85fe89f86c20ed9e3bfdc0d9b4c8b7925df4d82a3d977d64eb41a84d384a2d107f81cd783658cd1127531c16a0c29d9066f4caedefb917d2e6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll
| MD5 | 3fb0f9273a6b5b56977f350e2eac6e09 |
| SHA1 | c38be223d686857e62f41b5b78ec35f284710110 |
| SHA256 | cbbd2479077a5b829025fbdbc0dc6b98a0d28aebec055f8ed3451143056d903d |
| SHA512 | 699130c047f04c16ba1f4b85b62ab1e46bf9dbb57292b5a4cbdb482667eea5ec192dd228268c40677f4936d7875e0881f78b59edb79213fd7331403773b5074a |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll
| MD5 | e764d88d60b4f0bb420576a3f77b83b9 |
| SHA1 | ad8313f1457f1beff259dd1fae0920d760cf33b5 |
| SHA256 | 2ba05626917e47b714d245e946824a1a333a16172b0b9dc6b4f5f1fb507547f9 |
| SHA512 | 94c47efd8b1e5646d5893ea2bdd8745a514a2f35b60a29a576971410b181247cd288102df8350772ac96c9b2b094e55a4e230a7d6a81e91b927745d94342dd01 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll
| MD5 | 77834b3f4092b38a0687b97f2b340f58 |
| SHA1 | 994acdbd57bb04d8bb4556e4b3c5aadd96ee7b68 |
| SHA256 | 3afc3ebca4243e3f3ad66d2747bd3d99e886d77670bb66ccc4ae1d2ddb64f328 |
| SHA512 | 35c5453ec6d05ce472d28a453cc9d173a26da3b1c5f85eeb1ee6b8b0a7d24a6354e2b462727d6cea1b39facab9f372685cae7aad2fe86eaace204d7269b2b0e1 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll
| MD5 | a868f7af45652da384695b730bee044b |
| SHA1 | ca7bdac8be1712f484dfe98e54a8ceb396b6d342 |
| SHA256 | 612b9b1f8e64e2bc8c871563b38442e7cac81db909cdef46305224fe489939b9 |
| SHA512 | d3d9280b2b6c1401f244770bc17e2235ed8ef12ed04ab8cdf914e85c812c29300e91e9398d6a5c20150a717378b7c1106063581cf9f1dadee2bb41e570a38ff9 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll
| MD5 | 6320df1b0353527face88f81e1da9f9b |
| SHA1 | ef21783a834400482f59fbf4fdbd59504bcc3a57 |
| SHA256 | 8966c315fb28dac16fcc153e6cdca0e10bf412bc000983e07d7c0b25411bcd8c |
| SHA512 | 34ff7cba89b5147d8b1d2be4a8021a780bd75657ce5104c6eeaf519133f9374a32b92f7054b267f2bc5af298bed066fe1b653a95fddf13e9b0ae92ca069768e1 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.dll
| MD5 | 9f399fc9451039dd23077a27c32360a4 |
| SHA1 | 050bc9814c69021de7fc3b8cec52547892ec55e5 |
| SHA256 | c342ed800bd359faecb3fa0f73c9eeff53669079bf558fabaddda164f81c00ea |
| SHA512 | 30357a6c22c274c249af636daa9899b50bd0ae69328dfe3a356f1ffcccb4db3eb5582142a021f874f857dcb654bd5c6065d3dc461fedc1a777a06dc06ce9fe3e |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport.exe
| MD5 | 19baec924ca56944b8a29ed2d399fac1 |
| SHA1 | a29f466e5c2c06427da79dfa10c6bce536663606 |
| SHA256 | 244a1df8fb18a5d5ed502cd1c4ef982a8c9a89b6c4385249cd99fd6784f5f340 |
| SHA512 | 92bbb0af832b564140e5e5cd9d2354f2bc833b1bd023ec257f85899faf83e3e19e08e4c697fb54226700fc3a046bbc5b83ee7b90eff5d18ddaed48e7e14aa944 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zData.dll
| MD5 | 6af3d46c1313652da59ee31ec4607a74 |
| SHA1 | edef820408670f7f0efdb212567ff80c3c78579a |
| SHA256 | 301a0d45dac3669e8ced7208d1441a2dae233bbef515251453984ac8b377c485 |
| SHA512 | 70978141046edce0ce18d9a499e04aa8572caddb2b1f3a594ade6c5f8edea62c1c37e0f256068b50145db641fdfbccd38e5cc50ed39a8680e59b4a961d6c418d |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll
| MD5 | 1e8d62f2f488bb9f57919abc107c337b |
| SHA1 | 9d8dbeeda57ff5263bda14ede5588576d87957a0 |
| SHA256 | 2da49e63d2a35be289fdbfd3bc0b504aa0440db0f207c2078fb654cfbf090de9 |
| SHA512 | cb00bdb4774916183a12a1c41e0c4b74a70cc17e7c2c6a95c4cad4ce372ff53bdaa4c1bd00ca779c1cca898e0036c9fa7b079daaf5751af1e0826ea0b63038cb |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zm6Res.dll
| MD5 | b97f38ff98f3fd80a208706319d651cf |
| SHA1 | 94d83bf7372fa8200f0049ef7245271bf84b1c94 |
| SHA256 | ef0176c308f3a7ae8878d583adce1f74e8db27deefcf3503e3623089ef6f28fe |
| SHA512 | 6b9b84abb81762fe850b674a437d1d92d73f45175c622ed2682ce789318e5d02eac46ac11bf4085fb0ab076284dcfc151437a8c24d7ffd427888d8eb4d7fb771 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zlt.dll
| MD5 | 1cfd891349d7c1fe288d7b2ea7932174 |
| SHA1 | ee7b60ce1659345665ec059fddd605e502258597 |
| SHA256 | 843f03c826cb713ac982a3dc1f58922333f57de5692849981f8a55d7d28aa0e8 |
| SHA512 | 4c3445075d91e454a3ee9ff941e879c85b7509e7cbf56df6d3ee72b5d0c043c9eb38d207abe050e40c403c5e2977addf783829fff157c461093020e3a37cc941 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmb.dll
| MD5 | 5050bf6933f115a7cfe70a5c00caf8fa |
| SHA1 | 7508158d34dca8e93d315dba305d07a6d088488c |
| SHA256 | cb68c61e19e804563c4e54bc92cdb92b7fa9d3fb27f6eadb014add5e8e812d9c |
| SHA512 | 3504423988b0d1fa5bf0499baab09df8db7d061b916c76525877d7bdd21a42d48301b7b6ab5028e197705c1f0ba9ddaa4fe569394d02ecbecf6c2fcd0979295b |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe
| MD5 | a3455bd29755628b6b28250803c753f6 |
| SHA1 | 3452ee9390aa7e5db4dde7aee7b5fa02fe353d6e |
| SHA256 | 4840fb290fd848b74e5a96e9a08bc9b1c6f6fe2f99c153b98b5705d3f4af81ef |
| SHA512 | 03f4507ba624aa2cd6d349cd5ca4634e4cd63842e7848be3c7185ef769c4a0bd6e00cc9321f7f5d647a4b362008db9ece64a1595903a75d1735d4b95ef4381eb |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml
| MD5 | 5226816dfc8c9cc491e9305e78541bc7 |
| SHA1 | aac8f504ef8d0ddded7a6451ff327882a468265d |
| SHA256 | 72742a9bbb0192e347c6e76c0b09d73d7edc211ba7c535b4771b5a316a51c776 |
| SHA512 | 3ebe73e52d1a117605477731df607fd6036eb45eafcbb4765c89f75b37707c23b227a87a46cf24490078ab88ed2029a60ec0352342ce67aa4411f4d0a8554407 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe
| MD5 | 15f6d0ef634ccbb06d07aa70a3ba89c6 |
| SHA1 | a550f71751406a13fbfbffed3a7c24cc75ba6b68 |
| SHA256 | 2294b1eff3b467ba58c47cd79fdac9b1bc2d80e2b2d296fba0e7eb93e4f53e59 |
| SHA512 | 4dcfe6034b49576d5337463cab26a66a9ef74acae0e21a5a2c6cf0185320c3e1ca76c014ad3cbe21dc8d5cd3bcbd91e2faf80620b44acf16f2d6e6edc7cea0e5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe
| MD5 | b6f7e985b53b60daff41bea91fc305df |
| SHA1 | 2fac9ab220933ed930ef723168d3a9a79170be96 |
| SHA256 | 44a07489caefb8ae0a08f0b6b748a240a7b87e188911a3a6792f796b66d253e5 |
| SHA512 | 623efefb59289494c645a81637474ad1e0b3aacea210a9dc8716092907ebec5080cdff05dbbc97fdf90c334ac825ca4ed5a59ed42115d2aeb4b067907c9c052e |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll
| MD5 | e63826f08f267558359aeacfd138c7cd |
| SHA1 | 2b23920c8675822886d74e24986832f1e02e3050 |
| SHA256 | e9fb35d3106c288acb4d4c7411a8a5277b49f7a6a3d6e06337986f16a0c7c97e |
| SHA512 | 1c85110c6394d5dc568b0714a4eb74757dcbfbdb01d01ba6e89d1eae818def8d7bc9b2aed6001da7ffea411b4033d59db0856682657b2924caba66416696579b |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll
| MD5 | 356079004e8ff1ff9974177c556d36af |
| SHA1 | 5fc8645cd5c30346683a1e5adf6eef9e8f79e40e |
| SHA256 | 04f84b2b83e8443d2e51a57484a6d5e1ed1787074b945d0f96053b9be431f3a6 |
| SHA512 | aa4ae26280f28d37baa91f9d621755dfef8577fb81fce2eb2077fa2c854c59407843beedffdc3465932355fc71b5cc7069f2039137e8f2b3fac11f42185819e0 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll
| MD5 | e6ef5cffc5b8d845c681b30c3796ad21 |
| SHA1 | 32cdc93a592773a12c41b6f02233cfd8f7bab73f |
| SHA256 | 945bec054088bb02e2cf5779024633dbcc22c68d786d3d979585f36e45441f90 |
| SHA512 | f6558b23b77e3ea2e94d6372278ecaf0fbdad6214f7c172f6b7f8fd20ab9eb5270bd84d0da60b270f63e20dc85a73c34c27c8f550cfeb43bc494ffade341db74 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll
| MD5 | 89170d73d6a7e46c86f8e241994d4071 |
| SHA1 | d134d18825b7080454e395c4541327a988c3878d |
| SHA256 | ae1239b4f05bf059b0fc3525855a1da733845576efbf74dfb9edcc8474a3f79d |
| SHA512 | dffb874f060e49b09d8b9c54587a802267081fb216adac7a0a8f51e10aeab5f22ea5e1a3290d757982e8cd241a9506f10958955a57b0cd8c2c5d9665ff7ddbe2 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cares.dll
| MD5 | 02e07b0c3ab69d2521532afb8e68d8d1 |
| SHA1 | e41c09a12e4dbfcf5b63ce1e74a6697e350c4930 |
| SHA256 | 9d374af34a390a7b436f721d8ae44cb1ca40b7e48dedd0bd23f6d2f144af2502 |
| SHA512 | a76421f128771df29d1d96047c92d83e1456c4e68f197cca56526e313b45969fd10d5cc5bd0edaa37fc4b49d331609300f3140beb2c422046a1452c664ac4256 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\annoter.dll
| MD5 | a40f946b9fa6cc2f4d39ad13a0cd7e1a |
| SHA1 | 82aa9cde8e181d5be0f7455dd20a98c515cc0624 |
| SHA256 | ae05a017e5be3d6521d243348e44b30a9939ae012e1ae7cb95fb385965eff1ac |
| SHA512 | 3ec05b01d6baa6891be7ffad08778a71699440a4f6510f48922d4467e4c46e9a1239955381865e3a89356679b690cb2fac019cd212e74b4cf8fe17fa27ce4a68 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll
| MD5 | a7d7c7d566d094f38a12e614445ca23c |
| SHA1 | 39dfdfafe5f3c9ad9474435b5d40d49d5c4303b2 |
| SHA256 | 1b98b48b82c8cf5a97ed130963150b752f6eede8f7f424925b8ac8468c5b1623 |
| SHA512 | f98e1f7eb0704ed8365a1ee2e8013700315d814c6af7298898ac07a3db74a62da160c1bae15a7906bf091ff03f5e82549fefab2fbe523a40dcc5c296ef64d923 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll
| MD5 | a7628252321611af920b847db0cf8d8d |
| SHA1 | 99fcdf6d291c30af8e0b666e76f5a7af7fd33192 |
| SHA256 | fd634d78df17a8248577b826a352dbc047c3d863ca79ef702bccc44f4de7afdb |
| SHA512 | b84c0a54597cdfc9d5cbcf72ccefd57a6ea4b9ba9330aa8e6e2396deeac6cdcec289ffa59ec1d317ee0900dbf65858fa6cc1ee83445bf2b7837db3cb7129ed9d |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZRCSdk.dll
| MD5 | c96919290e7199d1ea93a151a20401d1 |
| SHA1 | 70c21977dfc82ecb21fb3682dc5c4e967eafe0a8 |
| SHA256 | d4b357278aebab4013e0957a13a4eeca897d20e97317b841240fba77f58d1aa0 |
| SHA512 | f487aa1859f3448136e5b5dc68d147b1ec59a2f4372078fa9ac38bdf584df9e84cfddb415d4fdd02a20bd3c49bf87ac5549470704beaab83f489e19c7290b891 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-high.pcm
| MD5 | c32f95839557340b4b4197a68847ca1d |
| SHA1 | 0feed637c4766b9b30ab6732259670f8c12c5538 |
| SHA256 | 0a16435cb3f7b8b1787476575ad646361e6fb4c07587df874940413de004dd08 |
| SHA512 | f5f0dd4a313ff6686bed5090aaa64885d319b8fba51fb2722b764668b26f06ce95164444652661b027e35f3c6928d3919422e4816bbb81bbd0f7914869004700 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-medium.pcm
| MD5 | aa93ab138ec89cf7cfb8b4b0ea8990a6 |
| SHA1 | d13b139d666c76cb12e1c0280c1343770adc8aac |
| SHA256 | d754fc9d9378772b7a17a53e6598c9cfe4a0f3ec492f0ed30241020562f58509 |
| SHA512 | f91c59cf1b1645b24997a1201bddb52953c0904f855b78add275d71401e4f9e6bcef59fe1d7205e222470689dacf2d55ae752cc2be66bbee5258db284b42e6c6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll
| MD5 | e3bd48278d81b36c40ddc30df429e350 |
| SHA1 | a4898bd776b21f958dd02de9901bbf1a3903abb4 |
| SHA256 | cb6d0ee57770ec5ab139a662500da9af812882abcd862ba4d70a2e01c479bfbb |
| SHA512 | 490057d37bbf63e78ba0239d4bb3ec81428b3c919fb9071cb92b2e03975a1a7f758a4dfcae7128b2ba4e01f26e6bd718d4633ff432f695a8c039660e0595a437 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\reslib.dll
| MD5 | 4d064cb7928188a4cf7addb5b98ac790 |
| SHA1 | b7cd219e1ee9eb32a9a3b2230beda2203eb0f861 |
| SHA256 | 29939d477c24afbde31b2e320afadc65a51cfd7dbe2a1841f916cff41986a5c6 |
| SHA512 | f8218c6bbbc19fb4540066ce2b3366c5983b0c6132e19f9eb86254a77c644be915e000de643b8bd723b52ad8534c33f5e812ab00a969df6b9039d85807ddedc9 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll
| MD5 | c83538afd204193fe91d430ee53f49fa |
| SHA1 | 8166d3d82261adb68ea62fd2899dc70b69fadfd0 |
| SHA256 | c097891002a0acf22c6e835feb3b0a98055d8fbef3718d1aa296b14f6f416f30 |
| SHA512 | 45bf733ea0bc357bd9d9798f88b18ba96a5fa192df51c853b00ddc09211e1fc61c3c6f5ed3ebb58859761aa6c90a58d2519f9f722e7eac44208531d8ec91a04b |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt
| MD5 | 7faec2006bb231d14b794a9f31769448 |
| SHA1 | c2b5a34fe521502f6fca3031201b47074f30f258 |
| SHA256 | 7ed2acca31a243ba107d8c12fddecd52462fd326d3d2c73b04d4cf10c76765ff |
| SHA512 | 777e0ec5d6b599fb0eabb8180fb6f302012ff12245e3de6a3dc568798cb057858eff18b08dacd28a72250236c4767abc2583670d92a946f684b45cb5144bd7e2 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\directui_license.txt
| MD5 | ab54b14548a4cc76dd7c27414d971111 |
| SHA1 | 68a3888b33ee1c5d5efb913846867c9a8788cadb |
| SHA256 | 6033476be3d1d41166b65984e2be94c87ac98dce55bfec887e932b696e859295 |
| SHA512 | cc8c4d90efedf4aeb3ba3b64ebd0e938576867618a334bccf3cb6790338c6a1da239393a618f6e6a1186cb363cb514ac9528ada51f0090fe2fc709e5c666d971 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll
| MD5 | 22340cf5cf73d4dbe4c5cc925d088063 |
| SHA1 | 7d73e645c265d1771b53adfc93cc354e7289aac8 |
| SHA256 | 76a5fc6f30b5d93eff59d713dfd3879012e19d079b5a98d82ce8d166536cde9b |
| SHA512 | 5a83ed7ca5604291a3d4f0ddfd1cbdf3aa61ed78e5cd81e29138aac572101d16e9b696ab6db1fe83a1c6e7f2ff0f0146c988020650748c3a94fccb3a97031680 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe
| MD5 | 11e06f55adbe5ec5d4d4f915037b895f |
| SHA1 | fb40e711c0ae602e662de0300c621885c3f7ff1b |
| SHA256 | 2fb14bd5d762d46f1cdb86778199fb033a8d5ee915aee82e11fc1a5df97c8c13 |
| SHA512 | 76631b3bceea8edc91b900bcb2bd451099a1559d7f52333680cf72a352c5d78f5d3f280a5a76f72901f7cc7bfb3e47509f3635e19a3203a49a56e6c49a59d564 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\leave.pcm
| MD5 | 3fcc19f6a199e97646a0ab32423c9332 |
| SHA1 | 05613b14d6c7336b24e9779963d245098e73b40c |
| SHA256 | efbd514b0ea241a560f1333cdbb90a9885d5c70c01ed032d11b8a672b1096a04 |
| SHA512 | b370ad863badd0d86d982eada1fd98306b686ef1cca4cc522558cbde40257effa96afd7327141beb08d9927a6b190e0047ad7978e87a41bf299f030c1cee121c |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll
| MD5 | c2f17ed9062323779ae4b8bafcd37d26 |
| SHA1 | e79ba9a04926c226eb3fe5dbc60bed775cec7752 |
| SHA256 | 2f2c05cdff9b32c9619d5fd794e7419b1b4baafea82daebfae8681d7e2eedd77 |
| SHA512 | cd7ac80eced616848d9cce7f1c84da71b315e989152242feb8b84b2862f0b116e444056d8486253f55c006706be657c496dbf1af0da85191116df32c432bb3db |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptService.exe
| MD5 | 59e15d5e981605b5ca57f2893de68e32 |
| SHA1 | 21784a3640861aa9194befcab6faf0cf92689eb7 |
| SHA256 | 764fa9d27d5dc877c1a7b278ef424999835b06bf0c11ada5d4603bc5554e481e |
| SHA512 | 7706639abaadd40d6303b4f5c4e54e6ee1343c71a15eeb43fa3a455b6c821e4d4cf8f5d0655708bd4afe2c31b2fa22f43d62b521edbfa8256c808814618449f6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe
| MD5 | 512c7fe581f6be5d0b00834d83a88d17 |
| SHA1 | d8fa44c0f00289ce23cb4129db7af17d1f26fe10 |
| SHA256 | edbf04b1bd52a2cd31c0bdae6413990e58c5fd9228d38cc782a4f63ee8cdb004 |
| SHA512 | 88c37b38028658f4428f2f09738ff31f125e3664d0d12af70b1429b751e3c07508f01ac87788a41147ae8a78c178f803dc384c133f6d94b51f494e0410212781 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll
| MD5 | 510a35180701aa6792018ff26278f952 |
| SHA1 | 237d5b70fac4a24f19c0c096405d6e57035d9c6b |
| SHA256 | d3ddae370ce8bca15a495dd59d2dd79b90f8f0ef3152380abdba86d0e4bfd0b6 |
| SHA512 | d4da2cb5700c7fc9e408e28a89b1d0aa5fce0fed44740d2ab0425dbb1d6896c2d2fbbe8f0fb551fed1b7b30a81e87c27eb442d271b1654ba526120f6c32fd601 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll
| MD5 | b3fe4be216d09265840a772a24dbff38 |
| SHA1 | 19087908f4244a2cda13224c86c72838dbaebdd4 |
| SHA256 | afabd83ec16df75132283ce012c0ae14e8d780d7fc3f7dc7b94f80c1e8ae10f8 |
| SHA512 | 3d25ef88c2c1b4d9111ae20b1ba3906fc09c5cfc24406ca51ba7270989c0b9c751bac10f88f5bf6fd4fe8fcaf8486a9dd5fa74be7e0f683f5c0597f68a62104f |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt
| MD5 | 078690812af4ba8567fcc2af2ca1d307 |
| SHA1 | f4f94babc436555d2f5992e29aacc47433fbadb4 |
| SHA256 | e82bc3dd03400aecabe12201219ba14750dbc4b36faab58663a7a6068548d372 |
| SHA512 | f4e1f1092ab90f380a63ed1954023722d265e32f7f3d9b86100fbfa7d6ecd8c584a7dc22b4e3cc4182957136e2d765d0d6a293694b739377c09b076e5fe448fb |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_chat_chime.pcm
| MD5 | b30a997b4a9df68d8796eef6f457f4aa |
| SHA1 | 23890fbc1f66c1061c60b8287659566c69b297d1 |
| SHA256 | f2ff5d73ee2a89135094ecb5165b30e351bb24ee4eeee95508f311eecdc9811f |
| SHA512 | 8cfc3b13d7c2ffa0438ab12669aef756bac76063cbf317e449e5ba4127c0604bab6fba793866857f4a68806e9ed779c0c521fc46c5ae3aab42de7c72d98613f4 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe
| MD5 | acb250c392580e5c857e057b8ba3b9f1 |
| SHA1 | c55838c4955e460cf1389e3dcd9b0be9c10a8f0a |
| SHA256 | ca7e602cd04673030a73e89dac5c45ee1694c8d9d0662098acc2589144f4bf50 |
| SHA512 | 9aec438a06e73f2249910ee67892f056379cbf6dd51048e8b0d48b3f018446fcbe8ce5d81447d20f981cdc8ba31e9aa348bb5fa317bc00f0d14b51242a6d86d9 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Droplet.pcm
| MD5 | 923d4747324854f50ecf69324741c8ca |
| SHA1 | 4c19f847fa8fdf55e27b2847bfe09789adfb9e59 |
| SHA256 | 3568dba00a55d25b736737a48163c13c1348afc5d4022a29ca0d3724d29ffe9f |
| SHA512 | 4ae265a89f693304fbeeb661d46d0cd96304083af75b5c245db63a632f40e08ca280a68f20115c6c38f5202801b29084633ffed4da16304689c4379f77693a0d |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_raisehand_chime.pcm
| MD5 | cd7d41d5204013ce176c99c225016d6d |
| SHA1 | 996ea48981e81ecb107cd77fd0d6e35edc4d4214 |
| SHA256 | cd9b81d47633fe9aa3f1020d895161de8c31797b365f93dfb22a60d920cc2eb3 |
| SHA512 | 44afe616a2596abc76cf9f862837b26c00e6214a08b61c6569e7ee07ab4331f4968d718889863cffc74ceed55ff377932432c7191dba4efdb638ea3b96badebc |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll
| MD5 | 9efa4b13874c695f349a594cbb6eb061 |
| SHA1 | 06529d3a3af3dc42aaee7891f13c4b06c19f785f |
| SHA256 | cb8a235958fb8e9579f3c2fc7cf06bd9501e6623cc9ef1aa082cd0d02deaa17a |
| SHA512 | 64d46ab2dc4cb6473482d78891d465f3bdad43696106053d00267bb2a4f21481f2a78985d48d54f4202fcbae36dc9090eb1f135d98380322c486bb2781298096 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe
| MD5 | 21ad12d806a357f1e5213943b79bd189 |
| SHA1 | f550c05a7039b151e353b1ca2b246e8d7990af2a |
| SHA256 | d22dfec1e2446e50d26b8573c49e37c0f0290edb73eb3519c5d1eb8221498147 |
| SHA512 | ffec312978d6ed18ca4f95a5872049e631e95697ea9d02578d1ac8d6fbf7e8b7f685e681a163ebadad53c2d23f4ba8572e00371a13c7b2a245f96c1a594e5966 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe
| MD5 | aedcb12bae7c5a414f7356e979001cf6 |
| SHA1 | 89edf14f3735e36cf89cafdca257644880fac1fe |
| SHA256 | b7e0ca1bb4dd76a0ba07007b3566bf0a8b032b382ac542565a7070887e14975e |
| SHA512 | 8f14258647cb0cf49a016043144b28b306926c1e7b84d9e3b559f003b3ba5724ecd48176540f7ecd706e90d566d636bbde25191241c409f794bb3309abc29585 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll
| MD5 | 8ef1e20efde0c1f3e6878a27c5861c5f |
| SHA1 | 8cda8c4972f23faea33be4966f6099dcd5a24591 |
| SHA256 | 68716e17c9281c64ad844f3aa13804f6d3d374c1dc4161dbf0116b18cd8fdabd |
| SHA512 | facc1eb72a223db1527b35b84d40f5fe2304055e9cb56a621b2d3540078fdc95d98a7fea1c0f58d75eaacc94cbb9ce9d36632dd194aafb4c3439d164c84b4249 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll
| MD5 | d8f4b2be768437ce073126e899c8d554 |
| SHA1 | 80796913ddbbb3e37dd521b9551795657f17f4d8 |
| SHA256 | 80e78362465a7e2eca78f13b8c130105e245960deb8a8354cf22b6b9a02b99bd |
| SHA512 | f21a4a9cbd9208d10c5dbeee7e8311e3fb25525c76c0798d583bebe25446537c5fafe8566eac46ea154213b9b3ca0ef8a5647d6ee6aa2fe323c152f16b0a7979 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll
| MD5 | 86ea7832ba631ceff7fe008da3169cd9 |
| SHA1 | e6089e721411a79e986fa8ceab908950446e62f1 |
| SHA256 | 00740cc77dbf6eff3d02c8829eccf257509bd2b4ca531251461ba59189078bed |
| SHA512 | 89f9fd1b6516d1e8131c9ddf94bac979a360823419bed18e387d5d95dba166c30f172f07b9e64cda1aa722b08532502541879df18ec48943f05afa8b7e5cfb7a |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll
| MD5 | ffffd77b3850ab9057c26d0705c3c1c3 |
| SHA1 | 8cbd2e35f72451969543f5a31dfa999ee548973b |
| SHA256 | 6ffe8dcf16c71a1d39eeaf48a92731c2ed1d5b410eb400574d168aa0d230b707 |
| SHA512 | dedd369e6b19decb3945ec14856f9f2484d17438239dd54e20701a91340d837de923b895f0b8659cac0233cde4e8f6e6d7f381b01d6a25fc831ddef4411b1621 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll
| MD5 | c596f387fd98889da5af6f8cd1e0827c |
| SHA1 | 7ae054955b98cdbd946098eca8617ea24a8356fa |
| SHA256 | 067f2032fb36025ec33d9e644eaf3459b4e607fa71f07b01e8d72830afc17243 |
| SHA512 | addf34b8f68f921f0c9d35dfdffdd7c3b685e22cb5fbdeb7279b65b5554b12401f0bb401f00b33a63b1b96bfe3e747514a424b1a0c47ccf39c387097b49499c6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll
| MD5 | 9514ab2a03b8f7965ccbc82ce2d59434 |
| SHA1 | 2736af9532eea7b9d4d5f529a4ed29b84845fc8c |
| SHA256 | f470cfb962fa8fa4a97d61c5727bfee527d380f6c5815e6fb33bca9c26d5e9b1 |
| SHA512 | 3ded17c1e9d079b39156f10e20e89bd4bb9da15a9acb6361312a5bc9cfcc516600bd50806ad2f10dd1140c349fddbb29f990cee5ca4851d3e8c20906ba1db2b6 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll
| MD5 | 4f0585a9667e6a29e9216922773cab1a |
| SHA1 | 12718380a204e27d00f9f335b7682089b8a60b90 |
| SHA256 | 00d65c3c7fc5a419bab16a4a1fd836f23e6ed108da962c982f5ac5a0e823b3a9 |
| SHA512 | 216efcf8d26268cd0350c15fa073e1577ae40c9928209d1877b3b1f6266e1eb6629712754a95796406ac8f8e18c5fdc63842856266abb46fee5bb303cbd21e28 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe
| MD5 | 30e9de73f90a218b08bc5a184564a72b |
| SHA1 | e6ad8c2b7b4a68c853afe5af8c8008c9225b2742 |
| SHA256 | 909624f1dfd36907645205092a429b2368abb52458851e8955d0e7d2e828997c |
| SHA512 | eb7766c4cb4484fdef881e21e319aa05aded0a9b3d6b7df770208085e423e498f0362797faf52fbaa47d3a0af43373ab1e5e3de7916390ddb9b8b5098262aba1 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll
| MD5 | 9a9df483ed55bd568cccdd7485804931 |
| SHA1 | 1c0d0363af131aab8cd81108c16354947007856f |
| SHA256 | ad5cfe82f102739d4cc15c3eb38a411525762520c9c4229c902f67dbab23c5fb |
| SHA512 | 0c989ea9e3c3ccfb7f8990098b1f5b0c7bfa311f83438aeb5047fdf3abcda872905927ddbd17245a9de2e73defd69dfee5271be2db254154c2f8e5478096de8d |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion_pause.pcm
| MD5 | fddc411010d812fb444d70781e253ed7 |
| SHA1 | 70f75fbb27a50f80e78c1c08485928ed0f05b3d9 |
| SHA256 | e8c8ae4267e1a14352d631418b4fb16d767e3d42aa9528adb5cf378a219b96f1 |
| SHA512 | 155176a313b5534963f1166139403301cdebc5ffc082d48058975da4f60e083ef25e21dc262e20f0414aed049b746d630bf668961ca486200c327ebc554c6488 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\archival.pcm
| MD5 | 2da32e501e9720b40d438ff7352a5573 |
| SHA1 | e59fdecd75b2c8cb4b26bb4a2b3c622dca8a2e3b |
| SHA256 | 5e7d1491e7d6969eb67646f87ab2dbf0ff1d1cb4f5cf631128a305e2b67d4a1b |
| SHA512 | 5da2c201bfd01fc1ef1724acb0f6fddd7be39f83b6fff5c80aef71c96f14d30c694da82b1c41183b2b9ab9ef99d45faa657c4f6a984f87a97aef08d9e824ccee |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\percussion.pcm
| MD5 | 388728657dd2d77d2257a90b9c935650 |
| SHA1 | 17c15f9be8b263c52dc165b3395d8d92e72ec313 |
| SHA256 | dafa23315ef2893d200a88b65b8f455e788acd616d0634c35385d460f07c6a61 |
| SHA512 | 5b4b298df61c4bafa4f2b4ffe2193ed331460ed922a17f2abedcd20f6f1b1af8719694299e367af0ba757ec3496d99fc67ff1963e27195ed30a95e5dbe97a2b5 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll
| MD5 | c706460c19843dbb8337d06534f48e2a |
| SHA1 | 76a133ab4b2e3ecb88a1c9aeaa1531816ab5b00e |
| SHA256 | 4df8697c39a9a14adda5c8b98376ce41710dd96137495bfd84917119bd36a84c |
| SHA512 | 8f63f7e0dea66c286bc31c62a404315eeee13ab6616a2beed67a0cdb21a8389d4796363df884caf7b9c224455890c8b99c01cc4cb3cae0c25c8a7ab156373900 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetDiagnostic.dll
| MD5 | ada2be8b2401c084be6cf39e33995822 |
| SHA1 | e8b168a3066be60f73aafffced256c3e0f80cb5f |
| SHA256 | fe42caecaf785234f8be2c74525bdd40026c6a8ee124ee75ab379bd821e170d2 |
| SHA512 | 50376b2d86ed358fae5595de385fd12e329594d82611df6fb322187bc7ebebb2d3afd0c3cab7b72ba404fc731d5fe0cbb2da22c18be56e9bf5edc81f766dae0b |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_0.pcm
| MD5 | 285974390c5114e6a8e91a2d63266a38 |
| SHA1 | f5b5b5ce959380d0358c463e2dcb9cafbe709843 |
| SHA256 | 394c441e19f6d34b46baeb7820726f279bc71d21e6911070dbb58e67568ecb9c |
| SHA512 | de85e1fc198fa235bc233cfd45747c30a8247af71b83e8ca30800cd754e6c45ae2d9754e4de0d51e3f2aed26ff8cc829d29374960f3b434e48acbbdf530ebe43 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_5.pcm
| MD5 | 532231d1e36ea53a168830033cc0aec5 |
| SHA1 | 4407c14ffe5b12b7100db43fb011564269f702a0 |
| SHA256 | 83ef758561576bbaa981e976510b74eeeacc181834064ba7412eaf876cc25290 |
| SHA512 | 05bb2d8ae7cf3ead9dfbf05fef4983ebfd4f5a8991ba43a92191a1a97b485dcf17e315b9a8d39300c71be7114f15f0113a75c6648fcdfc46b46e6cfd2b3ca0fe |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_4.pcm
| MD5 | 065ce5dc0d49c48589a3eb19603510fc |
| SHA1 | d0852569e60486c2d9206c35be826ac4d23f79be |
| SHA256 | c50e689f830fea83f82c6cb2e5472b3827c5635490f0d2b0e56c346bad616a64 |
| SHA512 | c4661a30868376a7ed681d4d984efcbb8af4a7449059f31225c63ce1cc88a3b4a7fba3e3047f2b29a0e0e437e8b4832e888f65ef86ea40c2063aa0f736c61307 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_3.pcm
| MD5 | 3913cdfca0b0dfad1c11ab3cdb81dcbb |
| SHA1 | 92e17b1f78788d5b98bb539aaed018fd72244411 |
| SHA256 | f8902a24f7dd5f4355e684ac1cb0029992581c610ad011ed2c900f8957c104ad |
| SHA512 | 43d22a611b65e10b9bb4b8405a993a77618c24d8866032672d43911707ac9f6497826cb6c975ae422c7d61412d6bb2d2df0412fc7fadc0e5e5f84ea09c7475ff |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_2.pcm
| MD5 | d30328c7ec556e0fc8537d1a2316c418 |
| SHA1 | bbd09bfd865686297bc06ff35fbd5f56374e3dc3 |
| SHA256 | 37db0a7b3ab878fcdc1da65dc21c006daba8791c87ae37d000d516cdea9d4804 |
| SHA512 | 913c7f778f1a954c43c275e544689a528fc4a59d30f1d315359191de60f9bc9544bd322fc6842b63e8931e8f0ee8579f63a3e810f165d92a2f702ad3d8e5b6e2 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_1.pcm
| MD5 | 842932d135c62a4866c698cf415a13d1 |
| SHA1 | 7977e8280576cdfe14449e0522a824342899e21b |
| SHA256 | 1a5eb409a8dd747b37e24b3a7a0c3c8aa7c55778a9bf4a71f4bdf3b5ad298c5d |
| SHA512 | a34ae285e13cf25beb93153f1de77c6bb61941fd4d8f91b9689cb84d37204072ed4ddcf17a7f2319393db6383a949d4d0a8722245116f6aee8ef62524a403e29 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_6.pcm
| MD5 | a8e1e6ab27026fcc27307250e40dc64a |
| SHA1 | a3d1bcd57edd4aa3f52c259a5b72c120f040d583 |
| SHA256 | ffc6da3e558a9b25cc03249f675aff3bd3ac21d54435fa8b23f37cbaf54dded8 |
| SHA512 | c82fb729e9aa1fb56efae9b76f42567b871b2626c29945d0e6b51e4f876f43b97b8bc5f0bbaefa56cd8b881def405c6b8a44f331500f169de80aba120c98f766 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_8.pcm
| MD5 | a9293ed20c46e09ebb87caf37e92f3be |
| SHA1 | dd6e3ca3ef79d26f71fe432a2d928e9177f13205 |
| SHA256 | 4c682a59d37c32715d7e82c1592fcfd51ceaaca7fc4464817f74d0c005a02372 |
| SHA512 | ae2572da5274f686ab5b2ca05c273e103e037f1b2d21775f86e780a6a4e97f61059387a063e86f276253011bdaf188b2ca20cb29ffca5803fce5cdd9a69f38a6 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\double_beep.pcm
| MD5 | a2243b1ddd8cca6c40030020b57c606e |
| SHA1 | 9d0084832970caaf750335d5b27a3104623e2275 |
| SHA256 | e00dbb2ed88cd107bf384102e1353bb8d3a777dd9624a680579e4267080888d7 |
| SHA512 | 04ba003ef55787f3d19006e8a3489b861ab86834acec445ec463172f5530fe72472c0bb39f62ff8d0222f388b63a6b2e28f5919fbbccea416654d7cc13f68b49 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\beep_intercom.pcm
| MD5 | 618a307ef3efad70399a6107cb1ce9e3 |
| SHA1 | 8b42e7fc116a27a3fa868db49b3d0204f42cd913 |
| SHA256 | 32567197286cbb2dffc282f7cae8d46d13af9d5e83bc98773a836904d244326f |
| SHA512 | 3181f538cf34e09de3ced6b702eb55654888b3b533a339eaff97f6f6da9014900f076c76ddd407c0c3736156a896fd23a07952c04c06664103cc74f317b8ea74 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\ring_pstn.pcm
| MD5 | f199df8ed884c5af8fd07aa0e046d19b |
| SHA1 | 507ca087de97053c4e65f4576f78157813e6c174 |
| SHA256 | 0a23d9800db639dd5f40ff0e1ca3df5729df7ab81affd1a02db445b4b0ab235b |
| SHA512 | 176a88eb7df30c78442c435f102f865e1f8c8a6d0fa03f1af823cf6b7a3c290e50df229b8775c9234f09a0ab5643410f5e00bb4eae550c13cb59ee3d4147d5f9 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_hash.pcm
| MD5 | 569480b0dfe8b64b44f72e5740a58230 |
| SHA1 | 6f4ed602780fdb7c3eda983bcb29007bcd8fbf77 |
| SHA256 | 1a256021a62abb1386eabe58974db5bac91c622f9fecddc9f87216c102c23628 |
| SHA512 | 89f6452afa3aee5265de3eac9ce0a5830163187abe6c5415141133a0b9c7ea091dfc198cad0b4662588b8f3785c93e310feccca3200b13af0c15caff7ab45d1a |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_star.pcm
| MD5 | 814b4f610592e7d68725f87b04dd5691 |
| SHA1 | 9e3f0489d1889b3201753730211fb14ea1fc1e21 |
| SHA256 | 719f8aa3842eef2b413eb8dff026c2b442acf051af040b295af595ef207dc32c |
| SHA512 | 929f10fc51e71759d375d82681f6b9106932b27e0cd39fcd0fbacc2359d1907631a912d34958628c651c37617bd4d5d9db93d321f0592c30d0294428890abbd0 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_a.pcm
| MD5 | 6a95093e7fe3117bb1e614fa9727bfdf |
| SHA1 | 1df81e069ed43aeaedd8dce9d1c8bf56fa6b96a7 |
| SHA256 | d705d27155e39da52d84034389fbc3953d98f2e7a6007c44cf0ea1bdda4b3bb5 |
| SHA512 | 925d6b17cec73d8ea98ddc3b55d17c6e014a5d4504251563c5d5d55a9b7f8caa43dcc6d7989bbce72a62e1708a54ab7b09bdd84f79da9010bfebf6cff7534c99 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_9.pcm
| MD5 | cedbfc417b6ea8e076c99471e4d746ad |
| SHA1 | 11d95a6490613c3d7f350f5525ae47ddf244a5f0 |
| SHA256 | c5e274011991477635400e5a2c81d3b6cc12c50a61267b0ecc70077cb92a9aa7 |
| SHA512 | 358120f75fb51a89979cbec3c1dd0227e286019025be9308e81f5e2f4c02cd9bb0022bed4db357d42990c5f0503aadb88963d7062382d9cd832440e12a338cd7 |
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_7.pcm
| MD5 | 4f9cb5dbacddb4099469ff30fb61490f |
| SHA1 | 0a338b3aaa04309584af7ee0f14f1767afbe1da7 |
| SHA256 | 79f7a132b33c6525ee483231a53b8298620700ab21343cfa70d716e96fd12b8f |
| SHA512 | 488fba0f24d2382dddd25c05531a5f61683f774dd86d41b652ce9473224607de9744a5a4463907930eb3b010e6f97f7b7d1ac5a9daba8453525735d338399a5a |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dll
| MD5 | a142c77ec7dfd200b9f4647f4e1ae16c |
| SHA1 | e657e5c861489e115235ab8309c41e1b14c73d21 |
| SHA256 | 7ca512df8287a3ecc0734de58ff85fb7c01516afd2bdf7cb67c79d4e5de305e8 |
| SHA512 | 24e5523405c667f7432ee64e179e658320cd932a6c4c8ea03c75cac1170df5571548c810b2d0230c6b075aa61b633e78a90c205d468b3606fa334752c3f4e0f0 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll
| MD5 | 202d6dcbdefa4d3186abb62c3dbe2ac1 |
| SHA1 | 3aa51e54226b14cbbbb46be5bb8d7db48746c48c |
| SHA256 | 6cede2720ba207e6958405fbe63f2c49bd098a78af9a3ebf6c88c59c3798e477 |
| SHA512 | 48ec7adb2710753cc8b1b6d32eb24170d0b007a73adf7aecd69b104aa2751ed580df8fc417aea871369aea0b922b8318db24cca8aa1a12e803e55b0fc28119e7 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dll
| MD5 | 5f0d888f451381c52d62d46de3135cc7 |
| SHA1 | 9900789c8af4b8a8f9004e9481e36b96dce03844 |
| SHA256 | f9ac8dd5dac9b033be31a9604e5824c2cdf6ba31237f548c8c3b6bf808f2222e |
| SHA512 | f84fa3ca7723812615964e3c4eeee1c729786d9394074344754608297a0048c4eea50cc0cd479a8035a1d748fe4ce9013d517a29680d3377f0a1d35465b21998 |
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dll
| MD5 | 0365afad0263a5607ec9998eef39f00b |
| SHA1 | 9a2a6b0bbeac4536a127f022ad790bdf60d83948 |
| SHA256 | ad5a482c5450aa0138a9c5b1a4e7fc25608b4966b54ca8cc4a555ff528cdf866 |
| SHA512 | 3ac2fcfdfd6e6c1a02327541553d431051c817d3bfc2846580f373992d6d9f59f9af6d1b1d77d9f3d724912034e83c73ebd0e3ccf0dca7d185dd8b634833848b |
C:\Users\Admin\AppData\Roaming\Zoom\bin\ucrtbase.dll
| MD5 | 2040cdcd779bbebad36d36035c675d99 |
| SHA1 | 918bc19f55e656f6d6b1e4713604483eb997ea15 |
| SHA256 | 2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359 |
| SHA512 | 83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f |
C:\Users\Admin\AppData\Roaming\Zoom\bin\msvcp140.dll
| MD5 | e0dd94aada0b034b212de071c33054da |
| SHA1 | 6c4f1b3f66d07bbcdcf41eb39b1480bb335efcc8 |
| SHA256 | 08442853f19ce4ff3acae37d87eab33ef81c4c6da62a3432d43253ba79842b64 |
| SHA512 | 76c877056f448e5dab820e990cc186ba886b2d331d689a99295aaff31a63aadb941c2693b0be98d53bd06cd8041a270eb82ddedfbde305cd9a85bcbe42fcf5a2 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll
| MD5 | 87dd91c56be82866bf96ef1666f30a99 |
| SHA1 | 3b78cb150110166ded8ea51fbde8ea506f72aeaf |
| SHA256 | 49b0fd1751342c253cac588dda82ec08e4ef43cebc5a9d80deb7928109b90c4f |
| SHA512 | 58c3ec6761624d14c7c897d8d0842dbeab200d445b4339905dac8a3635d174cdfb7b237d338d2829bc6c602c47503120af5be0c7de6abf2e71c81726285e44d6 |
memory/4372-1039-0x000000006F4E0000-0x000000006FCF2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini
| MD5 | 2b0f22a930c45750962420a653fb6029 |
| SHA1 | 830c4a4b39dadc3cf5da8ac5d8139398ed8c4dcc |
| SHA256 | fcd5f4e14b0b8dcaba9203084671696891a45aec7bfad2ea9efe74da309cea8d |
| SHA512 | 4f899dc26ae9bd1623f4c1d7ec161e2c7511cfa9a091fcb67ee390a6fbc8901d119264905489458c25c6a1c5a8d4a0e3ff7e28228d259a16dde909f71e69475b |
C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini
| MD5 | b431c6859c402cce48bea98de114e44a |
| SHA1 | 26f1ce179b9c6ad641c5bb85cb7c3012dbd5649c |
| SHA256 | 69aaf5c54c81fcf05323101847da4dc38329fb7c6fce17f0f90dd2578947839a |
| SHA512 | 31731456fb8f4e5aa7e5bc9f5b91ba7b45dca28caaf5e6f4c97b2d9897c3e0bc9932fa09a052b4db1b1d18231be5b8491d4328a79258e6c54d20b0138fcf2925 |
C:\Users\Admin\AppData\Local\Temp\ZCOMPT~1.CAB.zmdownload
| MD5 | 6ba1ae543e15acda835f92ecdb5f83ba |
| SHA1 | 78ec81a6aa8f637d68b36093409515f0cf3a8820 |
| SHA256 | d4d1e9b2b44f6c6f4168f453f9b02748430b8360c6ed373ed66a3efbc6e101fa |
| SHA512 | e4d5c113035d85e7579e217dffac5897b15811d275f109c9dba349e4938f306db8555187fce097b322ab59749c86efea59796a99483f9a0b0337f5b4ed8b9580 |
C:\Users\Admin\AppData\Local\Temp\ZCLIPS~1
| MD5 | 60d244f4abde9e6c5bc9e30c66af09c8 |
| SHA1 | 090cdb5302d9dd99e90fcdad208352f2cbc0449a |
| SHA256 | 89a6ee511368adea5fcf3d67a445ac4c66fbe1b2dc24ab2f9f72f724a4493d91 |
| SHA512 | cab41ce11f930c604fa9af9b5456f13df5ef193e6700c366dcb19a1259fc409f41f5ea367f453caa09ae55c63321813ec941339a17471c1d38396ced823ef093 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\zPreMeetingApp.dll
| MD5 | 934e8d8bede8f9ebc555df66b1b349bc |
| SHA1 | cdf04716367cabeb72da34950d74a0b3d756b310 |
| SHA256 | 9c63eebb6b4e9f77a94564b15b09f9e0ffa2f4dfbf55ec0967b5ddb2b0911f45 |
| SHA512 | 9efa5ed77b19ab8179554eabed849dde6327a2c539fe9d86eeeb604c9e60f93209d40c37f880a0669dda11e4b7527e5b9758aacc37fd1ec286fdc015b72a603a |
memory/1644-1395-0x000000006A2C0000-0x000000006ACB0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Zoom\bin\zAppUISdk.dll
| MD5 | 051253f740634990c0bacbe04bacfc96 |
| SHA1 | 3e32a1198a18e83bbb1eccd73b29c690c33b621f |
| SHA256 | b63f9c103d8cc115b5342ba22792a88bd5050d4c1ca489e3b82dfb7ae54baea2 |
| SHA512 | 15ca2258c0d9e77bae1cbe5a4a13a09f7d3e6750881d49d49cf208aad83e75e47033694634c1ffd016594e467d9645c03ecfc9c51e2d29c1f856bc18bbd16331 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\zDiagnostic.dll
| MD5 | 961d95d890dead1bc1e224fb6da45d48 |
| SHA1 | 28698bf1e420cb4c19e79f686aecb2abb6a19a17 |
| SHA256 | 4bd7736000b78270dbd030961f3cedf1e2a9ba2253710292997cdb29da0e5003 |
| SHA512 | 42b3e8c1acae72cf59b66146d45ee9aec8a238a85c6d0cd326098b484d49e6855a6743cfd4a63f7e345eb8e017f3b20800f2a7c8f83375f207de37aa8ce50fbe |
C:\Users\Admin\AppData\Roaming\Zoom\bin\zPSUI.dll
| MD5 | d0e0d6bfb9eb426077eb50611461e003 |
| SHA1 | 5c3afb225ef2fb1114b4a4a2000950c39d6d44da |
| SHA256 | fbf637c12bfccaf9a8f49181b96720af2d92589c7b215a260eb8404f01b5f638 |
| SHA512 | 1caa7b0389876b26542d0f0f44c5cafecce74b77a75fbae4681387566c0cc9c8f2a609735827edc2a2bc3f5c5ec9b4587c23591573dc95e70e3002e1c920f0d6 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\swscale_zm-6.dll
| MD5 | f18a4c8f5eb4dd9cab846ce0f3e4c5dc |
| SHA1 | 46210a22744c651a84fc3e82d21f9d4cacf4a2aa |
| SHA256 | d2eab1db26a74522506a65c3976b6bc51b83dd1cdf657d7eb811a27509a041ef |
| SHA512 | 90d2d57c15881e622e5e0b129023799f7be8d56985c47dfe009077c56027b21bd648ebd63e43d01d12fafad123440d0597405d049216f6ab5b339daaf25e3660 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\swresample_zm-4.dll
| MD5 | 7840ac35ee7ee9068e355706d39f74d5 |
| SHA1 | 8f8085632a8aab5394f1e67758587dc6a329442b |
| SHA256 | b75945ddd3f12904eafe049dcc880ce99c7a4f4e87543caeea3abd5f132d1a72 |
| SHA512 | cb60f7a4695d34eddf16653241a727da8d3ee3349257d84e53260af5e300dd274f242b787f84d7313dddb3422f24a6976f28ed705c292fb40a5c0b32b88301eb |
C:\Users\Admin\AppData\Roaming\Zoom\bin\avutil_zm-57.dll
| MD5 | 116ff1bd0056f114dbd7d260a324bc9e |
| SHA1 | e8a0553cc761d2a9b6d7ca48dd4724a953233e2b |
| SHA256 | f9634a206e2669e782a015aedbebe940799d3c7a14b181e3eaac048d5c30fde2 |
| SHA512 | 7f742bf7be6801b184d1886b7a4b096959216f9786b79987e300810d3444f97fc0ca51c89a406a5998646c85dd9b03a66501a8f28acb7f766b6457c33ded9885 |
C:\Users\Admin\AppData\Roaming\Zoom\bin\avformat_zm-59.dll
| MD5 | 9323800d4631ff5d242c35b21f4401f0 |
| SHA1 | 5a1ddbb6a2833bcaf8f65b390a294f06b36c2dc4 |
| SHA256 | 6f53eafdc3f93d68c7690918b614c54ab505cc1d7528ac67cf9ce490f0ecf385 |
| SHA512 | cfa04d9a376ddc8d420107b9e7d58dbbe3b16e2bc7f7b31eb9322e0f4de1c7f58c5a6d57d6dd4110d73d6a32845fd2919bc11aa921149f8752ce54a232d6656d |
C:\Users\Admin\AppData\Roaming\Zoom\bin\avcodec_zm-59.dll
| MD5 | 5ffa29e40fdbd69a1cbe66fa3d374855 |
| SHA1 | 24cf9d81619ad02d5159fa2ced283f7c95b6d6bf |
| SHA256 | 54309e795bf119b7854ccc84c127cf91bfd07cd812def6163cc560322a5572fe |
| SHA512 | 3580f7bbd4cad6a6dc0ed1c6411f449fe21eb1ed5f6a8280fa31d1c9e5fc40ac832e1f7baed07a0f080bb3b69d851d4e75b8a2fc24789584ac0b07602f82900c |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |