Malware Analysis Report

2025-03-15 00:52

Sample ID 240626-yk5e6szhjd
Target https://go.chorus.ai/8983250331
Tags
defense_evasion discovery privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://go.chorus.ai/8983250331 was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery privilege_escalation

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Checks system information in the registry

Enumerates physical storage devices

Access Token Manipulation: Create Process with Token

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 19:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 19:51

Reported

2024-06-26 19:54

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go.chorus.ai/8983250331

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoomus\WarnOnOpen = "0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639051155017028" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomLauncher\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\ = "URL:Zoom Launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.zoommtg\Content Type = "application/x-zoommtg-launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomRecording\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomRecording C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomLauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher\Extension = ".zoommtg" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomLauncher\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomRecording\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\zTscoder.exe\" \"%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.zoom\ = "ZoomRecording" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomLauncher C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomLauncher\ = "Zoom Launcher - 3.0.1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomRecording\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomLauncher\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\ = "URL:Zoom Launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomRecording\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall\ = "URL:ZoomPhoneCall Protocol" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.zoommtg\ = "ZoomLauncher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomRecording\ = "Zoom Recording File" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\UseOriginalUrlEncoding = "1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.zoom C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPhoneCall\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomRecording\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomRecording\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\UseOriginalUrlEncoding = "1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall\ = "URL:ZoomPhoneCall Protocol" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoommtg\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\zoomus\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3784 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 952 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3784 wrote to memory of 2736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go.chorus.ai/8983250331

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4820ab58,0x7ffc4820ab68,0x7ffc4820ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=980 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3400 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4592 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4912 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3220 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:8

C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe

"C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe"

C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe

"C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe" /normal.priviledge

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

"C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" ZInstaller --conf.mode=silent --ipc_wnd=328236

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

"C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" /addfwexception --bin_home="C:\Users\Admin\AppData\Roaming\Zoom\bin"

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=zoom.us&h.path=join&confid=dXNzPTRhRG4xblA4UUJlb1RqS0V0YzJTbjNZeVdXVVJCcnU4R0ZmVXRSZjlNNHJjTXJPWXlGbmQwLVgwYTFvS3JsY0xGZm5ZVWpfeVo0YzJaMGhSdGF5ckNNM09VcFZlcXo1aXNwWVIxRTFxbXpuN0JVbmZtdVVVUVdHd3gwWGFsbldnc3doV0NPYy1VbFhwQ0lSN0R6Tmd5UnhoSDBxc1NubWpVSEQ1NFNBaWlpSEw2N2MzSE54SlNMYzBzUS52N3ZIbnlRMjFrVlltRW1DJnRpZD1lOGJlNmE0MTY5OWM0ZTI5YjZjY2Y2NTMxMTVjNzZkZQ%3D%3D&mcv=0.92.11227.0929&stype=0&zc=0&browser=chrome&action=join&confno=94907413100&pwd=dHAh7LY41ThMUL27coXhiHMA4pIRaq.1"

C:\Users\Admin\AppData\Local\Temp\zmC30D.tmp

"C:\Users\Admin\AppData\Local\Temp\zmC30D.tmp" -DAF8C715436E44649F1312698287E6A5=C:\Users\Admin\Downloads\Zoom_cm_ds_mt0dLpn2IXgu16NytzkeZV7a1Atzt9Q91SpqN@SjsIW1H1GQ7d4gsm_k8661cef9e1ac0f60_.exe

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=join --runaszvideo=TRUE

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x508 0x498

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4476 --field-trial-handle=1868,i,14630984614370412344,1320009708286154964,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 go.chorus.ai udp
FR 18.164.52.19:443 go.chorus.ai tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 19.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 88.221.83.209:443 www.bing.com tcp
US 8.8.8.8:53 static.chorus.ai udp
US 8.8.8.8:53 assets.zoominfo.co udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.83.221.88.in-addr.arpa udp
US 172.64.144.134:443 assets.zoominfo.co tcp
US 18.245.199.86:443 static.chorus.ai tcp
US 18.245.199.86:443 static.chorus.ai tcp
US 18.245.199.86:443 static.chorus.ai tcp
US 18.245.199.86:443 static.chorus.ai tcp
US 18.245.199.86:443 static.chorus.ai tcp
US 18.245.199.86:443 static.chorus.ai tcp
US 8.8.8.8:53 scdn.chorus.ai udp
US 172.64.144.134:443 assets.zoominfo.co udp
US 172.64.144.134:443 assets.zoominfo.co udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 134.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 86.199.245.18.in-addr.arpa udp
FR 18.155.129.128:443 scdn.chorus.ai tcp
US 8.8.8.8:53 chorus.ai udp
FR 52.222.149.87:443 chorus.ai tcp
FR 52.222.149.87:443 chorus.ai tcp
US 8.8.8.8:53 cdn.segment.com udp
FR 99.86.90.76:443 cdn.segment.com tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 3.165.111.23:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 128.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 76.90.86.99.in-addr.arpa udp
US 8.8.8.8:53 23.111.165.3.in-addr.arpa udp
US 8.8.8.8:53 87.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 app.launchdarkly.com udp
US 8.8.8.8:53 events.launchdarkly.com udp
US 151.101.66.217:443 app.launchdarkly.com tcp
US 151.101.66.217:443 app.launchdarkly.com tcp
US 3.223.165.9:443 events.launchdarkly.com tcp
US 8.8.8.8:53 cdn.lr-ingest.io udp
US 172.67.193.126:443 cdn.lr-ingest.io tcp
US 8.8.8.8:53 217.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 9.165.223.3.in-addr.arpa udp
US 8.8.8.8:53 126.193.67.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 r.lr-ingest.io udp
US 104.198.23.205:443 r.lr-ingest.io tcp
US 8.8.8.8:53 205.23.198.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 zoom.us udp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 st1.zoom.us udp
US 8.8.8.8:53 us01ccistatic.zoom.us udp
US 52.84.151.56:443 st1.zoom.us tcp
US 52.84.151.40:443 us01ccistatic.zoom.us tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 log-gateway.zoom.us udp
US 8.8.8.8:53 st3.zoom.us udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 134.224.0.55:443 log-gateway.zoom.us tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 2.52.114.170.in-addr.arpa udp
US 8.8.8.8:53 56.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 40.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 55.0.224.134.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 170.114.52.2:443 zoom.us udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 zoom-privacy.my.onetrust.com udp
US 172.64.155.119:443 zoom-privacy.my.onetrust.com tcp
US 8.8.8.8:53 zoom.us udp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 8.8.8.8:53 cdn.zoom.us udp
US 52.84.151.41:443 cdn.zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 8.8.8.8:53 41.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 52.84.151.41:443 cdn.zoom.us tcp
US 52.84.151.41:443 cdn.zoom.us tcp
US 144.195.129.213:3478 udp
US 144.195.10.213:3478 udp
US 144.195.10.213:3479 udp
US 8.8.8.8:53 213.129.195.144.in-addr.arpa udp
US 8.8.8.8:53 213.10.195.144.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www3.zoom.us udp
US 170.114.52.2:443 www3.zoom.us tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 st1.zoom.us udp
US 8.8.8.8:53 st2.zoom.us udp
US 8.8.8.8:53 st3.zoom.us udp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.38:443 st3.zoom.us tcp
US 52.84.151.38:443 st3.zoom.us tcp
US 52.84.151.38:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.38:443 st3.zoom.us tcp
US 52.84.151.38:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 52.84.151.63:443 st3.zoom.us tcp
US 8.8.8.8:53 63.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 38.151.84.52.in-addr.arpa udp
US 170.114.52.2:443 www3.zoom.us tcp
US 170.114.52.2:443 www3.zoom.us tcp
US 52.84.151.41:443 cdn.zoom.us tcp

Files

\??\pipe\crashpad_3784_XDFCQMTAHXMREZDJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 adbb97ffa40dbc83950de2887c034502
SHA1 8b7d8ccfc4e58733945438b64168f747154d92c2
SHA256 11282980169097fe7581d4e1b110cad840ccef8b4b2879a2ed88bb58cfcabd5d
SHA512 a68a142416937a9b76014a87d644a3b6ef380ed1972fba7cb7ae3b33212e4edf4a01ad2ba6c4c87d9f9dd0b5e21e90aa04cb070d0562f475731328c46b20d219

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14994652465af82daa0f905a2dc078ab
SHA1 7ae0f3a3979b5093462d43952bdb5c51e8a79c8e
SHA256 08390fa4e62e90d8f49ab515a88b580acb8ed14babb50a8c5cc039afeb7728fd
SHA512 165c4195dfc75245a86d42c45c8ff9f77b90635af720a502e75af1e3c1c06e7d99dc1a99ec81ef6ecbf6972afd88bb77519d068514d1cc8ebf6a709e4147b884

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 52311eb356eb5f80edc338021329fc48
SHA1 b0d39fc71da09520bab4544cc87de482e541ba17
SHA256 b837939815d7c458fea7d9b05f351f72f44c333e53c0b52f7cc669d8cd5ce2b5
SHA512 5adfc583f99a18632eeb71c16b09253761b278c109bf3d95d59b445f728c9de8dffbe982c2ab9d355d3559abe59c30d164ce51cd0adcb40c8df80bdce0659a62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 54c89c6672bdd4c3321e46a2c76daaf0
SHA1 163ab34fc82789f0a8f961dca4af2ddcc8049326
SHA256 417954d49f7e52860cf126caa4220803890f440a3b9b18635e52b1109af74619
SHA512 8b3012ce56931a9d867f67d141aedef2e8832e8768a940d5f80d78743f360f6c38a2b32c970179522e1541189ba21eba11558dfd5f601611079538093435165c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c8bbd663fcc803332347e3030ead9d1b
SHA1 5fb183996b0a0a8bad3c80944eccddfe9138af95
SHA256 da94481d963aadd673a43acc9f9bc9ab19432a0352dff0678bf97e6bece58bf7
SHA512 afe7a24c30f5a0ef0b28af18052696920f83e66c3bddef208a12ae706cda3b6ab028e47f813253603293ba9ce2b645deccd0aa69396f31f44aca726046f95654

C:\Users\Admin\Downloads\Unconfirmed 551139.crdownload

MD5 866611996ec65da839bcfab1347158fe
SHA1 de49568a3de6e6fcd541975d09d6fdefc069774c
SHA256 d5a7b20be8272d8889db8cf821c58f07cdba0a516053c20524471873517b14e3
SHA512 6ebf9aaebd46540f3d452a4c2e0f491cd7968186fce6bb4819b2bb6a09c9968f60bc79fef9ed64692e37f698beb75e216da2d25e1aee6b40ca0a2a076280c175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7862186a58b6a926f909baea1fd081e5
SHA1 0af181ebba73161717fa82896c906a2e7f3f1ed4
SHA256 47de1773d9724342ade991a73a6105c719c59c3178c0e36c54153ed5eb5d961e
SHA512 9c575b0d450954485e4fa374070a8505414c7173749114c46bb70e0e79a6202b57ff9fc40cc56023c8e12720c861a5a0ec1ce23f3ebaff62c821f894eb40d002

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 342b356d706a42aaefc1d20578ddb3f1
SHA1 562d693fcc97f6ed003049ef5a042b96a14fdad3
SHA256 b002272dbc5051c1f06bc9cdad11ffd4242aebc28ced5257a15393418d8f79ea
SHA512 bc016af82e7a9344d9a90a0ec070b0c48b71afa8bd403b46e4ff8b37fef17f05367f687caae5116f632ac62b177d1cd92735feaead1996ae51aac222939232c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 111caa01bc3dc400f3ba3b094d1186ed
SHA1 04f1b2f8e5dedc2c69bac3661b8c2f013c06df9c
SHA256 3eab14209771f4c098894172b97871e06819868b331163158776362b60e560f7
SHA512 cd794cf29675636604f826bdc97e582a1220d6d46fe8cba0fde9fc06910b42583e1ae719e69b74fd3419d5687ce10e5994aab98b708b9c7c6e66d27dfc55023b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3a9b9076c0b85436387a4af324675913
SHA1 3505e70ba60e8e5e7dd9b7e22a1b7b140d85aff9
SHA256 aa332de82d0972c9424d96ccd512940c0b0571cc5e387dde4280d782230dd4e8
SHA512 bca9dd548546a6cc629b4f0342f044d58d434b060587c0c129c720030c2f7b3b07e2629be54054f688efd471acfc7edbee9964a528a10791f546b0c86cb239ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587b84.TMP

MD5 eff0a34ae604b2defec15f6d7a4dd89f
SHA1 8e64aa223a4c807f380a21404a1b23ca2f4cb760
SHA256 aed7dd0d4bf1306880f57499d8b01f0098862c242646f85ed00686568ec27ea4
SHA512 7a645366e2fe7a8cc124bf099828884d9afe2bb2f855193070a35417fcdd8eea1934888abd392d301b90625cbb24ab310e7229f855087f75b073d3766b0b2e99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5bbcd9238a2da1407b8b5955cd325185
SHA1 77d3e9541bc4f1f126a06206d80d359800a26763
SHA256 b9914aeefe1137c612068af77b17fd4dd34c2814a46b67916da9cfb75d8b6c31
SHA512 8ad748ed9bc967d8aeadde5712098c980e0ea7130fdfd0703b39c0cce8ff34751495aff3bfb9e91c1f2105e1661fb4fac3e45b20c25f64741d378c3507272318

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

MD5 cb8247456234622c0a88e204f37269c7
SHA1 d7ede2a157e222033b077b6a54a41d3dd74ec853
SHA256 5710fb5bc0a95d1e80d824e24c34f0e7e6557438bd66711a429a701388059a77
SHA512 0f3e2a9eb62c4e0e9d184cb62bec4d537dc7b716719e48952ddaaa4aede442c890e115266dc2cd339479e4a93993a3222cfa6366b5ecf0a5d5ae49dcce893037

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aabec72948ceb4c3005a3bc336a55442
SHA1 ef7366ec9e299271d30bd23f694b446d2d117eaf
SHA256 f095bdd0e301ab9a19d661afd48417c0f16f6098ec6a1db6b0f06125e5875ff9
SHA512 b99d655e818468abed42c4edb1d4103fc5202db57b23af82af0e81351a50deefdfbfceeb7281c9e49ab355aa3704c2778e5ba889aa3d5683057921bdb2e9564c

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi

MD5 f96565b85799fbe15b863b205e7f92f1
SHA1 3f1eeb23a113e2c5ea4b0c036c36fb241eec9ba0
SHA256 ce550265d2ecbb8775d41c26f0d2213e06303b1401c7458112d7a320f57d4de5
SHA512 4a9c35fb6a1b0a9ceba854337a22fdc3c290ad836487289fcfa21f5390977e7a72cba90b942fab02216475164c0a489cfeb2c0c8036d04b0169cb909f1681401

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll

MD5 567e757812fd13b61ac15b3375c3a950
SHA1 77db7349e045dac677dec8a200d05346d28679c7
SHA256 0fe4e1bd5c6b53577b21a1ea30ea806441c8801275263c834fd8a89092a175db
SHA512 7ee5b2b9db67601b78de72f27925c52daa3d3a5ddd853f0f8365aab154f6d20f669bc6ea77fd230f1af0c57f98f617bf3eed884b2ee2bf88da684e6d60f8f7cb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll

MD5 02226b7dfefb733ae636caf4dec3f7a9
SHA1 54c79963ba0306974bf88b64d03c88b5625e394e
SHA256 9594c5f95ca741aef7b15fb3155573e411f31e8f2fdb53c21d9eecbf57733e5f
SHA512 d797ee76f4b40939394c537d18ca35d0870684605869d71a0a56cbf08ccb92308591d09f6227dfa08d637284a85d7533fa9e35bce4bfba25b2b8bbe18f0674d0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll

MD5 30e7afc99cf1455b9f2dc14323e26766
SHA1 4e3e9bc67a1f764874f4dcf9a0779ca3d7212d5b
SHA256 7a8629d78e5d1a99e2cbff3d8ff216699a49d974413b176e3615c747a6dff076
SHA512 f9f9fd7ba633b1fbdf9ade4414b4eb14fd50d97d5e371307686c066c59178783a5ba4317821c4e5449330815951bb6b49122c65abf844de349a3f0ecafc85f1f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cmmbiz.dll

MD5 f041af038065755e7c37440a450bf47d
SHA1 00cc9c0fbfbfc46d7654c6a8c14fdc875dcf8876
SHA256 c972fe45c91076b06e210134f963c41d1965728afa4660988dad67a29e9a15f7
SHA512 cbb694ea9d52aa326ec18679ca34c14c4edf96eb3b1ee50978146a24f4107ead21036849a608887683720f64495bee62b3436908c499da7fe5dd505e2a359d22

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll

MD5 f2119cd031f2051155963569f63ebbbd
SHA1 3d006a232f577ece901e21dd104b2533c7c6d6c4
SHA256 cfb25088eed7c86c744b952fa2933d55e283471385f61c2b3a844660ba42605f
SHA512 1e887663296a9678854082a835056942287c884a8dcd49b850bf6e0b76f274294eb57968c1fcee03629ad1c630492ea6027e05a534cb99b00ecbbcc2306bd6af

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe

MD5 4c003fd225d71c71501755d105329b5a
SHA1 98075e26d7a87dbd07e92f490c898a247ed1f3dd
SHA256 0319040d45b1efce7c78cf0d2e05553bd59976066a727d21679aeafde88df363
SHA512 6fa6ffba059562ab11a0bba9c8a20b60345b7bc4183e2e40ed0055df6b9d48ff7b374dab0897fa212801aeca5fd786afe893569bd33a982dce98ffa98460bade

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll

MD5 4e4598e20db6cbcdeba8e1059295c259
SHA1 37327ca49d2458cc7a92118663632da096c8a27f
SHA256 f3f25d2b0369edec4ad2f3b680c13ebeba00b4d63c7ea4a59bea5cef9aeb1ce5
SHA512 d7b0918acaf38331da5bd11befac86c030efa8258e91246e4f4bcf44aedaec95e261b16d343564ec8613a6975e02b641d4b52fbeac3cc27b43bd500bb03778a7

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\crashrpt_lang.ini

MD5 fcf61aed8f093bfcf571cdd8f8162a05
SHA1 8de8177798aae82d5bcc0870c1ca5365f5d9966d
SHA256 1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb
SHA512 8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcrypto-3-zm.dll

MD5 d0a6e5d9e91cb39e54511a023c2a8b80
SHA1 5e98ca30155c0c396ba81511e084ab2e74f919b6
SHA256 d5fe29a3ff115801d8f16b2828ec9872f16cd939d0d87617e5d932b15440b0a4
SHA512 fc0792e98040b3644f9b402f79ac2f15bccbd4fcd148b1df1defda732a001401da7ba98b0c5d68733a4fdb89887706288e033aefec811bb4cf1be50651430fac

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mcm.dll

MD5 a6af6b1a03db32806d29df30bd261637
SHA1 08ad79792bf8fbbd6d2a89c6a27e58fd055ad810
SHA256 6a09a04fbc4f152bd364d4358dd09a5dcbfc5985381217c88032928d79366543
SHA512 a09580c7fdeee83921496561d295a908d27f833b445c800b0bf25f3d29a8a07e73f6d9eb7d07f40b43273f58c0b4fd42840a4e0645f7c1dc8f000b1d9e115226

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\nydus.dll

MD5 2cf1bac4a47c4c044817c76b49357041
SHA1 59cd5827757dfebf5c135e2afc99827821fb8e31
SHA256 d9b6745b4b7bb207c71af66a289d767e72527dfea85a86cb26f400421073bf73
SHA512 3d54c363057dca2e4f56dd3c7e3c3a9bd6e03787f31ab085f09b16265e3c81d3f9154a17090f584966413e600db59ba72d01a631533eae65bbfad4cb0b2e492e

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong.pcm

MD5 54511224e61e71d2915ff67e57dcb268
SHA1 ba45f16f12d2e29480952367c0c6bd34fcd16827
SHA256 7aadf0e317831d287b51e41992b43f0f381ae48a312cb77a426eeb3b6129d6d7
SHA512 46b4ea771328a25c6384d5cdff7643ced94dd446830b165f80fb69df2dd2754062dca0636604602a7ebad4ce29b3f8ef62a81f59cf5502bfc78468c8c67a41ff

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_start.pcm

MD5 ab8a5f2981e225d3edaacb520083835a
SHA1 c60c383fdb6850cb5013065576de87610270fba7
SHA256 193c4ffea3de04802e97e9e62fcd8533d8ca53e7306ba113a2234959b5262eb4
SHA512 4381f709c5e9d0172027fd2fe65ce37b0444087d3e9d7864cd54651cdae6e8429653c02ebb7a55a5de194ccf0d674f376961b012b088e131a11b7352f1ba69dd

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong1.pcm

MD5 8fe86d9e8aa5c709bb0563243172e580
SHA1 c22bb02d82516a66f8473dbb4209bf22bb60fa14
SHA256 2fbbb9ae6a463b360e1459bee558dafa8d864db2423f0fe4d2c56d22c3f3a5a2
SHA512 6c47e964421ebab2c0c6199b97fb9c61b0a228fc654abf2e4d2bbaeec9640be2a5acca92474dfdd0b43facc71c60a9c9ba727d300cadb6128ef1f3dcd9a6c10f

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring_spatial.pcm

MD5 d60d149441ac263dcb477cc17f29cf35
SHA1 a5f8bb83e31164070b9b904a1af694f87be96a33
SHA256 5358f9d08ca9c8f97c66109cc804d90d2d61c3d18a7c0da230299cbaab239b17
SHA512 af3ccdf19b7088e491ad98f0e23e448253c87fecaac9f9434fc49ff201750dfa22e1941a6bafc0faa4930e9bd9e2c3a8db38b4d10edc999b7034fa760e8d3758

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring.pcm

MD5 15f886cbaee088418b6ffcc29115c64d
SHA1 9147beae4e9138ba609f67e75f9cbea7651ca307
SHA256 29792a0893ed2457c3872c4418bdd71f5e6c1b8e5894c2c921f8a8f8d797d4dc
SHA512 e5228897cffb5e05a7a66471c52089ddb682d544ac3b4ac312804883a2d335b60edb6236286dbfb6934ed12715709f8ffa09dc7014844acb89bb1b0e205a2daa

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\wr_ding.pcm

MD5 c9318cc2306bf6b1ee74a5987a8d371a
SHA1 f482d3de9e8dd7c04344fab37d067a08233b64dd
SHA256 58cbaef9b7177a4e4427ceb303b852463964a5ac4e979055021eed1901ff164c
SHA512 04ccca6ed6c13872e8d967a9eceb7b485c5f0f7442259395773a1ef168fcf317e60e22ad2840579e4d8b849d1606190cf5dca0e00c2f88cd1891b8206e9a5ec6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_stop.pcm

MD5 0001fecb6b6e044d221fbc6a7e22e313
SHA1 c73a6506c92d9a1188aaa793afbfc1951cd5340a
SHA256 8cd8b4d3e8447d82dd045c7a3a8f175b97376c3db5895506cab0af6a0075226f
SHA512 1588169348727306e9c4ab444a7857924bcb88e4dca2be8e3526a2227cf117702c47431325df1c83f71da34bb35c28d1589eb3f59cffddbb3dbbe1d00d8d76de

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll

MD5 954ec9803f5523d5722fa0a14e9e0fac
SHA1 8dce414183e5c580528e2807fda9145e24a8009a
SHA256 bab121bc7d073c82082fea1eced7b2ebc8875993fafd8f8dd69e9bb9d5d867e5
SHA512 62c58be4140d6b2d58fecb814e718997dc34072eea991a6085b1d6112e172557d82ecd9b558462592a6d9a875689b1674af624c2bcec6a7a3a6e13328286964d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll

MD5 1624e5bc920b70cb1c3c23c84cc0e50b
SHA1 785c601e182808a982bcc1975f7b698ffe861ea0
SHA256 1ab188d361d3e88815fdcf0250dccdecffbf723fe62e280c8fd54c78bbbffa91
SHA512 7e7a3a34b89ac85b42fcff7a9892d18f6a175c18e8631f312272a93b508272c3c74e6e8ca6f026d9f85a226497d9cc9da653edbf5c68aebd377729f604c0aa5a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tp.dll

MD5 5cfc2e1950deac36c18450389c6321f0
SHA1 46d1c7767b4b60b75c975a06dc1fe96fcc242fc7
SHA256 842b0105160b58e7f75ff16823fb25f994ec19a8d27700887132fbc227d394b3
SHA512 f38912cedbe7e67e7731d5d923842507fb9b318624666e6a03c2e6038d04335714b58a5ca71dfcb358f920f315b54bad71356f38ea3f6b7d597ab5e6a9c7ad00

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll

MD5 8aff895dd10ddeae4cfc104c99433fd9
SHA1 b2d42d6b74d3d08901a49c666ed6c56468e4e871
SHA256 5df8560dae671f9c597e90bda6078871410db21d4f658e13a94184a087feb07c
SHA512 a52df1e69b6187af95a753a99ac2211b93e96c40d5c70dafc77936f7cdc3344c8edf9fea3843a019b897d8c687e1b3ef46d8b6d45f9c06ba53c7327f19515d69

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\util.dll

MD5 8dd382593a8db7d22cc713b36c07016e
SHA1 23ada2e69833360b59ec3b4ab4b52cd576a03050
SHA256 33a366ec47e66b66b5e43d5410bb2182417a6ff027f9c3275908bb4a19a0a41f
SHA512 c2e8b298692682811e30f6c476714f95620f87bf71e539f5e4c125d2cb752b040be7827489d7d9371646a70d3d45bb7b27e97003233b501adc2276d5079fab5c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper.dll

MD5 2a3149285f5f29c0c083d9e0d53892fa
SHA1 154a19c7f0ad7526959b0a71900341e1aeae771d
SHA256 d89799eb62e05cd07b85956ad283506133347c6660a0dc608a804dc55fc12706
SHA512 0bf35e6d4c33522a71689c3f193081b62d33d21acb5430538e9e75092b94ed33ed72a83dcb5c9b87320b3f131ee5b66fe6ddaebc806d2643303727b549e95675

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll

MD5 eeda7199fe1eebd78cbe40616c443a4b
SHA1 2386507a0cd3b4fe682eb18e87567d0e701b51cb
SHA256 b4cbc00b7e4d92016c1c6dbeacabe8866c8a8673b30f549d3fbb667bfba984f1
SHA512 10d7cbe69e4011989be05e58cbe286512f2ed15b988507a4ecf21a6735c255670ec6bb145160d7479a2dfdc471b618ec9ef76100684b4a201646f6baab407b6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3dc1ddd1b26a8a231717253f7282fdc9
SHA1 e748306529d2778b78895d2d999c38b85e0cd170
SHA256 054a3a4197210e969bbfb4d295d76f516c040468600d33817726755babc094e5
SHA512 6c76e7b68381a59d1a708c9e66ccb9a557fa3d569564cc1fc02050991aa63a683f64e20e3b4e7880394a22491fd40fa1a67b9eece4618da5ba20e69ae3ce4537

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll

MD5 92b38d253ce71e31e96be4c2ccfd5ff6
SHA1 52fab6e2800101f6bc5b6b2efa1fd34259a43c7c
SHA256 c2acf5b02eb2ed84d3976b884e4857b14acdc9f158eb5035ba81e55f989b2f6d
SHA512 dec5da1d9ebcdc7a603733bf6cfffd63cb3a80c0e9ef58c238b16274092370037ef0d850ae64efd6ea2e050c983707dbc5cebd79e130f79379fb0c094af23ac1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll

MD5 94004264a019d0dc531a4656980708c5
SHA1 edccfac4208a7cf75721c75ae8fe582649db0a48
SHA256 9f512c5ef94bc507fd8c071aef6c40ee9bb79cb468e1b68ac5110bb527042906
SHA512 b5b2f38fe655b92c5454563ae3b2435eae3744f0b7140163a0a07729933c2b65e4835107faa0c0e68c9d1ed4235dc3ea4cb633d82a0c1e51a7ab63fce462e8b1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll

MD5 1b8495497256a1db13d07f69eee132f6
SHA1 57e76e48b8ed651bb1aad223644aa6a5ec6010ae
SHA256 bd9a7c1996926308ff0c9b6fe14950c25dd272ff6b9f18b16e5a125d84fddb8b
SHA512 ca0a3c4d04af075238c455a3dfd0b2fb428e9059f88c5c043efd3260b4418d4f880cc5fa6b7a8689771974666f679d2027968801bf1aeee926d145601cfbc72a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll

MD5 39753993ea74164ac16016831ffda94b
SHA1 57aa26245096455dda4dd271c28b43b15582df4c
SHA256 72f3d7e5c1387015de911dd8b6edc6fa9ff0b3f665756a2e4c014c529deabf04
SHA512 573989dd4b14c317bd47cf2a50f66f1d95cea3e2cf156e0cc089bb523f817596fd48e93afaf46fdae91ad9c7aa9eaa972b45fcb02c3266d77b06305c9902a5a8

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll

MD5 0ddb76d1585a75f189619b1e6ddd2b4f
SHA1 a7f49905ac3f85daf03fd1d2f6ca0d15971835a9
SHA256 92e8b39e838cfd6b2a7e06e336963999b7d795cd032ad9025ff0bf0ff2beea9c
SHA512 0290420cb4d78447f33db17f6acab6cee492a3067f7fcedd8979adcafdf357e9cb554246eaee0fae4f5d893db25759ef3605f84207b0be671603634e22d3ca36

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dll

MD5 8b1eb8457aab5e7a681a414ac44df62a
SHA1 7ecaa249610a63ca80bc3aa563a943a29deb941c
SHA256 73ade41dd85560e7bc253029f40203ecd001b891d3a3bd1447ab6a51ededa6e8
SHA512 67a43425a15f576aff949a9e81307699e68aa200c94b70784dab83b4858e519648db7af1d01b053da653d3f8443cd6114bc746d8bdffa7140aea6a0d2644b3b6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll

MD5 aa152810256918ae20b91f4818f5fd52
SHA1 e2f6ec306ba53c4348be51f072f85967e48a981d
SHA256 fbe0c23997854adea9add62e7429b2068e02d63bdb3ac984a9e32a40cbbfd597
SHA512 bd49e670de581950bd80f07490fc36c158291bf9e3136ef3629b84a41c26b146b5de05cdac73cdfcdeac96956432cb276e1956cc9e7d3a5e01e381ee0138ef25

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exe

MD5 c108595bb729b24ea3d0e64d8ba3ebdf
SHA1 84f34ce46892b97c7d3b9c0c0f58f45ee4b38dd1
SHA256 12864fe644042c955211749dee7babf02e9fe3b7678f9ea0432e30acf15577c5
SHA512 594979ab78cf984f4b105138953cfd7a61c6590e89cbb0339ceceb9549b3a93ba23943e421ffb45e4dd0e91adeee6fb245b8e39f2368192b2809e4bc836f53be

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zData.dll

MD5 083a9540a3723b525f6083dc2b6bf53c
SHA1 1f2979c1d08a1696d243a9d67e36b8957329ebb9
SHA256 e0848ff329b8cf96974757efff521caf9137c277db57f8ef0f4eb33e264523d2
SHA512 fe655b118fe69d939475adc84edf2a069b1e99457ca4c29c5966dc7edad6f4a4b2cf155eaed45bde5b65485bf376847ee46729bedf557af2d2addf53ece90db6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll

MD5 99aef8566a0772db06a21620e75844c1
SHA1 0efcb3933a0746f358d25599bc95aad456302311
SHA256 459227ec4a6c27f2e0b6e1bdce4e60bcc118d47c96a12ea31c371cb19486befe
SHA512 2384711166e0abb010574a688208f2ac2cae4e6300cfa42d508a6ac329bf6fa7e566b1e94d40345336b54a7d9cc2084fb0c5c01e3995dfbe780270f38f33afb3

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zm6Res.dll

MD5 e7d40820a6ab5c884f1e4ef7ae0f3979
SHA1 2cfae89e0674476671bd504d62aabb380027c137
SHA256 d30fa496e08744d1062d1bb6e2ee8e4a7399ba13df8c339ea4670a64cadbedd1
SHA512 0486b6c1329b12011eff9b6778706e7e67fbe050e98c2f9a8066e52d17b5f662765894b58d68e2b1827cb754035cc0ef2d39abc910e994d0cfd562d4840c7a03

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zlt.dll

MD5 56903bd9c42f4cfde6eac246aa990a2d
SHA1 eaeb61cd90d76c88dbdb87d34033585ee5da7ede
SHA256 eaea57707e0537a41be037404a7a876392b8415b4e6610166979b27fbef5b611
SHA512 1cecbc3fb9b62bad3be6dd01a8304ae6396a487ea902882efbe66004a7f2325c1ae1bb28eee111fa92d003081b93dedaa77426806f647f4466fda29e8133532f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmb.dll

MD5 45f39254855809a11c87883fff2d003f
SHA1 e08ff7f5e941616d81abe76a4f86d8ab954896ed
SHA256 b5a312408348fc3e9d7e177962df1da41b77df5c7ca07ec66b62f66734c099c4
SHA512 818e55aeb3a4978ca21c689326e634c4ae2ad6ecbe88dac1d604e5c80b6cec8c88333be2283e3161870087f4df0d5f794f70335dae2a8a67669d396b92365f63

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe

MD5 10a8fe6cfff35e4670044c6da1369ccc
SHA1 eb376050c38602b0c8e364ba6efd9e328e693f3a
SHA256 12ec46e719c0f8b1ecfe65a258ca81fd385a43015ad27d3ecda2e22be1983d0d
SHA512 b9e35971f61a3232714b16e1bb855779a32cf58c47b5aa8bf9996ad5f6e0d84c0bc8cced8ae69a91d31175d14dffcc5b78dad8bbab0e01415665520df6744d86

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe

MD5 d49d05618708222fd0cba5d7818b0acf
SHA1 123bebb2814c9520840d002bcad343ebf4246c85
SHA256 f9a2ff41762a377af2dddc89442551b2bf7fb3f98139d6b2729d96227401b0ab
SHA512 e3e5a9f7f9127205425ce607b62155b22532cd15658700fb37d99d1a9ef8add764d3bd774dc9f1e4959da1a3e04b1ffb695892cdc623ad6bed198af4f0ca78a3

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml

MD5 2a9ee458d5ba0cef7b4c21d6122c31a2
SHA1 d3a776bfd8460bee340535f9b25a22dcb56f7b64
SHA256 58d1c7ed93588e1238c1f0b82e91898c0499049b5539825a9be623f5a2feccff
SHA512 d6e47a80fc9115d9ec40d619b9ca2ef070d77d3bed7b1c2693969eb47f017e4bbc5d4f0f299a50a0e8ff79740fc57e9ed5e2c49811386cf05608406355e8b64e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe

MD5 8b8231fd20e0c1585a59066be4fcdabd
SHA1 29a4ac863d5b1d82de62a5fb796b896602fb8d29
SHA256 9846e8d6551488bd47557b962b79f44fd1bfe0337113654cf9cbba87415de20d
SHA512 9dc0ff8d635c78c780c919eef72c6ef9d5285b6b31e49fc03a2aefe43155921ffcbfc1ef4535a44ad8656021e31828b228c0136685ae975e672ce2d1566331c7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll

MD5 92cfa7c81a7786426f158c3afcf699b2
SHA1 fbc26261e8d5a679374cf0dc91406a0bd3c600b3
SHA256 2dc84b7d330d4682f8ad459df1ae7acba2a51544a7be007b484c5e012c71b269
SHA512 ac58c27c9b8e1227036047590ce38fa6b74566518956449944f4a22531f3aab042cad2dab60206147f1d039cb986e2149e907730976af321415be758974c4659

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll

MD5 5dc00ab6367f3c41da4f993b28d5db47
SHA1 3e07fce6736c49fd362065f091d8757b944b3edf
SHA256 1d84de4c04a14d67f847192c5bb2f40b5361d904663b9152fc929404cc77ab5b
SHA512 58533d24bb31d46b8ac59aa6e0be7d0ab2a4ca816721e092883b53d9ae440ce06bac35e4ad0a2271dea75dd1c3f97c2d937fabf05ed2785ea27c151557f0203c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll

MD5 bf95ba6b1bf27610217b4358b50bc74b
SHA1 3e9dba333b381851a5d6631287da7eaf84bfa7dc
SHA256 28a655c476d492d2d353126855c4f111fd5fc63e080e7229c6677487d2dfd09f
SHA512 3a80dbefe3dce42981c8420634f7a83371d1c7eb09fc6e7155ecf605bde38a8eb85c564c4335b571f1973b7e43e4ee48c30400532295dd7ca813086685e824b0

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll

MD5 feb1ea7367104c10d0fbd992cf72c496
SHA1 2d82ecfaad4ceb0077b1db28097a6fb7c0e1b435
SHA256 0dc821d183d305f1d311baf95f4d7e8859e519cad9996274c2cdb4e5e64da7c9
SHA512 ff54e3226b2c951f0349bb19dc296d51021a930b5433db6f58ca7c8eb826107ea65a7d116650b02965c84f4ce378a7199b23cd2448fdf4acbb84f136c88cab0d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cares.dll

MD5 a101d1d777b7a849c5537070671b34ad
SHA1 a773ea0e9ad133bcfe2e4ab74db45a2a30d0c134
SHA256 9e63f64611beab637ff0e95923584fe01f67ddee50b3390a7178b73f903ad791
SHA512 e274294fb572178f625260a04c56d78ea6ecd1436fb229cc25d346e976114887d2781eefa4708b6e107d83b13bf66d2d281226fbff9d66680d8943c78c3604d7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZRCSdk.dll

MD5 0632e6ca8715c502d652ea2b872ba41a
SHA1 7c4c3771df7f71a192fbf767a2c922e652df3de7
SHA256 f1ffe6d0532b99ad4c70be70e83d5eb45e98874e961b32908f06fe5b14163b11
SHA512 3a5fdbad2df4d6b2a4ec773b6ec11000ecfb5ba6d0f34056b2c5ed0fde5b0fe9d7fd7305221918bff8a28441ae5a9630f780ab380cd3b363130ba608708becec

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll

MD5 675c8608f8d1683ece65b1301971ca5d
SHA1 f40788fb40bd68cbf94b0e684b58fd1cc8a5849a
SHA256 c85976cb99e242ea64c2ade157d69a70fab55835960aeb099f655553d6885411
SHA512 486eef69b87a8f9a9d85cbb79c15e70ab2d8d7626a9788fcf5ca848606ba75d783e8d3990c23efe8ca4490cccecde9aab3eb81c0c18af0bcf2ca78a3b8e6cd04

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll

MD5 7adfc36886bb122c9f7315af711069ff
SHA1 8c639a09d3f0ec0afd3947fb85264e0b415ffdbb
SHA256 c0e783d4c341072349211732cb661106d9724554520198e03c7ebb5b43da9563
SHA512 31f629297d689d760d10f9e9add00cd16530da1ffa22ab72e5942fc14f37078aeccacbb93a02c0ae32b25b26b87349a4c99617cc7f28590cd4d3fc46c5b261f9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\annoter.dll

MD5 691a4c5f66b415d71a1a246dbcc441dc
SHA1 d8785abc8ad0ca6fdbe1e5809bbcc04fe1adb81a
SHA256 27c22c80e6f355e560356bf492980aff7fd86af291617f411e5b000d06d37af6
SHA512 362056c7e9f6955177f883b9a8546da3aa412512ec6802aac86fd826644ebe50c90ca2ccc915b6109c3a214331f1783a7fddf45cb9ac285debe9ff8cbb256aa4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\reslib.dll

MD5 b94097027e6f6abc5963cb84c539ead1
SHA1 ea58ea9f042abebcb999304e57626d5d52788e96
SHA256 375e6d60dfe5305c44843e732f148b06f6a584d98a141d7dede5916e091b0c03
SHA512 790acd083c5fde12f08477f3280f8fa990460d79d651f5908837312196d0d7f0fd6f6debbee65d8c92c7320b34afcdaa6513ed70609344a6443345326bf990d1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll

MD5 9ce7debb8282dc7f7ffd8097813ca64c
SHA1 78d7de2574195ea3a721b0db369abde8818bbd41
SHA256 1209517f755d5aeb411b0db87af29a0e56107fb0a1c11a803957800401e43145
SHA512 5ee68e3d3fae5bf92b7edd4f22985b0647a55434cd504077a83b644fb5262b492834b5dec85404861b7d87da1b89123209d9e4d7b8fdfb95d379c8c312063487

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-medium.pcm

MD5 aa93ab138ec89cf7cfb8b4b0ea8990a6
SHA1 d13b139d666c76cb12e1c0280c1343770adc8aac
SHA256 d754fc9d9378772b7a17a53e6598c9cfe4a0f3ec492f0ed30241020562f58509
SHA512 f91c59cf1b1645b24997a1201bddb52953c0904f855b78add275d71401e4f9e6bcef59fe1d7205e222470689dacf2d55ae752cc2be66bbee5258db284b42e6c6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-high.pcm

MD5 c32f95839557340b4b4197a68847ca1d
SHA1 0feed637c4766b9b30ab6732259670f8c12c5538
SHA256 0a16435cb3f7b8b1787476575ad646361e6fb4c07587df874940413de004dd08
SHA512 f5f0dd4a313ff6686bed5090aaa64885d319b8fba51fb2722b764668b26f06ce95164444652661b027e35f3c6928d3919422e4816bbb81bbd0f7914869004700

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll

MD5 992e29e7fb5ae072d8b9b53813f33cd9
SHA1 ed75ad514860b197bf6fb30a669b55174bbd1797
SHA256 7518d9c70a6480de402c45c018819f1903866b4edef203c59e02ec204f56103e
SHA512 e169686b2f46bfdf3cd1d5230454709ac9183266e570e9104f90db8bec314a3a33e3afff92f7c5bf94c80b527d7e4442f4a9754f85c287b42efe40eb07df406d

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt

MD5 7faec2006bb231d14b794a9f31769448
SHA1 c2b5a34fe521502f6fca3031201b47074f30f258
SHA256 7ed2acca31a243ba107d8c12fddecd52462fd326d3d2c73b04d4cf10c76765ff
SHA512 777e0ec5d6b599fb0eabb8180fb6f302012ff12245e3de6a3dc568798cb057858eff18b08dacd28a72250236c4767abc2583670d92a946f684b45cb5144bd7e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\leave.pcm

MD5 3fcc19f6a199e97646a0ab32423c9332
SHA1 05613b14d6c7336b24e9779963d245098e73b40c
SHA256 efbd514b0ea241a560f1333cdbb90a9885d5c70c01ed032d11b8a672b1096a04
SHA512 b370ad863badd0d86d982eada1fd98306b686ef1cca4cc522558cbde40257effa96afd7327141beb08d9927a6b190e0047ad7978e87a41bf299f030c1cee121c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll

MD5 f74d9543e908069caca39eaa8831dfd8
SHA1 d04be65c26048b473f6329cb90a86e2c51d8338e
SHA256 18b0a59015b1cfb69d224f87694c90ac5e7a5a9c178fd200a412fa4302e9291b
SHA512 c9e4ea36cea52ca746bd1abc5df614262330a47d229fb8c42bdd7834916259975671edd7867bb91541bbc0975302e1cc6f6effbc98c1005e1aeaf797d9231df4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll

MD5 f0c8c199db433605638fe67feb1cb772
SHA1 ad64d44caa3c485208e0157d20054432afb143f4
SHA256 f7e5d278e67b5db5679ce5880293e789442b91c1064c398a10fd03efd363c64a
SHA512 2d70ead0c9ed07b545ea78f273dc0ab503f5aa8a4cee53b8867476fee0aeba3ed25801ede818f697a00d661cd58b7213ed1f848b897760d58ba81af3441b96ad

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\directui_license.txt

MD5 ab54b14548a4cc76dd7c27414d971111
SHA1 68a3888b33ee1c5d5efb913846867c9a8788cadb
SHA256 6033476be3d1d41166b65984e2be94c87ac98dce55bfec887e932b696e859295
SHA512 cc8c4d90efedf4aeb3ba3b64ebd0e938576867618a334bccf3cb6790338c6a1da239393a618f6e6a1186cb363cb514ac9528ada51f0090fe2fc709e5c666d971

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe

MD5 c391f6e8987c3578a0f6ffb365b94908
SHA1 4da74521c69aa080f9cd2f4d9f91f1f9731d89f3
SHA256 4c590085ff034db3cd52a330aaacbc2d53bd9326c6dcbe5438786e85c746a95e
SHA512 62b1093b55beb4b4c08736be4e212b4c8672cd5c9bda8fa36c6a6e90f30112779617c9aad42ccd2b97a9c8876715ca22108eb169585415c663e43258fcdb3a44

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptService.exe

MD5 0860eeb4990a646101ed1574bb53e409
SHA1 d92ac7bed9506310f725aaad9c34821c780e115c
SHA256 dd7037c67400ab8e13cd8bf4f38162711bcb9d4d59fc9a197d3e534e3519bb93
SHA512 5290117f6999123da426c601fa0a11eb6dc0db8d6c65a01b18431337a5d39830935877dcc5d4e2b275adf13a7d70071ddbc69f6a6bf683be3a967417ed5866e9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe

MD5 eed50062e2d1173e2a9adbb93e0b49a4
SHA1 a68affd7ecadaf9819cf5e03caac00ca297013bc
SHA256 2f26df1bc645cba8b40d462ea825ddd9e4609354f57eaf7770d18e96a61f28b4
SHA512 4440a4e6eed99c4f3928052e7f0ff569bf804d0f1e51854bc1fd1b9ab6df2aecc4337d2642422a9b42fb1faa8865fbc642c5152e51dbdfd3f349d0e91789b7a4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll

MD5 8cd20ccffd6af16e717b96395c8b35c7
SHA1 4b78162818e6d8da32fb3f5c12837f9464618c23
SHA256 5664e83c28d9bf969f95cd15616a1b2e5b75bbbf442af86150dcf2ffd644f0f2
SHA512 2efc26f771938dd148542d20ac5a3b054c0bd3a5132face1c77bc5d2fd3fb706bfd0849912354ad7636a35b18bf909ab20d83984db6155a6c914c2b83d145b95

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll

MD5 34ef5c5161e954d940e30711717ba406
SHA1 d75e72ac61ea0ad6aed5662dcde19c570726e971
SHA256 ed6c499354a9a3752102f1dc62f00b86d36f8cc1cada47aab4ca959ab696e379
SHA512 edab0cc5bc0cea308ced0ac446bf7518cd88092fa7646281c0225bb34fcc127e8369febf07be038d0cd4451f872657c1a83486a5738fb41c6c547cd15db83b58

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt

MD5 078690812af4ba8567fcc2af2ca1d307
SHA1 f4f94babc436555d2f5992e29aacc47433fbadb4
SHA256 e82bc3dd03400aecabe12201219ba14750dbc4b36faab58663a7a6068548d372
SHA512 f4e1f1092ab90f380a63ed1954023722d265e32f7f3d9b86100fbfa7d6ecd8c584a7dc22b4e3cc4182957136e2d765d0d6a293694b739377c09b076e5fe448fb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe

MD5 f59e8483dd7943fd3082198cdf5fbc33
SHA1 fb63e7de30907a20120148dbc7e50386de59e081
SHA256 c39a1b4ea05ad2cb3d8287760f8f5858b8fa00b83a344a68c003fe03b79a75ed
SHA512 2fc24cdfd9c06f7e974e32f19b28f6badd3ff067d74916f09bc3faa8b812d0e1643c62387e8558366bffdbae5454c9807f5ed470ce80dc21c1ecb37377f05603

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_chat_chime.pcm

MD5 b30a997b4a9df68d8796eef6f457f4aa
SHA1 23890fbc1f66c1061c60b8287659566c69b297d1
SHA256 f2ff5d73ee2a89135094ecb5165b30e351bb24ee4eeee95508f311eecdc9811f
SHA512 8cfc3b13d7c2ffa0438ab12669aef756bac76063cbf317e449e5ba4127c0604bab6fba793866857f4a68806e9ed779c0c521fc46c5ae3aab42de7c72d98613f4

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_raisehand_chime.pcm

MD5 cd7d41d5204013ce176c99c225016d6d
SHA1 996ea48981e81ecb107cd77fd0d6e35edc4d4214
SHA256 cd9b81d47633fe9aa3f1020d895161de8c31797b365f93dfb22a60d920cc2eb3
SHA512 44afe616a2596abc76cf9f862837b26c00e6214a08b61c6569e7ee07ab4331f4968d718889863cffc74ceed55ff377932432c7191dba4efdb638ea3b96badebc

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll

MD5 f9bec5ad997857bebe94435b6f991793
SHA1 9f5b49c17cc80b66056f9921343a42862e2f6c95
SHA256 8ee52d4bdab795b647fc74080be2f43f3ed0b4111a083d960615ff019aa7b3d0
SHA512 8691c426549fbbf84b39744ad64d636a7729cdef11916fcd59d0e05c6869a65b8d850d4780929b3f8269b575a9dd2d2973ea0f206b0de94c04d5c1f54c4f673f

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Droplet.pcm

MD5 923d4747324854f50ecf69324741c8ca
SHA1 4c19f847fa8fdf55e27b2847bfe09789adfb9e59
SHA256 3568dba00a55d25b736737a48163c13c1348afc5d4022a29ca0d3724d29ffe9f
SHA512 4ae265a89f693304fbeeb661d46d0cd96304083af75b5c245db63a632f40e08ca280a68f20115c6c38f5202801b29084633ffed4da16304689c4379f77693a0d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe

MD5 394160c1fce41c7413cd27461dc84dfa
SHA1 1c16dd60c02ce630cad0584f3510988dd7a56262
SHA256 1f71004acc6b52f1b0925b8a6642c994614f9ea4cd46c4d9d2fbc70f39dfbd5b
SHA512 f49103671af8aff2e0efdb6b44ec840b2568dab04e5878548151b11ca4eafad1fc3bf3fd4376d97d1ae7109c2e55adcb279426f541a61c543053b498c43fcffd

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe

MD5 3c1e08a75e7e68e1123bbd362d756742
SHA1 1585df5b0eb1f5d2a400a1adec620a79046d221c
SHA256 8e6ab85cfba3df14c716f719a2dc74781e5271af6482b8757447b46230188d67
SHA512 f373eee04a84cb74961040269ebf6f804dee59604fe5b35a7c5e8a09171632c545803b5b3cb14b34633853e6ae2e83ff5f0185668e1a8ac44cd8f2e52c783cc2

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll

MD5 96048dd4225b2a18e0cead8f8a03c506
SHA1 69ff0ecafffb223147f8bd12de35b4586333d8e4
SHA256 237550ed2c2ed81eb6cb51849eb3ca52ef739ba634cbb07dbf869461352c6fb1
SHA512 a2c543afba66e451d9a97912acf41b38c6601fe9373f732d4404a2c7dd4786177b6f2067f2b06c0a91ea0726998c730b011d56c08a2f936cc44336dd6862ce52

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll

MD5 d9460cd787d789bf0125439a7eb114b9
SHA1 8a32683008391db05194163982f85493c93d6c70
SHA256 36bb0f51b87fc2617781450bb544adc7de6ddb976c2b7f780e152505def8ef05
SHA512 c75800c37bb70f3958032af9eb3ee4d1c52c68d002fc2015c456897195b44a2b8ba5e06e94c1fd9b73b9949d3f3bb81fcdedf34391281d77f5896df37f6e0fee

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll

MD5 75e40af043433f2841ea54b62f0dc04d
SHA1 b655e846b5111fa9d1974bcde9b21f84e81c5618
SHA256 070826e3cd68daf1f4d2b460b6fb0ef2358ed885114d0abd0ee7354e9e01d47f
SHA512 ee3986616389a791e518ee33cd4a0c26f24dd18b286734914d4f109ff401907a6626416311da791bf63b098583e9da82ab83c39f3bb194c5d4582f6209c7f01d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll

MD5 0414c84299058c19deaf980fe74dbea0
SHA1 ab034e5d73d9133e5c190b86b4f5e5a6503704ff
SHA256 f2abeabe8dff500231b441879db980582d43113cca0272c15bad02567ccb4bf4
SHA512 4feaffe49f0d0999f9ec4b996b0e098e3325b75346ecb4b88a60dbba935a21b9058f98a7c596aba2e2bebb9604ac8e3069c1d4adec2fd38558a5234f6cbed207

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll

MD5 4eb692a84c4aa4c53dc378f11ed3f7fa
SHA1 3a831f1a2797be6e707c8d75a3a1b201f9c35080
SHA256 7e8848b8e35253e5ff025a4a3b7d199c9c9329a821a66637a7c56fada493f886
SHA512 ebe307b26f943a3f04a0fbab5fc87b8b3d30a34391ab1dbe35ba525ad138a7ed2df4979856e35862720cd2e538738632339242b9e6d542b71f0ef5e9733c897e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll

MD5 7b1a0b4f2e67251780aaec02d9757fc6
SHA1 4e8bda67d2dce37ff8a1087d0fd449df67cfc27d
SHA256 1d4b0b23ecd785ec0fd305cd3a91297eedd3f6c475087b630cdc2bb819e1db1e
SHA512 a8aef50ff6b33adf5592e29f903d4716997939e59a1abb0ec568110e5acbae13cc37aebe02a241c0cd5d6259ffecd0083d327f8d37b750510a9bca5ee9bfa0c7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll

MD5 3d102ac884c3a6b22259ccd8d6bef4ea
SHA1 6bd79fa2b3fb151a7ad335c5e3ebe3d7fbd6f2cb
SHA256 3316b1564609268b6ece755fb561959497c4e71525893fe576068702d0bb5725
SHA512 b7ef8a793e97faee23352278d494a54e709fcf9bbe01e0478b097af48dcaad3eb9e048b9afdb90d7c7f4ade7ce7fe23c32139fd28796f33050df0228d119dbc5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll

MD5 aee20ef43cf692c9080c5973b1b79855
SHA1 b3885791b0e122f8360d6fb7c0e0ac7fe4fa14fb
SHA256 31423e905e29c8a40a483e81dae1491990805fa066634d218b35bb96692bef0d
SHA512 eab6684095c0a7555d921fb1a2e136fa1d761c5766c48571000a97403e6d437a3a4833c571f86c039aa8307fb2fc3fae1acffd63085ae9d2ea0d9e7f9ec1ace6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe

MD5 9728e2fd7f2a8beba97f366f16b31425
SHA1 1bc54c1aa4a2ac2ce6b73c26b59df29ec7dbf009
SHA256 3a2dfa05ef4d7e5fe6584b26cfc7e1ca5b6d1493b0bbe93963f0977cc3c0e3f3
SHA512 f294bd325c78b4893fe544b3480572ab37a635aa0ad486167cf71fbfeb3cd6f3947f8047a9009bb483e7de6824bfc1008ddded6b0c6e9594237155d29addf0dd

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\archival.pcm

MD5 2da32e501e9720b40d438ff7352a5573
SHA1 e59fdecd75b2c8cb4b26bb4a2b3c622dca8a2e3b
SHA256 5e7d1491e7d6969eb67646f87ab2dbf0ff1d1cb4f5cf631128a305e2b67d4a1b
SHA512 5da2c201bfd01fc1ef1724acb0f6fddd7be39f83b6fff5c80aef71c96f14d30c694da82b1c41183b2b9ab9ef99d45faa657c4f6a984f87a97aef08d9e824ccee

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion.pcm

MD5 388728657dd2d77d2257a90b9c935650
SHA1 17c15f9be8b263c52dc165b3395d8d92e72ec313
SHA256 dafa23315ef2893d200a88b65b8f455e788acd616d0634c35385d460f07c6a61
SHA512 5b4b298df61c4bafa4f2b4ffe2193ed331460ed922a17f2abedcd20f6f1b1af8719694299e367af0ba757ec3496d99fc67ff1963e27195ed30a95e5dbe97a2b5

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion_pause.pcm

MD5 fddc411010d812fb444d70781e253ed7
SHA1 70f75fbb27a50f80e78c1c08485928ed0f05b3d9
SHA256 e8c8ae4267e1a14352d631418b4fb16d767e3d42aa9528adb5cf378a219b96f1
SHA512 155176a313b5534963f1166139403301cdebc5ffc082d48058975da4f60e083ef25e21dc262e20f0414aed049b746d630bf668961ca486200c327ebc554c6488

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll

MD5 7da94c1dd9c9e13ee61fd718b5030c84
SHA1 25aff22a2b62db5f0b819de7109501153f0ef729
SHA256 8836267f13241c42b970b7dd32cd5de029293d234a11844dac7a8ed209a63f98
SHA512 0d0814e4fd34f2f0a080ae24b8e92fefdbaeebea905aa38a58ae77118ff14b9c2a7535001e6164bbe5f41259d9b83e8b5a13e4980a5db594ef973f1dc62059c3

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_6.pcm

MD5 a8e1e6ab27026fcc27307250e40dc64a
SHA1 a3d1bcd57edd4aa3f52c259a5b72c120f040d583
SHA256 ffc6da3e558a9b25cc03249f675aff3bd3ac21d54435fa8b23f37cbaf54dded8
SHA512 c82fb729e9aa1fb56efae9b76f42567b871b2626c29945d0e6b51e4f876f43b97b8bc5f0bbaefa56cd8b881def405c6b8a44f331500f169de80aba120c98f766

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_5.pcm

MD5 532231d1e36ea53a168830033cc0aec5
SHA1 4407c14ffe5b12b7100db43fb011564269f702a0
SHA256 83ef758561576bbaa981e976510b74eeeacc181834064ba7412eaf876cc25290
SHA512 05bb2d8ae7cf3ead9dfbf05fef4983ebfd4f5a8991ba43a92191a1a97b485dcf17e315b9a8d39300c71be7114f15f0113a75c6648fcdfc46b46e6cfd2b3ca0fe

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_4.pcm

MD5 065ce5dc0d49c48589a3eb19603510fc
SHA1 d0852569e60486c2d9206c35be826ac4d23f79be
SHA256 c50e689f830fea83f82c6cb2e5472b3827c5635490f0d2b0e56c346bad616a64
SHA512 c4661a30868376a7ed681d4d984efcbb8af4a7449059f31225c63ce1cc88a3b4a7fba3e3047f2b29a0e0e437e8b4832e888f65ef86ea40c2063aa0f736c61307

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_3.pcm

MD5 3913cdfca0b0dfad1c11ab3cdb81dcbb
SHA1 92e17b1f78788d5b98bb539aaed018fd72244411
SHA256 f8902a24f7dd5f4355e684ac1cb0029992581c610ad011ed2c900f8957c104ad
SHA512 43d22a611b65e10b9bb4b8405a993a77618c24d8866032672d43911707ac9f6497826cb6c975ae422c7d61412d6bb2d2df0412fc7fadc0e5e5f84ea09c7475ff

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_2.pcm

MD5 d30328c7ec556e0fc8537d1a2316c418
SHA1 bbd09bfd865686297bc06ff35fbd5f56374e3dc3
SHA256 37db0a7b3ab878fcdc1da65dc21c006daba8791c87ae37d000d516cdea9d4804
SHA512 913c7f778f1a954c43c275e544689a528fc4a59d30f1d315359191de60f9bc9544bd322fc6842b63e8931e8f0ee8579f63a3e810f165d92a2f702ad3d8e5b6e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_1.pcm

MD5 842932d135c62a4866c698cf415a13d1
SHA1 7977e8280576cdfe14449e0522a824342899e21b
SHA256 1a5eb409a8dd747b37e24b3a7a0c3c8aa7c55778a9bf4a71f4bdf3b5ad298c5d
SHA512 a34ae285e13cf25beb93153f1de77c6bb61941fd4d8f91b9689cb84d37204072ed4ddcf17a7f2319393db6383a949d4d0a8722245116f6aee8ef62524a403e29

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_0.pcm

MD5 285974390c5114e6a8e91a2d63266a38
SHA1 f5b5b5ce959380d0358c463e2dcb9cafbe709843
SHA256 394c441e19f6d34b46baeb7820726f279bc71d21e6911070dbb58e67568ecb9c
SHA512 de85e1fc198fa235bc233cfd45747c30a8247af71b83e8ca30800cd754e6c45ae2d9754e4de0d51e3f2aed26ff8cc829d29374960f3b434e48acbbdf530ebe43

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetDiagnostic.dll

MD5 cc2df80b0e5ad9b773a4603d6c133c76
SHA1 510fe68529c7ddc9c2d1bb2cb97ed8146ca683a6
SHA256 80cf12bb73ca045c289eb2ed26e58daf739f05c1ce8f26656cf7fbba143f8902
SHA512 3f52fb559820abe84b5efaa2371d1632ea0700ba7afd5f510cf2ec24cfc33c00f142d73c151f28fc94e14256297a7b4d3c303c4a858ad59435568f083b8575e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_a.pcm

MD5 6a95093e7fe3117bb1e614fa9727bfdf
SHA1 1df81e069ed43aeaedd8dce9d1c8bf56fa6b96a7
SHA256 d705d27155e39da52d84034389fbc3953d98f2e7a6007c44cf0ea1bdda4b3bb5
SHA512 925d6b17cec73d8ea98ddc3b55d17c6e014a5d4504251563c5d5d55a9b7f8caa43dcc6d7989bbce72a62e1708a54ab7b09bdd84f79da9010bfebf6cff7534c99

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_star.pcm

MD5 814b4f610592e7d68725f87b04dd5691
SHA1 9e3f0489d1889b3201753730211fb14ea1fc1e21
SHA256 719f8aa3842eef2b413eb8dff026c2b442acf051af040b295af595ef207dc32c
SHA512 929f10fc51e71759d375d82681f6b9106932b27e0cd39fcd0fbacc2359d1907631a912d34958628c651c37617bd4d5d9db93d321f0592c30d0294428890abbd0

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\double_beep.pcm

MD5 a2243b1ddd8cca6c40030020b57c606e
SHA1 9d0084832970caaf750335d5b27a3104623e2275
SHA256 e00dbb2ed88cd107bf384102e1353bb8d3a777dd9624a680579e4267080888d7
SHA512 04ba003ef55787f3d19006e8a3489b861ab86834acec445ec463172f5530fe72472c0bb39f62ff8d0222f388b63a6b2e28f5919fbbccea416654d7cc13f68b49

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll

MD5 143dfd438438f8db916ac876a801bda6
SHA1 d5acf9def660d841080e26a59cae4755f57d5bd0
SHA256 f4a28f531cfc1184fd812d5a87d53dbf288d5c44152174eb3cb0bdd31a338a93
SHA512 fa63622cdbde6d77b3259a898d37a6be5d971511ec86d8cef853c4c3172004c98d6df2419a19dc1e7111cb14abdeb445f182f75f0e234e0ecdea67e50c32d12a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\beep_intercom.pcm

MD5 618a307ef3efad70399a6107cb1ce9e3
SHA1 8b42e7fc116a27a3fa868db49b3d0204f42cd913
SHA256 32567197286cbb2dffc282f7cae8d46d13af9d5e83bc98773a836904d244326f
SHA512 3181f538cf34e09de3ced6b702eb55654888b3b533a339eaff97f6f6da9014900f076c76ddd407c0c3736156a896fd23a07952c04c06664103cc74f317b8ea74

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\ring_pstn.pcm

MD5 f199df8ed884c5af8fd07aa0e046d19b
SHA1 507ca087de97053c4e65f4576f78157813e6c174
SHA256 0a23d9800db639dd5f40ff0e1ca3df5729df7ab81affd1a02db445b4b0ab235b
SHA512 176a88eb7df30c78442c435f102f865e1f8c8a6d0fa03f1af823cf6b7a3c290e50df229b8775c9234f09a0ab5643410f5e00bb4eae550c13cb59ee3d4147d5f9

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_hash.pcm

MD5 569480b0dfe8b64b44f72e5740a58230
SHA1 6f4ed602780fdb7c3eda983bcb29007bcd8fbf77
SHA256 1a256021a62abb1386eabe58974db5bac91c622f9fecddc9f87216c102c23628
SHA512 89f6452afa3aee5265de3eac9ce0a5830163187abe6c5415141133a0b9c7ea091dfc198cad0b4662588b8f3785c93e310feccca3200b13af0c15caff7ab45d1a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_9.pcm

MD5 cedbfc417b6ea8e076c99471e4d746ad
SHA1 11d95a6490613c3d7f350f5525ae47ddf244a5f0
SHA256 c5e274011991477635400e5a2c81d3b6cc12c50a61267b0ecc70077cb92a9aa7
SHA512 358120f75fb51a89979cbec3c1dd0227e286019025be9308e81f5e2f4c02cd9bb0022bed4db357d42990c5f0503aadb88963d7062382d9cd832440e12a338cd7

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_8.pcm

MD5 a9293ed20c46e09ebb87caf37e92f3be
SHA1 dd6e3ca3ef79d26f71fe432a2d928e9177f13205
SHA256 4c682a59d37c32715d7e82c1592fcfd51ceaaca7fc4464817f74d0c005a02372
SHA512 ae2572da5274f686ab5b2ca05c273e103e037f1b2d21775f86e780a6a4e97f61059387a063e86f276253011bdaf188b2ca20cb29ffca5803fce5cdd9a69f38a6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_7.pcm

MD5 4f9cb5dbacddb4099469ff30fb61490f
SHA1 0a338b3aaa04309584af7ee0f14f1767afbe1da7
SHA256 79f7a132b33c6525ee483231a53b8298620700ab21343cfa70d716e96fd12b8f
SHA512 488fba0f24d2382dddd25c05531a5f61683f774dd86d41b652ce9473224607de9744a5a4463907930eb3b010e6f97f7b7d1ac5a9daba8453525735d338399a5a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dll

MD5 bb879636a5950541c212ec306dd59b0f
SHA1 9171736ad511d94629bb6a5ea9bd051753a47cea
SHA256 7b54bcff6af481d51a6b46a9c97d8513959ab1a0eb685d5cd925d1c6b0b28a10
SHA512 64405744cbbf4bddbf05767751e98df5a21df3ca3b048992e69320d17c9128148d484ca0e4a6265ab0166fe9ca4c2172a034c8c45dcfd1d0274409e9e823ddf9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dll

MD5 d4dd946f5a74360f73d42e452fb1661e
SHA1 8dd85c939c4af3c6f2dd001286a25b4eafd906ff
SHA256 5a3bfa621ca6e30e0c692b4d86b44d6fcba3399f8e26cc7af81d68f9aab16236
SHA512 225fe077eb1e3332859224da102dd61f15fc56ffaad3b3e830b2d50180f4d13fe8f3f91fa408390c728218815205791a258c03645bb2f3f83bc3fef36e00a371

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dll

MD5 25b4db17cb83e33112b1bd67bbe69ed7
SHA1 25cb5e17160f0d3d855076a6c3d661f155e33724
SHA256 48c91863abdf6cf76dbe8bd3fa27f68ad578886df122be7b4eb4d6fe5f7d1292
SHA512 86091dab63ee9fb04b3ea5a61e19456e6f86796d528d6978153ecea21183a957329fee430f49429d6547178f8d75ba86518f3d6ab60e43dc4c2f6755f01efc56

C:\Users\Admin\AppData\Roaming\Zoom\installer.txt

MD5 8ee7b8a940fd43968f385391e90a5b78
SHA1 326fd351b290d88ffd3d0597b73a4f2bc875771a
SHA256 ee90934712846a48a14f24941376d5b26b8bb2faac8d7d155c1390d864139331
SHA512 c6a41f8d18aecfe1f3b2cff6e1ad364e6c720f2467ade7f92ebe5e1e12d3aa77c180b070fa22c2e4b88508d4a2aaa5a6adcfb539930c4f2a03688732347e5d23

C:\Users\Admin\AppData\Roaming\Zoom\bin\ucrtbase.dll

MD5 61eb0ad4c285b60732353a0cb5c9b2ab
SHA1 21a1bea01f6ca7e9828a522c696853706d0a457b
SHA256 10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd
SHA512 44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

C:\Users\Admin\AppData\Roaming\Zoom\bin\msvcp140.dll

MD5 5cde3aed10412762e83b7fe43694a22b
SHA1 4ffcdf063eafc901105836c27a634530ea614755
SHA256 10ddff48d704c6007e4c2d53fb4856b5e5e79479503366236246a323aaa76e9d
SHA512 fcd7bc262e7bbcbbac9258e31b8d62efb2e601ac1fffac4c86819c8f2aed26fc19403d992a57d48ec92752b2a0a8b04e8204423d6077c7800ea4015f016faa23

C:\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

C:\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll

MD5 7942be5474a095f673582997ae3054f1
SHA1 e982f6ebc74d31153ba9738741a7eec03a9fa5e8
SHA256 8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c
SHA512 49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

memory/4584-1257-0x00007FFC33350000-0x00007FFC33874000-memory.dmp

memory/4584-1258-0x00007FFC21700000-0x00007FFC220F2000-memory.dmp

memory/4584-1259-0x00007FFC22100000-0x00007FFC22ADA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 74a847e31a31418f293970112d4f9a73
SHA1 c388b9e4b5726b86e064b101f2c28599a469b971
SHA256 49f23f24e289464cfe3d15c7b6a028723cf18d36f5fd9e225dbec74b13376042
SHA512 61f603f1df5735367483251218d570becf147428d0a2c155f3f7e2d8e13e003c0e8cff0528c17965892eccd5c94d160e84d97612bd5f0b9e14bcb2f5ad010f86

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 ad20db6245ddb40dc457a9418363a37f
SHA1 f53e0415cd4fdea3e5ae51a77d42c3e74759ea66
SHA256 e38d2445a4bdc9fd425a8fb34909b6e012851a349d54175c988a0aad91231d34
SHA512 d69f0cb821f65c1a80b0b3a3436c3b78add310dbe721227ef9e842f0f6f83ec7b9767def48a8f0e494a5db54302f0a54ef78d469cf456b054dbb693c99f919ef

memory/4672-1535-0x00007FFC21700000-0x00007FFC220F2000-memory.dmp

memory/4672-1536-0x00007FFC1D240000-0x00007FFC1DE6B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZCLIPS~1.zmdownload

MD5 d5c3f93d63a7a8710d34d874122e8072
SHA1 3c596334efe2c8e695119cc382544ccc501cfee9
SHA256 377904d074bef096d93d1ce74a9fefdd995bd9c98d73896a363c55d007145d78
SHA512 0ef172940b4fc710556eda645f80a904750722d205f1e5366502c8c64e41853db8632a21c062f8b184f33fcb34268a5d9ae98845966aa5b09f890bff68890330

C:\Users\Admin\AppData\Roaming\Zoom\bin\avcodec_zm-59.dll

MD5 f10aac8fcd563c066579c61370c38eb1
SHA1 0e0d345231c0b483c77a8ee0bf7db7a2bbec9ba5
SHA256 66e38ba12fdee6b0e80b3cd19e578fb78c2c32e28ca2aa544b9d2f91a623fd66
SHA512 5a9fc7d88cded656b005d7d94b9d6e75a6d6f9c61cb8a17a30548ea995a86d4a6f28f5c32058b15ae6f86a2e8384046306ebeb2799982fdff40cbf0f8331cb97

C:\Users\Admin\AppData\Roaming\Zoom\bin\avutil_zm-57.dll

MD5 af2e4d2387a0f3f5f4e4ee046590d92c
SHA1 a28265611b88162984da364022cf86e699ae0e5e
SHA256 078c53fac3a3588cea470bbd10fab3c0d5ad7fab16e423103414c6853fbc8896
SHA512 89b0dc22adfccdfc3aa741ddeb097fee3b442216c74f67f6618ea684fd5159a61e24a8fd4f124d76f947cabac1721f6536ab2ebf493cc80a0be4367f8a219754

C:\Users\Admin\AppData\Roaming\Zoom\bin\avformat_zm-59.dll

MD5 2c0ac2d487db6d7818a6ddc0e491d9a9
SHA1 0975338a008168a48fb1e7cc14fd0ab20880fb02
SHA256 bb43ac1e259a808412aa3773fded77e4fa266c3b9b613044f47695f4f7c3de6a
SHA512 2c38ab2ff26197cc15c1af41dc436ca4edc63f23118f249c7d05063db1b9d8bfc95e41ba425f7f48d53ec52cf880389c7d0c3b7eae67ed4f6e572033dd2193f2

C:\Users\Admin\AppData\Roaming\Zoom\bin\zPSUI.dll

MD5 6fc072de50629b6a7f4fe04677b26252
SHA1 7ab34ff0235182a2aad50f982fd920aea17892a0
SHA256 aaff3aff9e3eb548ec5d31e19ebb1cb79935d3d72369ae84ddcd9c942fd0c9f4
SHA512 8d473bc2833a8f7aadd5650c371505c9ec160c9e7b443db5b528c1a4e2727eac41ca163763ad2308c19dc93a731496fac003ae978e8d62fbca499aaabc82fa91

C:\Users\Admin\AppData\Roaming\Zoom\bin\swscale_zm-6.dll

MD5 904a85c61ccb9bfeb1cfb16143b24a6a
SHA1 18c49083fb72b312cf33e151a156aef76df5c1e0
SHA256 f00ba5ba20d157eda4b6afcd1c96d50f7176576d100a9b88b6ddfbdae6137591
SHA512 4f179c22ab0cc9e0a2b497ed1bb24d2d292199805c8dc5675a6f114f58be3b810e6c0997a4a028804896651abf8358f9ed5819e4e95f92163d0abc4d2eef67bf

C:\Users\Admin\AppData\Roaming\Zoom\bin\swresample_zm-4.dll

MD5 0959b284e94a818ba7c96fe4784a45e6
SHA1 065e4a84b0c5ba00def91ead7acf2e4867419fe5
SHA256 d97cbd33a7e101bca47f3a3858d5a7e758d69f5ca8f047994bdc0ec630b78243
SHA512 2a0dd7a6596139de69a58c6d22908ed750482ecb3390bd348a5cfe75393c28ea02e5cc47882cce88d33c4648afd603d36aaf08e7c215a0db5344e5f1a4e2b24f

C:\Users\Admin\AppData\Local\Temp\ZCOMPT~1.CAB

MD5 fbc4ebca2c981c8e318f2bd4ed22cb67
SHA1 5322992b225e065c4a48450aea929fcff91c8f39
SHA256 be22130f461e85756ffce3df193e27792b7ecb7162b567526c276232aea6a89b
SHA512 74417d45081829064064fa794203869620737cd90d2cdc7b90e33b355d193f37b4ffa27f46a0b1b2c2eed479a545f829f12e80cd07f89d4149b436d16cadc7fe

C:\Users\Admin\AppData\Roaming\Zoom\bin\zPreMeetingApp.dll

MD5 900ea18898fcaa0439d112d841ae80f9
SHA1 e9fb732b26b874a56a97102e5380572f6a16e9c3
SHA256 a1a446f2626b2af1f45570d6ef833561e3793e743f9ac3a50353d3c011ac8a20
SHA512 fe962b00941030bd823096d41d6c66d0a4ac2f6065c91b7cdf20b17e3163d0a5a26e9927366fe239a2779a2b9a6c0e5145b07a094e925323f899419459832760

C:\Users\Admin\AppData\Roaming\Zoom\bin\zAppUISdk.dll

MD5 af680a5f4032243d10fdfac9434994f6
SHA1 dbcec1adc1eac5d72dd1ebd691fbbc8680e9e769
SHA256 843a34ef5af81685adda5cff4c0539d302db3d80eba2524b104a36d33250b57f
SHA512 3fed71616496bdee443d8c7486d973638b60a17e68d720dc47b144cc2e7869b5bda4787e4e0ac09b57cc4ef5e58a44c545c3c0d302c35a3a2aa68f39ad43bac0

C:\Users\Admin\AppData\Roaming\Zoom\bin\zDiagnostic.dll

MD5 dcde5086008070e7ccc4d13345f03812
SHA1 0982a52d04d2046f101584810be084bf096c6e69
SHA256 ab44e6dfe60f6f5e286fec8d3d5fc872cbc0ffadf379a8b23c62ffd5e1d9efbd
SHA512 bf106e27af59859a67e462578cf26cc8f3628ee1868bf59aa7222488d7f6b5cd4dea59b8d9fbda471d7cafb6f285d77fdfce7f06e1210da78b28961697f12fee

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Zoom\data\WaitingRoom\6232723F-BB9D-4D30-9477-804BF22D2E32_default_image.zmdownload

MD5 2261a7001f0967aec2e8950de1c42d1f
SHA1 0cbe324d7e3dc091c8b8a72d78ab754207329ba1
SHA256 695d9928ecadf0f61266c61863b735d6bf8d0e57c55248543aeb11b6af1c6bf7
SHA512 cc80a3e82ebb2e3ec9aeff7db959044c33f2c0ce9df08519d17d79718325970daa283ce8847e53db2beab6ef59cb69fdc08d36b78d28d98f7ff68e411709254c

memory/4584-1849-0x000002609B4D0000-0x000002609CF8F000-memory.dmp

memory/4672-1852-0x000002159D3E0000-0x000002159EE9F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ab1541ebb008b87af7904a8f8791e408
SHA1 7dbff461e0728239f14de02771e882f08dbbead0
SHA256 805e187b31c431969d22e44ccf5e14c52427eed801094637c6139abbcd85f61c
SHA512 b4f99f5f00f9bd23a5ab0eca27c83aa7f8d9cd3f4c7c8c0287401a1e315ac0aa57b33745d22de6ed96de6ad139f80fbee0646e52707bf8cf44da05326665892f

C:\Users\Admin\AppData\Roaming\Zoom\data\emojione_low_20240219.zip

MD5 ba4ba86b9a0a274aeb08d2381960e475
SHA1 2c26ec3d748e96f1adca393090b04a98f17ba4d8
SHA256 119a9b978ebbfa3565b483595c82c5243979ddbf9de49b4246a0f88c4d16c8be
SHA512 acf66606e8fff351736ba68ec0b04dc59ca79dfe50f4336972cb0ebad09679c8e8c982e8cfddcf5919623d1b400c5bff578a760818af2be3d0a1cffacbfbd072

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f2-1f1eb.png

MD5 e24a5922490ea09bced2c44613107ed6
SHA1 33b14dd8c226a1826161801a71d537042ce1e402
SHA256 9e74533f8c5afa2bbdc06a3972b41bc0181c4c503674156d96f940c2388de7c9
SHA512 33430271daed2578fec0a6774a98457a709de2a599b5aeb35110cb73a57753ef4ee8a2683fdd4128b4d58599fb5616b592ff6ca3c4e72976e72182d29e4cad12

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f2-1f1eb.svg

MD5 f8d3c0bef471e7640b5849b87ba7d56f
SHA1 eacf345d95892bae61555e6c5bc81bcea26028ac
SHA256 5b27690c0d0ff60589cd44639e0ccadc35c8c0a77353034b5090d46bab89f23a
SHA512 472ccfa74c68d29ddd92bad21212468cd916d4655c2cc45d9738453f5fe3b3a160d5c0a6662c85e1b5ec7f63ed8fa73806cd62c3a996e8d9b9ba4490e58c3237

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f8-1f1ef.png

MD5 7c500d8f8a6b86b737ffaffce72d0e75
SHA1 dec92c55ac76eeb3a156c937bcaadce2908b73a2
SHA256 eea25ccd8b456a7d28f8736e7eb48bec9cf58a6168233ad0ed2949be10ae52a5
SHA512 94c1950ded281097f35f8d8b164f8f4712eb9b51056680bf3e09a7df804e73b6914e6c7ec16dc320d3354bd5400b3c01ba87b5b362fc83573e0346c35f8350f7

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f1f8-1f1ef.svg

MD5 f7fe36fc9582b6f1aec06c3c73db814a
SHA1 a6e0588f908d6c90dc3e1139e84f10e82614378e
SHA256 60b79284599504b50170ba506dc0198a4b058711058050ecdb1c0c2c617e463e
SHA512 759bd57e7aec253f22e45bbb78ace2666b256e1b0593231ee5a124ab1bfadac1e29fc080e0f83c28c3dc3b449ef2a432c7ab3ae2e567f3763497c1a3f0372475

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f3c2-1f3fd.png

MD5 1f7c872d3697d3839067abba356349c6
SHA1 0a3710417cc88078bc2f6b943a662127cf8e4d08
SHA256 644c6ef33b0f10df4480b63d0516c3adc2f6facd92e474a92b36e3545b48e9cd
SHA512 0d5c2800b68b177c271bae96c6e290cda0b1095fa76e397c8983b2e5caf2598c238849fddcbf04cdd17dc92cbfd998ab0e1a5ee6d08c4cf321f27e404f3c72b0

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f3c2-1f3fd.svg

MD5 78a1987b430e7ed93a0b5e24d775bfbf
SHA1 25713b0457877a92d59a0163c3b49b26a31e8aa3
SHA256 48d68ebb5e24b6a03f8d3de6f219178c78ea5c7075bb00f7cb2909623d38a735
SHA512 cbd0eece4f6522288f3670c203f5112dde50aae0fce683867a47e8c3d3544c9408b206f84bb123a71a28e15ea3bc936551943baf3742f311eeb3f4887ca4e6d1

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f3c7-1f3fd.svg

MD5 2f2d75ad4844b043de6a9466b2243049
SHA1 7d3c79667a3bbf8a1dc6716bebc54a4d1ad8e584
SHA256 f2a20336a2ff3706b8ad123e0c2d053d4c6cc77a8c9879d9ead1cc1aadc563b6
SHA512 1397d5750a7845df9a3e0bc385d518db16beec705684a5905dfcb282ed6a7515ff8dcfc278bb13553f469fa7ad2428aad572974fbfbedf06e2011ce8132d4601

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f52c.svg

MD5 a60e9a7b24ce9ab6d0c0957d7d6a65d9
SHA1 9b871da8744c9a798ea4253c51c94a18a77d8aa3
SHA256 f0ed131631098d4105d7876796827037da16b711688b6fe488451e8dd4013d20
SHA512 8ae4d41e5073fdb0fd4104706225b7e734de9d354cf21ee51fb47618bc4215c5ddf0d51c28d5a8279e8c83fd3276cac9ffba6e14950b245e153cad287d256e0b

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f680.svg

MD5 7e3467e8140070dbb54f3c730f8c3b5e
SHA1 1d1cb357a9fc85335504cdc1c2629a18fa6113e2
SHA256 d6a92323fa70b50cb0c0afd30fa9fe5ad6c6a6d698b0dc4350bcbc5ab2c7c031
SHA512 29c2a1f28821d97391293f01453f5d96e4c2fd41748b01aaabe56f18a1434aa20aa40ead38d39ad1c09ff7c6d708fad9f773b8f43f3c11b7ba5dec050dbda80b

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f692.svg

MD5 6ab9ba64e70c4531b2bf14a0f4a9b9ee
SHA1 b03115c46dfdda9e3e3e2df99e010e0445e114f0
SHA256 b83e0855f895f68b6526d6a5d4625dd58541c7ce45362fef749c076342c8ee23
SHA512 fb6bb47fdcb13f493b73cb228179af72ad414231532e7c53206710d10a66bb417500acadf6211cbebf604df04bb88877c8808b2c06730db63ad01e2107784c4d

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f91d-1f468-1f3ff.svg

MD5 735c34515def34f27a7154fed455ea2e
SHA1 7b01c41ad4f90adcb16aa88f5a14d78b8c1f83e3
SHA256 59fae5454e5926bbce5b7c4124021a57b3a02872e2f701bbea9120195fd92e83
SHA512 a5c4986f9d13c3eca29f1bc336767c7f71d675d08170e20871652290d69740810de0200a5fb1b2b2df448eb3e33b88b5e4be033b23de814c80208d1d0cf3fc1a

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fd-1f9bd.svg

MD5 fc7781dbb545d1ed0e0cf7e0fea1e792
SHA1 6659d41a8053f815157715a71e5ee866272c3e4f
SHA256 7c3b276d2abca816fd4e1b9b8d95fc34996fda262a75622ba0d8ff6f7de0e0f9
SHA512 3d96d7596d3b856a0069eb47254bd6ee8bbf8689052cb74290a79b622b69988fd4471ac7cd29a335172697be95cdb67114268ca0240a00661c1de300793df107

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fe-1f91d-1f468-1f3fc.svg

MD5 9b40204af1b6a28bb88fc7ffd2ea57f7
SHA1 824ee4ba5ef1bd86373f3cf52d5d6bc89ffe6ba1
SHA256 c144c5d554397a26731f32a9e549cdf334fbc41de2596e084bc65f849beaa4e0
SHA512 ca5f8ac7bbaa90680cc1522a3fd4f0ef633cb020c5cdc212f5128a2ca09f2bff43d32c36c1fc6452aac81d0363f2d51180a16488b7b094662d7e757524e5e292

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3fe-1f91d-1f468-1f3fb.svg

MD5 73b97ad95a8461f3f26fd08e18696aa4
SHA1 a2e4a2f24028cf64e44603a4812d498550d3781a
SHA256 d3b32453dd78d825ff4b5d87a120513a7b9bc5c81c4a35d5179aa3c06fe26b5b
SHA512 c539292ac33bed2769090aba2139f6cc809c1be752dc63590f4061698faf23a13928eda3aa1885e21897e9e5042ba09dba51d29d43884495c44af0eab56ff47f

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3ff-1f91d-1f468-1f3fd.svg

MD5 0efa0e226b7360feca7568589b016d91
SHA1 674b86f0672f480ed7475d13589502a0baf2ecd0
SHA256 4b8f977152adb5b7d55df1942ee6c7964413e51dd6a3d66ad25b6e661f05d02e
SHA512 148aec3dc5c273aa7dbd92f1310024621d39bcd39f72020f300bfd857f6652e292ab12219af2201ef23d0f025633944014b79666ff8f72a505e003dd6c05f741

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f468-1f3ff-1f91d-1f468-1f3fe.svg

MD5 ef29f154a48c86d08cbdbab7572b3880
SHA1 979867f22c49ff27a7aa104b3d96fe4f2dcb1a06
SHA256 a95e0f316041c2dd52c554ab832b0f1103c720fb19512ec28e8a8347626137eb
SHA512 5d4b51221019317b30657474b684723fb4562b8b63fa886f4b88bae07fe97e7b8391c54658badb019ac7c630eee606988cfdae6d100d5a5cb20ac47eac0f1d20

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fb-2764-1f469-1f3fd.svg

MD5 d606bb69825d52fa232142bbdb7f985b
SHA1 1ded24b62be062b9f1c8a5cfa9c848d32339d7cf
SHA256 8668216cc468d471d6e8b094bf1e9cac324d16adc16813529f7fc3b94b84fab7
SHA512 487428414fc0e809660aefdb351da080884fe5061dfb26c692716daabb56e9dd4274ec4ac239094ff847d0393334aad93769eaaa39b66435376b2178667b5bd8

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fc-2764-1f469-1f3fd.svg

MD5 11c10dff05c7f85872f5271ec9736b83
SHA1 ab621f1e66514bb91674b94b643d0ba020428178
SHA256 5f65cf830f17a777ef12a3389030b8b9681165e46e9e3b78917427297839fad5
SHA512 9bba1235cc734c40cb34f3014b28b9b2ebd38e6000d4d624b4220d5358b12f69028217de7db06eeb320a33abcea09bdf9a63bff228c603b2f24df0fa54b9bafa

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fd-1f680.svg

MD5 8ee07bcac94dcf71e0279de998389346
SHA1 817c77b801ca926485663bf7ae600ba162a9eb4d
SHA256 a978d221a399f35ce822a17831140bd52f99b4927b9f10937f4326454a5dd931
SHA512 685908420f4e154a10baac33d1515f8baa6d4fdb22d815369e9fcd30b892a961db0fa21c3eb0e138ace0ca61b519f1771c8aca323b565a2668a988f84cb0003d

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fd-2764-1f469-1f3fd.svg

MD5 2272ac79c299d048406d97dff71d8d36
SHA1 5d49db7362686cd9d04fa8a86b19674832121302
SHA256 9527f0b04ccf0c6633b1644e6d0c0fe24d730f58cbff1d4f8f51e71611341454
SHA512 03ab7e85946062d3a7e6f36fc80836f67a13acfc691fe31e801adf5ef903b296e78456bf03df18861be1254f2265ee283509920748e520d587e142226e19e4f0

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3fb.svg

MD5 20a407b1a3f9f733c2481bc07a720e02
SHA1 776f21c31de2320e76d92512320e179ca2ead555
SHA256 db667fcf69cfd628d5c2132b84e1baf54df55296bf074903f94c41dcc3b669e5
SHA512 01dea1eeb77e91a80a59ba68d1c260ad4f324121fd6207626b0fcb25b4027082a64e83fd0890bdec25e4256efc29357439f47d8383389216c0360eb181634597

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3fd.svg

MD5 6c51ff1981a4ace8c74a90c23b04dbb9
SHA1 7a363f1e8d3e2bd18ebf13aa39e2474569b38a80
SHA256 1f4ce13a13158a72aeae70a39582f45370b3c1386ebe69af95a9e1ed3aff9db7
SHA512 86f7ecb883a4d23f7592b44f26a1d584ab6635c5d6dac16de166cad1d20f3d5c7837bcd9c573d57f2fec64f4bf130b3a2ff51cc5e1942faa55fc5318ad693afb

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fc.svg

MD5 a3f59b88beb651c150e7de7768709d9f
SHA1 2d0cff322641da70d78183a82422fac199a67797
SHA256 890bfb6808ebbe175580456aecb93e32c9420802b2f5621cdd17fc48acf6c343
SHA512 c447f6b989f4288c2542d76357daeae726cd218af17487482bccc24f532a4f8378d85881fd429165728d7f352bb4042d31090e5b2f93d5174c23cea6e0dc41a1

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3ff.svg

MD5 50f60f979f5b8918df58d0501b4d7487
SHA1 42a84fec6a296f3b413b7a744ed3e6992f7fa2e3
SHA256 b23f3ccb4901679eecd5bf5e9ea5e029b0321a514bba5551aa1afc483f5cf00c
SHA512 f1733430b43924ea1e5ae5646d79c5bd79eb3602f10e45a44168024e65d6c5f7b28eb195799a8f26a8d495025bc73e3cf277109165e3800577cf8c72a8f6ec74

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fe.svg

MD5 404086eba8b7cc4b8b5b44ec9df3e07b
SHA1 481668caf334af1c4a470cb286047d9d062c3eaf
SHA256 1cfa0c95515f597fe85227dbfc88694acc32bbb14f95149afd8f4f164e6deae6
SHA512 09620638e04eadd7271584acce100b833df9bad0f6cd0cdff256516a314e79ee96f1c4738a98a3b418b391eac70c0337e9b3d471183a2a4c9f2802d25aa3f8bb

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3ff-2764-1f469-1f3fd.svg

MD5 8f868a263f6b4a796f00e95f9d15fbd7
SHA1 7d083471defacb2bbdf156f251f75755bb188de7
SHA256 df1592e5d8be506a05c38df852ce0fd3b09208939920e0ddbb7d5d108f33b30e
SHA512 c3dc960ae8210ca9d9694d0332d8520397030f685d45e745dc3598b9473f557e0d1c96ed7a9e7e9ec7ab1def29c9128e65277c7d830bfac03b9a79449b2b0a6c

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3ff-2764-1f468-1f3fe.svg

MD5 0f4f1eef680448dc3265335226c70da2
SHA1 5c71dded562a410791f65ce456610a7145f0d038
SHA256 7c881e18ff73044a0e05d838cb14331c591e874aef47a50828d6d392a0db5f31
SHA512 10e2303e0c11cfb5e44002666b9a5bb85edadff592a479792a6c580defbdc56bf6fba4283f21d6e0af1059693f8679f3d2966a2b40b56f6ab0fc52c073b3e1c2

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fd.svg

MD5 522586e57b24029cf40f2510c81f2189
SHA1 f379229ed47ce65912c915171bfd0ddcd4ba1b86
SHA256 c4609758c8ceffd10011777b56634e63899ebfd6fb67030d57520ef46c2b057c
SHA512 dc359b1ff7e28b491766782edfca51c8e7282d328788ba3c437a88881996dfa7ef084a08c958b4d2f38745ac4f334e850645ff7e42d0c131a4c75a1ebc8ea639

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3ff.svg

MD5 6afb2712780f4552488392ac6ca95d1b
SHA1 67923ba2ceb5f4621c34e2f460bfa95daf1f6109
SHA256 cd59ba9c3aaf161a12fa5e863a638f4afe59df3def11eebb7838c1339de3e7b3
SHA512 60f40df51776dacfffea813c4e64797944e49f3f1a46caec3ce39bf07b222d3feb1fd903901b86be130c54fedf028f876eb17d7990acc1a4967a86de0d0f5930

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fe.svg

MD5 d2fdf8b5cb9c5971ac4065cb15654ff9
SHA1 755f6d74cd650f3b5e7f5c409780fd251d9f16e7
SHA256 ff727128f23fdb8307a4752a3176068902efdf4842f06dc5ea1f7991da0ff0b1
SHA512 4c0c2a5491b8836ee872afda22034ab0a116fdef5d410057288c0f1c9513b1ad094cb3f81d180e9e6534dc8785eb55cb1b9cf4e957a223151fbeb87f6f5a5554

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fd.svg

MD5 6110897ee9a8172c6759a335a7c731cb
SHA1 664d134854e2559a575436db21bf2d43b916f686
SHA256 2b1d3918282eb77ebfdbc7253a0c71cdbdbe2a3cfdd4b4f3da42ca10b6d2f30c
SHA512 1304265e21e5eac4aad87c83cda67dac345b8bd0d1146c240b686a3524b6e0ae1c35ba360ed318d38f9af474f9e087471b2be38afb5cf9349e847362d3770ac6

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fc.svg

MD5 5cbade4f5bb1bc7ef2e86602870b7416
SHA1 13747f011855f3b13233afabaafe95e3d98b0a15
SHA256 80db7ba93c507ad2706a2abc88cea4aa6d3cc2b95a3c28084c66761a36923ff5
SHA512 d944ef268a0ec5886979193694ab39ae90c6891809960e594d8ec65ba949247d0e9d211464d2e5eba37124531fcae8438352813675b04934da33a4ef4884f85f

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fb.svg

MD5 568f422c37971b93d0ddc7bae6700654
SHA1 a7817d0cbab87c58052b69e4f98916efa0ef76c5
SHA256 ef9fe06c736ba437ad56e3ee0237192fc49aa33df6b740c1e73f0a385d8deace
SHA512 436b3179dace2232471f18a740e205bf4eefa16d51e17bb38e61e890573c2fbaed39ac79762e5c1960c9a6e21a5d632d79351a4cf79bef87a89edb98d85b4659

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f469-1f3fd.svg

MD5 a7da7cef7a6fd12281b1e4449432d0d6
SHA1 4830693cc4a35d84e0372c81b99cf2cf3c84bbda
SHA256 1a9b5d7e925726c1efea278064a3680e7db975e02ae94571ef49244f9965ea40
SHA512 a4c67899f65ab7241351606747d453c61811e70861cd91fedd9b8dfc1232ba4395dc61f8ce59b4800b7d4596a017af6a8f4a845f7247023e3135a4f37e78b781

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3ff.svg

MD5 1d6feb3d1dab84ff411803ddc017d242
SHA1 9e0dd2de762aaa367a809ce0561d1f7f6dd8f56f
SHA256 ed280f6d103dbc28bfac0b0cab9ebe4e942fed35afeb2da72760aaf49e3dc5d0
SHA512 5a2c45bde99b07393702270e6329bba5958c9199895c6c6d6039941058e1f05fb494bd49f3d318282d7b1116364c2a1dc103a5d69b1949ea06c5478dc59e4159

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f47c-1f3fd.svg

MD5 31907a7b5abbf66956cce5ad22f4af36
SHA1 51d28c4fb0becb6ad4ce8339974f569c9f129d3b
SHA256 756a3b424199212f63753a1f2672245a7241c9877a9d65dd263c596c9e9e52e4
SHA512 6c676ee42bd2cd0cd4f7f0703d1fa16ea937ea6efa595456836f43650bba4dfca52bd85c5d7d48db65efd67cf00fc1c4cbd0928739a8a0d49c3f9fc66bceee7d

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f482-1f3fc-2640.svg

MD5 aa8b34acf3940fb01ad81a331966d9d1
SHA1 09f4e91e539fccd1a161337a0e2c1aea35e9d33e
SHA256 b382cec8be2da96902d0b13040614767f5068e669a42ebf9b633d210c7c75f52
SHA512 17c80f0b1728d7b990988d25ca960cd40adea3be218f8317d7b956501beda4be2014063d6362ff5f2f332d519dbe1b951f6c3eb8e5edaa04375153316e8732a3

C:\Users\Admin\AppData\Roaming\Zoom\data\Emojis\1f482-1f3fd.svg

MD5 38fb06613dec33a6351b424cdcf9e798
SHA1 84258f41e485bbf36fa16a0f7691aa345c30543f
SHA256 bae702a8a27664f5d7378b7bda228564e8eb87979756800fd8233c7fff7f774a
SHA512 d688ad6e7c87ddf4a5bdec4c21c5be06110c918b6c1a45c88f8781a024ccffb8f17a3ad32224a841879362bd3813d7485fe809e5fe427722b1df93daa6599f7a