0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 18:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
Size

1.9MB
MD5

4578c1d5afd9ae14632b350e6de82057
SHA1

428f42904faaa911bc17aa5c8cd5cfae9a52c420
SHA256

0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875
SHA512

01fb41b29feef54d72e75742dbcc7852addffd2f78865ec4010227ffbd839c98976753ce3bb5a1ac41c08b8f4b5fbb226f7d82ee2e97953827b91bc4d1a5be81
SSDEEP

12288:cwv8bmRaSBRiNaXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:cwLXHsqjnhMgeiCl7G0nehbGZpbD

Score

8^/10

defense_evasion discovery privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe

Executes dropped EXE 28 IoCs

pid	Process
1824	alg.exe
4320	DiagnosticsHub.StandardCollector.Service.exe
1280	fxssvc.exe
1344	elevation_service.exe
4152	elevation_service.exe
2440	maintenanceservice.exe
1368	msdtc.exe
2712	OSE.EXE
1524	PerceptionSimulationService.exe
2928	perfhost.exe
5096	locator.exe
2728	SensorDataService.exe
4240	snmptrap.exe
508	spectrum.exe
5016	ssh-agent.exe
3876	TieringEngineService.exe
4580	AgentService.exe
4344	vds.exe
4556	vssvc.exe
776	wbengine.exe
5104	WmiApSrv.exe
3128	SearchIndexer.exe
1280	Installer.exe
4792	vcredist_x86.exe
4508	install.exe
4028	msiexec.exe
5892	Zoom.exe
2376	Zoom.exe

Loads dropped DLL 64 IoCs

pid	Process
4508	install.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Zoom.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Zoom.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Zoom.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Zoom.exe

Drops file in System32 directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\locator.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\msiexec.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\AgentService.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\spectrum.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\wbengine.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\System32\vds.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\dllhost.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\vssvc.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\2f1cc533293b476c.bin	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224800.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224894.1\9.0.30729.1.policy	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224831.0	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7203.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224800.0\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224894.0\9.0.30729.1.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224863.0\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90chs.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224831.1	msiexec.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224863.0\mfc90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224847.0\msvcr90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90kor.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224910.1	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224847.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90jpn.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224831.1\9.0.21022.8.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224831.0\vcomp90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224878.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224863.0\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90cht.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03.cat	msiexec.exe
File created	C:\Windows\Installer\e57709c.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224910.1\9.0.30729.1.cat	msiexec.exe
File opened for modification	C:\Windows\Installer\e57709c.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90deu.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224847.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224910.0\9.0.30729.1.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224831.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90ita.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90rus.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224863.0\mfc90u.dll	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9A25302D-30C0-39D9-BD6F-21E6EC160475}	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224831.1\9.0.21022.8.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90enu.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224894.0\9.0.30729.1.policy	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	msiexec.exe
File created	C:\Windows\Installer\e5770a0.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224894.1\9.0.30729.1.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224863.0\mfcm90u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224847.0\msvcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224847.0\msvcp90.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224910.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224800.0\atl90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90esp.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729\FL_msdia71_dll_2_60035_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224894.1	msiexec.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224831.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224847.0\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90esn.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224878.0\mfc90fra.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224863.0\mfcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224910.0\9.0.30729.1.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240629182224910.1\9.0.30729.1.policy	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224800.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240629182224894.0	msiexec.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
2376	Zoom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoomus\WarnOnOpen = "0"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin"	Installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe"	Installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg	Installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0"	Installer.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000b4e994b51cada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9911 = "Windows Media Audio shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\regedit.exe,-309 = "Registration Entries"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000024a04a4b51cada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009026924b51cada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9914 = "Windows Media Audio/Video file"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000098232a4a51cada01	SearchProtocolHost.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000263b864b51cada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-1 = "Microsoft Language Detection"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration"	SearchIndexer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomLauncher\shell	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoomus\DefaultIcon	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoomus\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\""	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.CRT,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004300520054005f007800380036003e006b0027005600490037006f00520050007e00370055003d006f0029006d00730026002c003300420000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\PackageCode = "6C7E9C94F9A4F6E4EA39E910D4A1AC39"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.OpenMP,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800380036003e004d0039002c004f005500350063004d0078003400660069003f00660040007b00300021004400480000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoommtg\shell	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomLauncher\shell\open	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPhoneCall	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPbx.zoomphonecall\shell	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPhoneCall\DefaultIcon	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPbx.zoomphonecall	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1"	Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\FT_VC_Redist_CRT_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoommtg\UseOriginalUrlEncoding = "1"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomRecording\shell\open	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPhoneCall\ = "URL:ZoomPhoneCall Protocol"	Installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\AdvertiseFlags = "388"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoomus\shell	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomRecording\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",0"	Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media\1 = ";1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoomus\shell\open\command	Installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\""	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800380036003e004d004f00700050006d00360078002b0044003400700061006d006600580031006f00390032007a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\Language = "1033"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFCLOC,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800380036003e0040006500650034004900600034006b0069003500590047006500590051006300340025007700780000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\FT_VC_Redist_MFCLOC_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomLauncher\ = "Zoom Launcher - 3.0.1"	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPbx.zoomphonecall\shell\open	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFC,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004d00460043005f007800380036003e0049004000790043006a0027006200720045003400710030004c0044006f0059004c007e006600580000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Win32Assemblies\Global	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomLauncher\shell\open\command	Installer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomLauncher	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoomus\URL Protocol	Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\Servicing_Key	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPbx.zoomphonecall\URL Protocol	Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\VC_Redist_12222_x86_enu	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoommtg	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomRecording\ = "Zoom Recording File"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPhoneCall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomRecording\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\zTscoder.exe\" \"%1\""	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPhoneCall\shell\open	Installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D20352A90C039D93DBF6126ECE614057\FT_VC_Redist_OpenMP_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoommtg\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1"	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFC,version="9.0.30729.1",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 4500600029005600590027002d0046005a0036005e00620076007a0072004f00520068005b004d00460054005f00560043005f005200650064006900730074005f004d00460043005f007800380036003e004d0072004e0075004700740065007d0054003400240066006f0062004f005000340040004d004d0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Net\1 = "f:\\e5a77262397dc7324d8fcac3a65c\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoomus	Installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomRecording\shell\open\command	Installer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoomus\UseOriginalUrlEncoding = "1"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\zoomus\ = "URL:Zoom Launcher"	Installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\ZoomPbx.zoomphonecall\ = "URL:ZoomPhoneCall Protocol"	Installer.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
1280	Installer.exe
1280	Installer.exe
4028	msiexec.exe
4028	msiexec.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
1280	Installer.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
5892	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
4320	DiagnosticsHub.StandardCollector.Service.exe
4320	DiagnosticsHub.StandardCollector.Service.exe
4320	DiagnosticsHub.StandardCollector.Service.exe
4320	DiagnosticsHub.StandardCollector.Service.exe
4320	DiagnosticsHub.StandardCollector.Service.exe
4320	DiagnosticsHub.StandardCollector.Service.exe
4320	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1060	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
Token: SeAuditPrivilege	1280	fxssvc.exe
Token: SeRestorePrivilege	3876	TieringEngineService.exe
Token: SeManageVolumePrivilege	3876	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	4580	AgentService.exe
Token: SeBackupPrivilege	4556	vssvc.exe
Token: SeRestorePrivilege	4556	vssvc.exe
Token: SeAuditPrivilege	4556	vssvc.exe
Token: SeBackupPrivilege	776	wbengine.exe
Token: SeRestorePrivilege	776	wbengine.exe
Token: SeSecurityPrivilege	776	wbengine.exe
Token: 33	3128	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3128	SearchIndexer.exe
Token: SeShutdownPrivilege	4508	install.exe
Token: SeIncreaseQuotaPrivilege	4508	install.exe
Token: SeSecurityPrivilege	4028	msiexec.exe
Token: SeCreateTokenPrivilege	4508	install.exe
Token: SeAssignPrimaryTokenPrivilege	4508	install.exe
Token: SeLockMemoryPrivilege	4508	install.exe
Token: SeIncreaseQuotaPrivilege	4508	install.exe
Token: SeMachineAccountPrivilege	4508	install.exe
Token: SeTcbPrivilege	4508	install.exe
Token: SeSecurityPrivilege	4508	install.exe
Token: SeTakeOwnershipPrivilege	4508	install.exe
Token: SeLoadDriverPrivilege	4508	install.exe
Token: SeSystemProfilePrivilege	4508	install.exe
Token: SeSystemtimePrivilege	4508	install.exe
Token: SeProfSingleProcessPrivilege	4508	install.exe
Token: SeIncBasePriorityPrivilege	4508	install.exe
Token: SeCreatePagefilePrivilege	4508	install.exe
Token: SeCreatePermanentPrivilege	4508	install.exe
Token: SeBackupPrivilege	4508	install.exe
Token: SeRestorePrivilege	4508	install.exe
Token: SeShutdownPrivilege	4508	install.exe
Token: SeDebugPrivilege	4508	install.exe
Token: SeAuditPrivilege	4508	install.exe
Token: SeSystemEnvironmentPrivilege	4508	install.exe
Token: SeChangeNotifyPrivilege	4508	install.exe
Token: SeRemoteShutdownPrivilege	4508	install.exe
Token: SeUndockPrivilege	4508	install.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1280	Installer.exe
5892	Zoom.exe
5892	Zoom.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
5892	Zoom.exe
5892	Zoom.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5892	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe
2376	Zoom.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 1280	1060	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe	108
PID 1060 wrote to memory of 1280	1060	0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe	108
PID 1280 wrote to memory of 4792	1280	Installer.exe	111
PID 1280 wrote to memory of 4792	1280	Installer.exe	111
PID 1280 wrote to memory of 4792	1280	Installer.exe	111
PID 3128 wrote to memory of 3668	3128	SearchIndexer.exe	110
PID 3128 wrote to memory of 3668	3128	SearchIndexer.exe	110
PID 3128 wrote to memory of 3480	3128	SearchIndexer.exe	112
PID 3128 wrote to memory of 3480	3128	SearchIndexer.exe	112
PID 4792 wrote to memory of 4508	4792	vcredist_x86.exe	115
PID 4792 wrote to memory of 4508	4792	vcredist_x86.exe	115
PID 4792 wrote to memory of 4508	4792	vcredist_x86.exe	115
PID 5892 wrote to memory of 2376	5892	Zoom.exe	125
PID 5892 wrote to memory of 2376	5892	Zoom.exe	125

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe
"C:\Users\Admin\AppData\Local\Temp\0725fa3e249d7d3ea3fdb6b0134a7667c6b92422479f755404ac894875a6c875.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
  "C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe --cid= --conf.no= --zc= --pwd= --pk= --tk= --browser= --sid= --stype= --token= --uid= --uname= --rtoken= --action=launch --install_vs2008=true
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1280
- - C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\vcredist_x86.exe
    C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\vcredist_x86.exe /q
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4792
  - - \??\f:\e5a77262397dc7324d8fcac3a65c\install.exe
      f:\e5a77262397dc7324d8fcac3a65c\.\install.exe /q
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4508
- - C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe
    C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe Zoom.exe --promptupdateaction=installed
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5892
  - - C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe
      "C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runaszvideo=TRUE
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Access Token Manipulation: Create Process with Token
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2376

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1824

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:4320

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3492

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1280

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4152

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2440

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1368

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2712

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1524

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2928

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:5096

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2728

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4240

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:508

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:5016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4916

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3876

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4580

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:4344

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4556

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:776

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:5104

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3668
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:3480

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x550 0x558
1⤵
PID:6012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
d0fb23b51d7b4e85a7028cbb2796a6d8

SHA1
265dfe920e38fbdf507c501e9af96eb8859c6131

SHA256
02af396db1f8893eb9e2b11c25cd8ecb77cabdc58add91af07cf4bfa8e1f8d9e

SHA512
1cc0503f663c6ed7a953498d8716c56446562fb6a6ca57002bd4d9de97757f67a022fc189bd4b395c757949c18afc5ef272af9bcab2a94ed8c03cd699de3b4d9

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.7MB

MD5
375522e4d27c762a36aced0f96311f0d

SHA1
bc60f3ae919a05bc3330ad9dd0ef0439633b8f18

SHA256
8cd136960094d5e97f8aece76665d083a86f71aa96c2d0c1c1099e895c17860f

SHA512
9c5fba8844c97c537d7412ea65dae2095a21b8075e103a18b50751a2005c927f2bc3c31b81a3e27221248946e85758f96476547ad94f9f7cc37d48276cebaaca

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
2.0MB

MD5
3b83c5fda6012a61fd1487c636500284

SHA1
c92f0a6f43554ee5ea94de329b2f4519f14b50f0

SHA256
54d1ae422b786b7496693b40e6dc12c0c779938dfd49fb98c69ac9d586c7c6b9

SHA512
cf676f82a06985b0253c934bee1c4f565d570cc8bbba577ad8eb0062dd2bb12bce88b58296faa5e654d8752ce254fa97b81dd0e9f56892e9e7b6e3eee2b00f73

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
3d4066e30355341a32bc368a49609c14

SHA1
75b46ba4fa60a28a250fd9f3e3e9dad2ba788ac3

SHA256
89f20ed4115280ba33099b3e4fa0c683536da50208f1ae3b97a36d487a2ff9da

SHA512
b3ad8a11a4df45232164f00fcc2f8962a435d0e58f0bf2eae09bc7e5ecfa6aac4de3f2344721da5292aca808f898617130537bc96222dd6f5a8c8b8456a3631c

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
8228d072057d5995384fcb456539501e

SHA1
f50c6e8330dec0874a93f9bbf97db4fd22e56823

SHA256
b918f24eaf187f4bb65f2a938fb6e1d47eac8deed6a4ffd2a3991ae01fca6484

SHA512
278ee17d106d031d259d84022b31ae792cd61f78e79eccbb5af6da3b76dde83304d4494aa1638166a8832b4e4682b2616474a87292c3690a6317a5f2499be25e

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.5MB

MD5
01fb5f2d07832a4d06bf21e0bffb773f

SHA1
80f972ac3731ed587b275fbae94b2e6ca798c0ca

SHA256
68b7cac6940030689d1059651d869ec4b4ea78e1e00d25a85771560a6c885b90

SHA512
bf2dd62a953342e1748f01fb5c4a5e36390dd57de2801813b1d67b6b7cbfd18c93602b2b0112a9361d816f9419aa9c689f693d6e54bae351c73536171772d5ec

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.8MB

MD5
2f5a317faa165a869f62226cfba02a70

SHA1
a496d4e04c9245f12c9a0c6a54c181b8f52e7fcb

SHA256
b41cb1a6c8506e53cf62f1cff6f99fa463dc11a9aeeb6ae46bb8b9ccfb0fa3b4

SHA512
587b1cce0bac46be07ff60b2e84268ee65e38002e3128396b48c662d800153344e34c21b9c0d10acc073fc72b1c5bb76e65dee7b2e6e61ec2adcdeb48ff5c053

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
198e039396fc08b08580c670fc142348

SHA1
d65f00197135b4ad0db3c0d4a9f3f105d4c08607

SHA256
832904dc21ee278cf2d1cca7bd3a2ce839e3f8a29869b9d9d7b26ff1df3073b7

SHA512
ef85e05699214c4251459a09bb3b8c179fc8d2cb3dcc50428f8e0ad48d8bcb8701db78caa0594a9395c37f62034e3ad0dbcf9cbc96f4f07e88baadd6525035d0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.8MB

MD5
beb94db75cc0509a85b55809c1ff0497

SHA1
074264a8a756c7c5f9e1071f897165d3bab092bb

SHA256
e48d17dd5d21b0fedc2bfb537eb6939cb76df0a0332a1691d9bc38afe3dbc693

SHA512
cae973228fa5f81484d3580188c7cdfe127db7f08eb73a2b6c7fff210ef48392daab6a403da37004396d3196e0a1743cf2cd8a119b60526d9760d1dcc0d5affa

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
45d62c6cfdd057cad6a99054732fd0cb

SHA1
3fa9326005ad77d84faf982efb2a5c92713f3123

SHA256
42807f5910d71c2f67ee332c4793d281e6de98aadcaa2fc45a3b62c282506b9e

SHA512
334474e4d659e70c29a56cab86bf2d53abe41b7403845e3d286edaf0cf5004935ffffa6a538d42f6b0b6a4404c8e28947e1c8904f7f008871e3532d963c45451

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
fc152123d1c3a68b624662d856452645

SHA1
fd9fc60094d99fd4358ee2d7d54d31d427fd5d74

SHA256
ee9dc5dc116d7333b530142e2539e3036aa5bd95e6a45e954fd9051aa1e9d044

SHA512
12a03520a7c5501d675000bea7cb314d5ed408e3440dcbf6f920d9ef91f2f493f541a941c651a02373ddda0375a89bbec7f43f302037d1764b2ba2db71bd977a

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
d462ad232ee42f1cb0f1fe2619f7ede8

SHA1
56232764eb2fb30471536b4d148bdcf046c14c1a

SHA256
50fdb28859d3452fbbb216759bcf6fd59e15e68aaf3a1ec3d9fe6994054856e1

SHA512
05ec0eb64139eb675a857ddb73f1b5607de05e28f8cdd89b21146460907e546e3aebce4a0ba294affd463bd39337f24d45f49d847446de0c53ad449f8ca30153

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
0ce9308d775eb40a1fbfe07374c0a951

SHA1
67f4bfd46b8cc21229ca3b5be62fd8cb5b051c77

SHA256
fa49e6f71ca8d6db56640b033b7feabe7f808f5de22a945e37cb53b362bce353

SHA512
17a26dd05e0f3b3b59367ef84ef8fb9c2faf145ad408e47bc4e0da00cd1b39180f69e63de78d82d3b1fb5b1284403734ae1222d0ed8da1b0f2cb822664c400e4

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.6MB

MD5
a04dc6069df0e2af499d8df39cc09fda

SHA1
634c2ca26ee0261bcd233d61995351290f0324d9

SHA256
1a021b529ce8fb1c5090cc0dddf829335276b2f652d2703db05efaa6479a5406

SHA512
e76e5ee5e657cb39ca51a709aef40dfdf4c55c04efd29d119bab3730e7d45db4b5134f640388d4da3faedcd5a8b678e5a77bbdbc76e6ae23330882599027648b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
2486fd051d979537f5d2080708bfffaf

SHA1
971eb673a0b94ba1f5047b943ce58b5e855ea1a0

SHA256
0f202bf796d1db4eab3c4be6c378847f32b830893833429880b6012ebf57dd6a

SHA512
bf1c1be60e0983a9079c2aad4eca34eba90c63a57a48e6bf0faf4cd2cb9ba3608c05825d7d5666511820f26250f842ef4bf8fae447bf4d3b8774dcc72ff8be10

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
f38ec820ac22209ef5e969ac5a5d42d1

SHA1
49b3cbed7ad5aa2e7a3de02a509e317de87b9cf4

SHA256
16c8888ac7861062be6fae2e6d98cef473376a07766d96d75bbafa4fb940084a

SHA512
16b7ab0c1fe7225e5dff163647bd86ef86321f89c7bb15ad3f939d1fc5090988823805e74f93e1fb6a620781f510eeead2508544937e33e548d7dd741c4b7e2e

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
b3e95209dde2ac2cccb33834139d579b

SHA1
08f78fcb4233cae2e5e3258a45e762dd383fe668

SHA256
bac5edfb613b978297b7d4e46aea3bce82fe15c5b770a2c784bbc8fdb0e1515f

SHA512
f548f07479a4002f87e3b89de43646f18809989f09b6d5e03e3a11b3a317a30d52a6bfdfe5fe3209c07ec700249de3fece201d2218120948af59cd5ff1beb163

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
ae81a3a6dc7ce99ac74491d224bd3c1f

SHA1
63029ed1d0e8e5bfcf9f84493acb7c152c2b5143

SHA256
864a6f0cf20b3f1101e75102871036e6c0084245aee4cbecd7a33e14a6513780

SHA512
c85e7b204fb4a1c8e148db50e3d77f37851ccfc334d6df6853be86ded65bf099230cbebb69eb60d46913f1ca76fc578d5bddebf76bdb88e0c951be5207a28ff1

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
61ac3c91bd1ab2d5b492a14c9434d35b

SHA1
c162a2ca841c3ce2de71116baf0a774bdee6f225

SHA256
3a0314e45d98fb23baeb990f8b3bb229698439e01b9dc5cd1fdcacf2635a8f33

SHA512
eb1cd8a887d49f93e9809cab957b0f84050c38e0a66278c89ac6a4045bead877f2206644ac2d7cf7317dbaf2a773a242584d22962b47dc5427769dbe9e49be60

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
deb7d0353ee94f17bc55d49e1ce37602

SHA1
b5e89618f7f03f38631fa9c675c48312ff4612b1

SHA256
56b628c126df7a03e423206b4d9b4aae9335db08ba8a005e91833e20592a09b4

SHA512
5116ee1b37b4663a0edd1758a871d4ce982b94bfe3667f37cbac507cd60aad26eeb457b78a4e79c6c1c484d5e8abc5274bff3087a61bb971c6859c878a61d969

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.5MB

MD5
3b3d7a62fc472a93eafdab3e721d5ed8

SHA1
883e64a787fcf48b2c93bd8e54771c6e971b8324

SHA256
ed030cb550fabcd5a5d9e42807e2d2df70e001a59021c8ad2b914ce64312b102

SHA512
1989e1d4a08949138bbb5df355d500cc870ececa11fc86a0aecb5b533c0ffc5ad25a96427831e17ac45fe1319eb808ff634db995bf6d31523555bf5385e8b80d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.5MB

MD5
a43956f354f6e55bf296a5ada4e70064

SHA1
2b6ce0ca53b061ffb62acb1dba8b87da1e933382

SHA256
c186abf3697487862800f6955c51fb7e0052e4a66423b41c3a27c526270e54bc

SHA512
11b76c3c96a3d7884be4c40c24ea0c3a02c512106a2f46f751d9f6d658fa78a1586f406c743748bff9125d04d5effed23c356d4e0d15845cd026dd6c9231565b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.5MB

MD5
2c50efa2a616ad55d750cf132eb78dad

SHA1
5b19920677f562443789701c4c400cee730459ac

SHA256
06fa0b42aaec670757d0a79b62f17e49ceb100e7b5379b7dd229289ec5bf57a0

SHA512
6586003a38eea5f8e5d6989c99d6377200884fe517e87e616b113cf1c197505aa5370c300562114ffeffe8d004b1329ed38567f21b20f9522c72e245d6f1c267

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.5MB

MD5
f1ffb3716214494bf90f94fb36c43ac2

SHA1
97a33b1b8eff1686f973a26eaa55aaaf71253ce5

SHA256
5cc6c2e35c5a5d34e67a82b27a7a6dec720e99fefbdb040273f62340249f0dc6

SHA512
84e7127320d20c4200b1738d7dbd0ab1d1a7b71f8eca9100c8c44f2d44e637a16508da8cae8f891997f796846f8a6133602d3a350c33eb9ee44b773d1590c152

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.5MB

MD5
e3255a24abb333355d93868070f63144

SHA1
6f020253fc1954ed1b983447d1d7095c98fb78f3

SHA256
592c8dd227d0c747b0dee1ad7919670997f2ef4d289146d4876a32d333f0f786

SHA512
1cba4517ada35d91a3827f731a6bdf71185a05bc21126f54ce4e674d8ed81e325020201f9c67fafeca4b9b492c76402adfe1b29f1d00fe1e92d0acd04d43c10d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.5MB

MD5
bb38cca9ae163c09c1e7bc19a3f9ab1f

SHA1
d774831024528248151a5a2095a13822bb4ad711

SHA256
67cac7ac01e848f574d53af4f547f628e8fa587e259c5a84ec767dd5c1aabe97

SHA512
17d08b32042bd1634c2b807580cb2a12f334b4a1aff6902a35b607b22106bea9e39be02dbefe24beee1df7a660a8e4386d13228b52743ab5cee82eb9e3bf676c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.5MB

MD5
eced40d859f7472ba09bf871fc4876a7

SHA1
052b9c2f49c300ceff2b2d5f3914df80c838f0a8

SHA256
0ffb9ab3ea9175b92f254b8ac8ff4650c949ad34065e418359ec74e3ac985412

SHA512
3c90e4aab6f6eb846d75466cd7062300e915465074b4a99ff6154935840569ea6dcce8ebcbbec90ab121160bd84cdf24a62f63147cd6b434aa0bc84cb6957f66

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.8MB

MD5
51815974a5da9daedbd450df8f1ce201

SHA1
e7bdff11f5a2e8645818e8bca9d5bac910ae1197

SHA256
ae1faca11aa171ecc178ff5e5a2d149be3c020b2997ba11483ec4dfa294d8861

SHA512
b3dd1cfa8bb4ea2f260398786e797d8c4854e27dac8b8459b882b690983b104556ae6a268fdba64f798491b4ac2d4f354a76731cc377d81043f8c4b0be26f655

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.5MB

MD5
330df1b559aa9735718f9b2ff54a8356

SHA1
a88e8e824eba33e0fe2bbf32897c8e05b3fe24ac

SHA256
1516b21e6346464199bc33fc580cfbc6be1fc6fe5b334aca72cea8749b250e32

SHA512
4872281586544f0ff3d57248d53d1e941c5b3c675dd1cdbc518d75f9776741c1e80557ef513822fa3d690c8c356856221250dd0f5c6e66c17b0877a9bafb8528

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.5MB

MD5
8a1e556faae71b0a4c4e79abbc0eacc2

SHA1
13dbc52018cf3fc3a481cf6669221c02b3264cb7

SHA256
73c5c8b0073de85d0ec5dcc8159e88ed65868fa59e9519541acfd67778456f01

SHA512
f53d57d2d41575f4b35b219fab3a8e2c29d300b484d6758c19d71e976fc9e688065ebb620f94be801f42e11b601c6a203cab4e4140e57fa22b556fbea61338f0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.6MB

MD5
c9cdc09971d242d28fbd555792cb2200

SHA1
11b731af5e7805eb6d12d230ee71590d8e2791b9

SHA256
bbe21df96a43c47b87c68cdd0c3861eb98a35000613a8723760f682c89e147af

SHA512
256735683b438e0905a0c1cd69b05e392a715bf91d982ff2e4b3c6f8bddf4b3688f65bed31669ad03c57231ec4fd99935f3ece0be01cab1ab9ee8b2f0142f3eb

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.5MB

MD5
3fc550ff20f68df0cde6796268782fff

SHA1
cc03853fbd2db1fb6082ab47b1058da22335e0ef

SHA256
37cf5343c8ca98703c2988aa66d0cbc12bb24b9145a5d45a517c8613dc6953ec

SHA512
0ff6f810752bc99a72d25ec560292a0a1b37054a9c52451abaa9de7605060898f067e301ef3c85dfc1b7305eba8c75124a6cbf58b515eca835087b2239429772

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.5MB

MD5
440d2de73b59993b736b7c713b54817c

SHA1
3bf2be36b1697031dc7513c402a7a323199052e8

SHA256
daeadaeb19e33a90a4f8ee6da768ef40f41bd0c960f17b64edcb302fe163c6f1

SHA512
90479463a232eb0e3421200beb1ef5ee031302b6c7545cacbccd5dcf74f0c8f0f6c2bc54f74649a2525795ddd494bcc515c48d788da0cf2d20c0d29fd73b1c5c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.6MB

MD5
c19e94bb54177ae9b804077dba68bd16

SHA1
1d20ad22a964a38d052dec321a41ad3ff5e9fa25

SHA256
7d32ff908fbbddb25787abe1b3ade764c9ae324daff9e65f738c287f5de86afb

SHA512
5e37150b538c8243155d098794a28340c13e810c940a71ec9bf2700b3bb2ac1c3cf48da8b927a4edcb7b0977cfe5bd07b4f60163babbe2026d3004fdcceec148

Download Submit
C:\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
1.5MB

MD5
10807cbe57043027ce9a45e74d99cafa

SHA1
022a668645506d7fede3bf0975544d69ba69f6a4

SHA256
4af66f921c71e06344c5adef2b1bbad4ed2bb457788b979771a9b0bee49edecd

SHA512
99a7367d9ff40da60f777313d53b7b12cd24ba190a5c8dd7dc84620df55c2e3751a5dfa3de471e8e642df6988b59fa3356d4ee54efb815085523b84e04482a12

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.6MB

MD5
6b4e5403e2bae77f264604f1021f1700

SHA1
3193c38c6f65a835fdd8d21fc70bba2e104cafec

SHA256
8f60755190c94cce4315fd04ade5ac9da32fff19fd5c9faadaf63008c1629a64

SHA512
599cf8a0523272ed873d7419a4d212a950c254e6f72fa095919568430dfa6e9be4eb98f921d632e83a8d45f922db268de072db9d3ae604f65cc11ea6bfeda28c

Download Submit
C:\Users\Admin\AppData\Local\Temp\VWL7724.tmp

Filesize
392B

MD5
589b16456dd0cb21b5a5c4ed69b9ef6d

SHA1
c880e5b7e57136b4df51e1a3ef0c3f2284c8a9ab

SHA256
b3d483cc370242fb098012ed4a2efa268f77427032637ca0bc9a86924be93c15

SHA512
7116b0dde3bc3e9915c6e83706c59761ea45cb05b1c6f2f6c2ec476d7cfb4631853b9bafd2243d46b8eeaf9a7c92bf3f005075f8104af90d5814112d2308ec5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZCLIPS~1.zmdownload

Filesize
1.9MB

MD5
d5c3f93d63a7a8710d34d874122e8072

SHA1
3c596334efe2c8e695119cc382544ccc501cfee9

SHA256
377904d074bef096d93d1ce74a9fefdd995bd9c98d73896a363c55d007145d78

SHA512
0ef172940b4fc710556eda645f80a904750722d205f1e5366502c8c64e41853db8632a21c062f8b184f33fcb34268a5d9ae98845966aa5b09f890bff68890330

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZCOMPT~1.CAB

Filesize
8.2MB

MD5
fbc4ebca2c981c8e318f2bd4ed22cb67

SHA1
5322992b225e065c4a48450aea929fcff91c8f39

SHA256
be22130f461e85756ffce3df193e27792b7ecb7162b567526c276232aea6a89b

SHA512
74417d45081829064064fa794203869620737cd90d2cdc7b90e33b355d193f37b4ffa27f46a0b1b2c2eed479a545f829f12e80cd07f89d4149b436d16cadc7fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

Filesize
1.0MB

MD5
cb8247456234622c0a88e204f37269c7

SHA1
d7ede2a157e222033b077b6a54a41d3dd74ec853

SHA256
5710fb5bc0a95d1e80d824e24c34f0e7e6557438bd66711a429a701388059a77

SHA512
0f3e2a9eb62c4e0e9d184cb62bec4d537dc7b716719e48952ddaaa4aede442c890e115266dc2cd339479e4a93993a3222cfa6366b5ecf0a5d5ae49dcce893037

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\vcredist_x86.exe

Filesize
4.0MB

MD5
5689d43c3b201dd3810fa3bba4a6476a

SHA1
6939100e397cef26ec22e95e53fcd9fc979b7bc9

SHA256
41f45a46ee56626ff2699d525bb56a3bb4718c5ca5f4fb5b3b38add64584026b

SHA512
4875134c664503242ec60717232f2917edca20286fc4b675223edbbe5dc0239ebfaf8f67edd76fedcaa2be5419490dc6f47930ca260e6c9988ccf242416c204b

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\avcodec_zm-59.dll

Filesize
4.2MB

MD5
f10aac8fcd563c066579c61370c38eb1

SHA1
0e0d345231c0b483c77a8ee0bf7db7a2bbec9ba5

SHA256
66e38ba12fdee6b0e80b3cd19e578fb78c2c32e28ca2aa544b9d2f91a623fd66

SHA512
5a9fc7d88cded656b005d7d94b9d6e75a6d6f9c61cb8a17a30548ea995a86d4a6f28f5c32058b15ae6f86a2e8384046306ebeb2799982fdff40cbf0f8331cb97

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\avformat_zm-59.dll

Filesize
613KB

MD5
2c0ac2d487db6d7818a6ddc0e491d9a9

SHA1
0975338a008168a48fb1e7cc14fd0ab20880fb02

SHA256
bb43ac1e259a808412aa3773fded77e4fa266c3b9b613044f47695f4f7c3de6a

SHA512
2c38ab2ff26197cc15c1af41dc436ca4edc63f23118f249c7d05063db1b9d8bfc95e41ba425f7f48d53ec52cf880389c7d0c3b7eae67ed4f6e572033dd2193f2

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\avutil_zm-57.dll

Filesize
1.0MB

MD5
af2e4d2387a0f3f5f4e4ee046590d92c

SHA1
a28265611b88162984da364022cf86e699ae0e5e

SHA256
078c53fac3a3588cea470bbd10fab3c0d5ad7fab16e423103414c6853fbc8896

SHA512
89b0dc22adfccdfc3aa741ddeb097fee3b442216c74f67f6618ea684fd5159a61e24a8fd4f124d76f947cabac1721f6536ab2ebf493cc80a0be4367f8a219754

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\swresample_zm-4.dll

Filesize
215KB

MD5
0959b284e94a818ba7c96fe4784a45e6

SHA1
065e4a84b0c5ba00def91ead7acf2e4867419fe5

SHA256
d97cbd33a7e101bca47f3a3858d5a7e758d69f5ca8f047994bdc0ec630b78243

SHA512
2a0dd7a6596139de69a58c6d22908ed750482ecb3390bd348a5cfe75393c28ea02e5cc47882cce88d33c4648afd603d36aaf08e7c215a0db5344e5f1a4e2b24f

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\swscale_zm-6.dll

Filesize
903KB

MD5
904a85c61ccb9bfeb1cfb16143b24a6a

SHA1
18c49083fb72b312cf33e151a156aef76df5c1e0

SHA256
f00ba5ba20d157eda4b6afcd1c96d50f7176576d100a9b88b6ddfbdae6137591

SHA512
4f179c22ab0cc9e0a2b497ed1bb24d2d292199805c8dc5675a6f114f58be3b810e6c0997a4a028804896651abf8358f9ed5819e4e95f92163d0abc4d2eef67bf

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zAppUISdk.dll

Filesize
445KB

MD5
af680a5f4032243d10fdfac9434994f6

SHA1
dbcec1adc1eac5d72dd1ebd691fbbc8680e9e769

SHA256
843a34ef5af81685adda5cff4c0539d302db3d80eba2524b104a36d33250b57f

SHA512
3fed71616496bdee443d8c7486d973638b60a17e68d720dc47b144cc2e7869b5bda4787e4e0ac09b57cc4ef5e58a44c545c3c0d302c35a3a2aa68f39ad43bac0

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zDiagnostic.dll

Filesize
1.2MB

MD5
dcde5086008070e7ccc4d13345f03812

SHA1
0982a52d04d2046f101584810be084bf096c6e69

SHA256
ab44e6dfe60f6f5e286fec8d3d5fc872cbc0ffadf379a8b23c62ffd5e1d9efbd

SHA512
bf106e27af59859a67e462578cf26cc8f3628ee1868bf59aa7222488d7f6b5cd4dea59b8d9fbda471d7cafb6f285d77fdfce7f06e1210da78b28961697f12fee

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zPSUI.dll

Filesize
728KB

MD5
6fc072de50629b6a7f4fe04677b26252

SHA1
7ab34ff0235182a2aad50f982fd920aea17892a0

SHA256
aaff3aff9e3eb548ec5d31e19ebb1cb79935d3d72369ae84ddcd9c942fd0c9f4

SHA512
8d473bc2833a8f7aadd5650c371505c9ec160c9e7b443db5b528c1a4e2727eac41ca163763ad2308c19dc93a731496fac003ae978e8d62fbca499aaabc82fa91

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\bin\zPreMeetingApp.dll

Filesize
2.4MB

MD5
900ea18898fcaa0439d112d841ae80f9

SHA1
e9fb732b26b874a56a97102e5380572f6a16e9c3

SHA256
a1a446f2626b2af1f45570d6ef833561e3793e743f9ac3a50353d3c011ac8a20

SHA512
fe962b00941030bd823096d41d6c66d0a4ac2f6065c91b7cdf20b17e3163d0a5a26e9927366fe239a2779a2b9a6c0e5145b07a094e925323f899419459832760

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

Filesize
391B

MD5
016ea457b66690665c64ed1daa616a9c

SHA1
3435f252c46c5c6a81940c8e308a51edad5a76b9

SHA256
a02685af794eff7555b6205ebc0575ed74de5366953a3de2472fb5e682d7635e

SHA512
4fb2b5c8bb1ca61c04b10d0482fc53f590a19bc533c16125752763fcca52f92dc1e70b42e39376556aeeabd50af6d5eac65493e5fd6d9d935d50ab8ce549e56d

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

Filesize
420B

MD5
e1b92b4463d8ef3dafbbe77b280bc03e

SHA1
472f562f03b53e55238da5f11ec910248181b671

SHA256
f8db8c2d2b7201b0e1be5a909ca49c3e3c42ed72c13426a0442690ec3099a46e

SHA512
38f0201e4a7e716c74f418213fa90ac0dec293e35d31b5d65e34ea4336172c3e511f652554e2f2b1c6a15f65895577ee1f551b9be94fd2ac9742b751e775dae6

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Droplet.pcm

Filesize
856B

MD5
923d4747324854f50ecf69324741c8ca

SHA1
4c19f847fa8fdf55e27b2847bfe09789adfb9e59

SHA256
3568dba00a55d25b736737a48163c13c1348afc5d4022a29ca0d3724d29ffe9f

SHA512
4ae265a89f693304fbeeb661d46d0cd96304083af75b5c245db63a632f40e08ca280a68f20115c6c38f5202801b29084633ffed4da16304689c4379f77693a0d

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\archival.pcm

Filesize
5KB

MD5
2da32e501e9720b40d438ff7352a5573

SHA1
e59fdecd75b2c8cb4b26bb4a2b3c622dca8a2e3b

SHA256
5e7d1491e7d6969eb67646f87ab2dbf0ff1d1cb4f5cf631128a305e2b67d4a1b

SHA512
5da2c201bfd01fc1ef1724acb0f6fddd7be39f83b6fff5c80aef71c96f14d30c694da82b1c41183b2b9ab9ef99d45faa657c4f6a984f87a97aef08d9e824ccee

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-high.pcm

Filesize
9KB

MD5
c32f95839557340b4b4197a68847ca1d

SHA1
0feed637c4766b9b30ab6732259670f8c12c5538

SHA256
0a16435cb3f7b8b1787476575ad646361e6fb4c07587df874940413de004dd08

SHA512
f5f0dd4a313ff6686bed5090aaa64885d319b8fba51fb2722b764668b26f06ce95164444652661b027e35f3c6928d3919422e4816bbb81bbd0f7914869004700

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-medium.pcm

Filesize
8KB

MD5
aa93ab138ec89cf7cfb8b4b0ea8990a6

SHA1
d13b139d666c76cb12e1c0280c1343770adc8aac

SHA256
d754fc9d9378772b7a17a53e6598c9cfe4a0f3ec492f0ed30241020562f58509

SHA512
f91c59cf1b1645b24997a1201bddb52953c0904f855b78add275d71401e4f9e6bcef59fe1d7205e222470689dacf2d55ae752cc2be66bbee5258db284b42e6c6

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\crashrpt_lang.ini

Filesize
7KB

MD5
fcf61aed8f093bfcf571cdd8f8162a05

SHA1
8de8177798aae82d5bcc0870c1ca5365f5d9966d

SHA256
1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb

SHA512
8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong.pcm

Filesize
3KB

MD5
54511224e61e71d2915ff67e57dcb268

SHA1
ba45f16f12d2e29480952367c0c6bd34fcd16827

SHA256
7aadf0e317831d287b51e41992b43f0f381ae48a312cb77a426eeb3b6129d6d7

SHA512
46b4ea771328a25c6384d5cdff7643ced94dd446830b165f80fb69df2dd2754062dca0636604602a7ebad4ce29b3f8ef62a81f59cf5502bfc78468c8c67a41ff

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong1.pcm

Filesize
4KB

MD5
8fe86d9e8aa5c709bb0563243172e580

SHA1
c22bb02d82516a66f8473dbb4209bf22bb60fa14

SHA256
2fbbb9ae6a463b360e1459bee558dafa8d864db2423f0fe4d2c56d22c3f3a5a2

SHA512
6c47e964421ebab2c0c6199b97fb9c61b0a228fc654abf2e4d2bbaeec9640be2a5acca92474dfdd0b43facc71c60a9c9ba727d300cadb6128ef1f3dcd9a6c10f

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\directui_license.txt

Filesize
593B

MD5
ab54b14548a4cc76dd7c27414d971111

SHA1
68a3888b33ee1c5d5efb913846867c9a8788cadb

SHA256
6033476be3d1d41166b65984e2be94c87ac98dce55bfec887e932b696e859295

SHA512
cc8c4d90efedf4aeb3ba3b64ebd0e938576867618a334bccf3cb6790338c6a1da239393a618f6e6a1186cb363cb514ac9528ada51f0090fe2fc709e5c666d971

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt

Filesize
1KB

MD5
7faec2006bb231d14b794a9f31769448

SHA1
c2b5a34fe521502f6fca3031201b47074f30f258

SHA256
7ed2acca31a243ba107d8c12fddecd52462fd326d3d2c73b04d4cf10c76765ff

SHA512
777e0ec5d6b599fb0eabb8180fb6f302012ff12245e3de6a3dc568798cb057858eff18b08dacd28a72250236c4767abc2583670d92a946f684b45cb5144bd7e2

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\leave.pcm

Filesize
3KB

MD5
3fcc19f6a199e97646a0ab32423c9332

SHA1
05613b14d6c7336b24e9779963d245098e73b40c

SHA256
efbd514b0ea241a560f1333cdbb90a9885d5c70c01ed032d11b8a672b1096a04

SHA512
b370ad863badd0d86d982eada1fd98306b686ef1cca4cc522558cbde40257effa96afd7327141beb08d9927a6b190e0047ad7978e87a41bf299f030c1cee121c

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_chat_chime.pcm

Filesize
2KB

MD5
b30a997b4a9df68d8796eef6f457f4aa

SHA1
23890fbc1f66c1061c60b8287659566c69b297d1

SHA256
f2ff5d73ee2a89135094ecb5165b30e351bb24ee4eeee95508f311eecdc9811f

SHA512
8cfc3b13d7c2ffa0438ab12669aef756bac76063cbf317e449e5ba4127c0604bab6fba793866857f4a68806e9ed779c0c521fc46c5ae3aab42de7c72d98613f4

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_raisehand_chime.pcm

Filesize
1KB

MD5
cd7d41d5204013ce176c99c225016d6d

SHA1
996ea48981e81ecb107cd77fd0d6e35edc4d4214

SHA256
cd9b81d47633fe9aa3f1020d895161de8c31797b365f93dfb22a60d920cc2eb3

SHA512
44afe616a2596abc76cf9f862837b26c00e6214a08b61c6569e7ee07ab4331f4968d718889863cffc74ceed55ff377932432c7191dba4efdb638ea3b96badebc

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt

Filesize
880B

MD5
078690812af4ba8567fcc2af2ca1d307

SHA1
f4f94babc436555d2f5992e29aacc47433fbadb4

SHA256
e82bc3dd03400aecabe12201219ba14750dbc4b36faab58663a7a6068548d372

SHA512
f4e1f1092ab90f380a63ed1954023722d265e32f7f3d9b86100fbfa7d6ecd8c584a7dc22b4e3cc4182957136e2d765d0d6a293694b739377c09b076e5fe448fb

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\beep_intercom.pcm

Filesize
1KB

MD5
618a307ef3efad70399a6107cb1ce9e3

SHA1
8b42e7fc116a27a3fa868db49b3d0204f42cd913

SHA256
32567197286cbb2dffc282f7cae8d46d13af9d5e83bc98773a836904d244326f

SHA512
3181f538cf34e09de3ced6b702eb55654888b3b533a339eaff97f6f6da9014900f076c76ddd407c0c3736156a896fd23a07952c04c06664103cc74f317b8ea74

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\double_beep.pcm

Filesize
3KB

MD5
a2243b1ddd8cca6c40030020b57c606e

SHA1
9d0084832970caaf750335d5b27a3104623e2275

SHA256
e00dbb2ed88cd107bf384102e1353bb8d3a777dd9624a680579e4267080888d7

SHA512
04ba003ef55787f3d19006e8a3489b861ab86834acec445ec463172f5530fe72472c0bb39f62ff8d0222f388b63a6b2e28f5919fbbccea416654d7cc13f68b49

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_0.pcm

Filesize
1KB

MD5
285974390c5114e6a8e91a2d63266a38

SHA1
f5b5b5ce959380d0358c463e2dcb9cafbe709843

SHA256
394c441e19f6d34b46baeb7820726f279bc71d21e6911070dbb58e67568ecb9c

SHA512
de85e1fc198fa235bc233cfd45747c30a8247af71b83e8ca30800cd754e6c45ae2d9754e4de0d51e3f2aed26ff8cc829d29374960f3b434e48acbbdf530ebe43

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_1.pcm

Filesize
1KB

MD5
842932d135c62a4866c698cf415a13d1

SHA1
7977e8280576cdfe14449e0522a824342899e21b

SHA256
1a5eb409a8dd747b37e24b3a7a0c3c8aa7c55778a9bf4a71f4bdf3b5ad298c5d

SHA512
a34ae285e13cf25beb93153f1de77c6bb61941fd4d8f91b9689cb84d37204072ed4ddcf17a7f2319393db6383a949d4d0a8722245116f6aee8ef62524a403e29

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_2.pcm

Filesize
1KB

MD5
d30328c7ec556e0fc8537d1a2316c418

SHA1
bbd09bfd865686297bc06ff35fbd5f56374e3dc3

SHA256
37db0a7b3ab878fcdc1da65dc21c006daba8791c87ae37d000d516cdea9d4804

SHA512
913c7f778f1a954c43c275e544689a528fc4a59d30f1d315359191de60f9bc9544bd322fc6842b63e8931e8f0ee8579f63a3e810f165d92a2f702ad3d8e5b6e2

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_3.pcm

Filesize
1KB

MD5
3913cdfca0b0dfad1c11ab3cdb81dcbb

SHA1
92e17b1f78788d5b98bb539aaed018fd72244411

SHA256
f8902a24f7dd5f4355e684ac1cb0029992581c610ad011ed2c900f8957c104ad

SHA512
43d22a611b65e10b9bb4b8405a993a77618c24d8866032672d43911707ac9f6497826cb6c975ae422c7d61412d6bb2d2df0412fc7fadc0e5e5f84ea09c7475ff

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_4.pcm

Filesize
1KB

MD5
065ce5dc0d49c48589a3eb19603510fc

SHA1
d0852569e60486c2d9206c35be826ac4d23f79be

SHA256
c50e689f830fea83f82c6cb2e5472b3827c5635490f0d2b0e56c346bad616a64

SHA512
c4661a30868376a7ed681d4d984efcbb8af4a7449059f31225c63ce1cc88a3b4a7fba3e3047f2b29a0e0e437e8b4832e888f65ef86ea40c2063aa0f736c61307

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_5.pcm

Filesize
1KB

MD5
532231d1e36ea53a168830033cc0aec5

SHA1
4407c14ffe5b12b7100db43fb011564269f702a0

SHA256
83ef758561576bbaa981e976510b74eeeacc181834064ba7412eaf876cc25290

SHA512
05bb2d8ae7cf3ead9dfbf05fef4983ebfd4f5a8991ba43a92191a1a97b485dcf17e315b9a8d39300c71be7114f15f0113a75c6648fcdfc46b46e6cfd2b3ca0fe

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_6.pcm

Filesize
1KB

MD5
a8e1e6ab27026fcc27307250e40dc64a

SHA1
a3d1bcd57edd4aa3f52c259a5b72c120f040d583

SHA256
ffc6da3e558a9b25cc03249f675aff3bd3ac21d54435fa8b23f37cbaf54dded8

SHA512
c82fb729e9aa1fb56efae9b76f42567b871b2626c29945d0e6b51e4f876f43b97b8bc5f0bbaefa56cd8b881def405c6b8a44f331500f169de80aba120c98f766

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_7.pcm

Filesize
1KB

MD5
4f9cb5dbacddb4099469ff30fb61490f

SHA1
0a338b3aaa04309584af7ee0f14f1767afbe1da7

SHA256
79f7a132b33c6525ee483231a53b8298620700ab21343cfa70d716e96fd12b8f

SHA512
488fba0f24d2382dddd25c05531a5f61683f774dd86d41b652ce9473224607de9744a5a4463907930eb3b010e6f97f7b7d1ac5a9daba8453525735d338399a5a

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_8.pcm

Filesize
1KB

MD5
a9293ed20c46e09ebb87caf37e92f3be

SHA1
dd6e3ca3ef79d26f71fe432a2d928e9177f13205

SHA256
4c682a59d37c32715d7e82c1592fcfd51ceaaca7fc4464817f74d0c005a02372

SHA512
ae2572da5274f686ab5b2ca05c273e103e037f1b2d21775f86e780a6a4e97f61059387a063e86f276253011bdaf188b2ca20cb29ffca5803fce5cdd9a69f38a6

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_9.pcm

Filesize
1KB

MD5
cedbfc417b6ea8e076c99471e4d746ad

SHA1
11d95a6490613c3d7f350f5525ae47ddf244a5f0

SHA256
c5e274011991477635400e5a2c81d3b6cc12c50a61267b0ecc70077cb92a9aa7

SHA512
358120f75fb51a89979cbec3c1dd0227e286019025be9308e81f5e2f4c02cd9bb0022bed4db357d42990c5f0503aadb88963d7062382d9cd832440e12a338cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_a.pcm

Filesize
525B

MD5
6a95093e7fe3117bb1e614fa9727bfdf

SHA1
1df81e069ed43aeaedd8dce9d1c8bf56fa6b96a7

SHA256
d705d27155e39da52d84034389fbc3953d98f2e7a6007c44cf0ea1bdda4b3bb5

SHA512
925d6b17cec73d8ea98ddc3b55d17c6e014a5d4504251563c5d5d55a9b7f8caa43dcc6d7989bbce72a62e1708a54ab7b09bdd84f79da9010bfebf6cff7534c99

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_hash.pcm

Filesize
1KB

MD5
569480b0dfe8b64b44f72e5740a58230

SHA1
6f4ed602780fdb7c3eda983bcb29007bcd8fbf77

SHA256
1a256021a62abb1386eabe58974db5bac91c622f9fecddc9f87216c102c23628

SHA512
89f6452afa3aee5265de3eac9ce0a5830163187abe6c5415141133a0b9c7ea091dfc198cad0b4662588b8f3785c93e310feccca3200b13af0c15caff7ab45d1a

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_star.pcm

Filesize
1KB

MD5
814b4f610592e7d68725f87b04dd5691

SHA1
9e3f0489d1889b3201753730211fb14ea1fc1e21

SHA256
719f8aa3842eef2b413eb8dff026c2b442acf051af040b295af595ef207dc32c

SHA512
929f10fc51e71759d375d82681f6b9106932b27e0cd39fcd0fbacc2359d1907631a912d34958628c651c37617bd4d5d9db93d321f0592c30d0294428890abbd0

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\ring_pstn.pcm

Filesize
13KB

MD5
f199df8ed884c5af8fd07aa0e046d19b

SHA1
507ca087de97053c4e65f4576f78157813e6c174

SHA256
0a23d9800db639dd5f40ff0e1ca3df5729df7ab81affd1a02db445b4b0ab235b

SHA512
176a88eb7df30c78442c435f102f865e1f8c8a6d0fa03f1af823cf6b7a3c290e50df229b8775c9234f09a0ab5643410f5e00bb4eae550c13cb59ee3d4147d5f9

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion.pcm

Filesize
3KB

MD5
388728657dd2d77d2257a90b9c935650

SHA1
17c15f9be8b263c52dc165b3395d8d92e72ec313

SHA256
dafa23315ef2893d200a88b65b8f455e788acd616d0634c35385d460f07c6a61

SHA512
5b4b298df61c4bafa4f2b4ffe2193ed331460ed922a17f2abedcd20f6f1b1af8719694299e367af0ba757ec3496d99fc67ff1963e27195ed30a95e5dbe97a2b5

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion_pause.pcm

Filesize
17KB

MD5
fddc411010d812fb444d70781e253ed7

SHA1
70f75fbb27a50f80e78c1c08485928ed0f05b3d9

SHA256
e8c8ae4267e1a14352d631418b4fb16d767e3d42aa9528adb5cf378a219b96f1

SHA512
155176a313b5534963f1166139403301cdebc5ffc082d48058975da4f60e083ef25e21dc262e20f0414aed049b746d630bf668961ca486200c327ebc554c6488

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_start.pcm

Filesize
4KB

MD5
ab8a5f2981e225d3edaacb520083835a

SHA1
c60c383fdb6850cb5013065576de87610270fba7

SHA256
193c4ffea3de04802e97e9e62fcd8533d8ca53e7306ba113a2234959b5262eb4

SHA512
4381f709c5e9d0172027fd2fe65ce37b0444087d3e9d7864cd54651cdae6e8429653c02ebb7a55a5de194ccf0d674f376961b012b088e131a11b7352f1ba69dd

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_stop.pcm

Filesize
3KB

MD5
0001fecb6b6e044d221fbc6a7e22e313

SHA1
c73a6506c92d9a1188aaa793afbfc1951cd5340a

SHA256
8cd8b4d3e8447d82dd045c7a3a8f175b97376c3db5895506cab0af6a0075226f

SHA512
1588169348727306e9c4ab444a7857924bcb88e4dca2be8e3526a2227cf117702c47431325df1c83f71da34bb35c28d1589eb3f59cffddbb3dbbe1d00d8d76de

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring.pcm

Filesize
8KB

MD5
15f886cbaee088418b6ffcc29115c64d

SHA1
9147beae4e9138ba609f67e75f9cbea7651ca307

SHA256
29792a0893ed2457c3872c4418bdd71f5e6c1b8e5894c2c921f8a8f8d797d4dc

SHA512
e5228897cffb5e05a7a66471c52089ddb682d544ac3b4ac312804883a2d335b60edb6236286dbfb6934ed12715709f8ffa09dc7014844acb89bb1b0e205a2daa

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring_spatial.pcm

Filesize
257KB

MD5
d60d149441ac263dcb477cc17f29cf35

SHA1
a5f8bb83e31164070b9b904a1af694f87be96a33

SHA256
5358f9d08ca9c8f97c66109cc804d90d2d61c3d18a7c0da230299cbaab239b17

SHA512
af3ccdf19b7088e491ad98f0e23e448253c87fecaac9f9434fc49ff201750dfa22e1941a6bafc0faa4930e9bd9e2c3a8db38b4d10edc999b7034fa760e8d3758

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\wr_ding.pcm

Filesize
2KB

MD5
c9318cc2306bf6b1ee74a5987a8d371a

SHA1
f482d3de9e8dd7c04344fab37d067a08233b64dd

SHA256
58cbaef9b7177a4e4427ceb303b852463964a5ac4e979055021eed1901ff164c

SHA512
04ccca6ed6c13872e8d967a9eceb7b485c5f0f7442259395773a1ef168fcf317e60e22ad2840579e4d8b849d1606190cf5dca0e00c2f88cd1891b8206e9a5ec6

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll

Filesize
194KB

MD5
567e757812fd13b61ac15b3375c3a950

SHA1
77db7349e045dac677dec8a200d05346d28679c7

SHA256
0fe4e1bd5c6b53577b21a1ea30ea806441c8801275263c834fd8a89092a175db

SHA512
7ee5b2b9db67601b78de72f27925c52daa3d3a5ddd853f0f8365aab154f6d20f669bc6ea77fd230f1af0c57f98f617bf3eed884b2ee2bf88da684e6d60f8f7cb

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll

Filesize
2.4MB

MD5
30e7afc99cf1455b9f2dc14323e26766

SHA1
4e3e9bc67a1f764874f4dcf9a0779ca3d7212d5b

SHA256
7a8629d78e5d1a99e2cbff3d8ff216699a49d974413b176e3615c747a6dff076

SHA512
f9f9fd7ba633b1fbdf9ade4414b4eb14fd50d97d5e371307686c066c59178783a5ba4317821c4e5449330815951bb6b49122c65abf844de349a3f0ecafc85f1f

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe

Filesize
167KB

MD5
eed50062e2d1173e2a9adbb93e0b49a4

SHA1
a68affd7ecadaf9819cf5e03caac00ca297013bc

SHA256
2f26df1bc645cba8b40d462ea825ddd9e4609354f57eaf7770d18e96a61f28b4

SHA512
4440a4e6eed99c4f3928052e7f0ff569bf804d0f1e51854bc1fd1b9ab6df2aecc4337d2642422a9b42fb1faa8865fbc642c5152e51dbdfd3f349d0e91789b7a4

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe

Filesize
962KB

MD5
4c003fd225d71c71501755d105329b5a

SHA1
98075e26d7a87dbd07e92f490c898a247ed1f3dd

SHA256
0319040d45b1efce7c78cf0d2e05553bd59976066a727d21679aeafde88df363

SHA512
6fa6ffba059562ab11a0bba9c8a20b60345b7bc4183e2e40ed0055df6b9d48ff7b374dab0897fa212801aeca5fd786afe893569bd33a982dce98ffa98460bade

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe

Filesize
394KB

MD5
c391f6e8987c3578a0f6ffb365b94908

SHA1
4da74521c69aa080f9cd2f4d9f91f1f9731d89f3

SHA256
4c590085ff034db3cd52a330aaacbc2d53bd9326c6dcbe5438786e85c746a95e

SHA512
62b1093b55beb4b4c08736be4e212b4c8672cd5c9bda8fa36c6a6e90f30112779617c9aad42ccd2b97a9c8876715ca22108eb169585415c663e43258fcdb3a44

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptService.exe

Filesize
388KB

MD5
0860eeb4990a646101ed1574bb53e409

SHA1
d92ac7bed9506310f725aaad9c34821c780e115c

SHA256
dd7037c67400ab8e13cd8bf4f38162711bcb9d4d59fc9a197d3e534e3519bb93

SHA512
5290117f6999123da426c601fa0a11eb6dc0db8d6c65a01b18431337a5d39830935877dcc5d4e2b275adf13a7d70071ddbc69f6a6bf683be3a967417ed5866e9

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll

Filesize
384KB

MD5
4e4598e20db6cbcdeba8e1059295c259

SHA1
37327ca49d2458cc7a92118663632da096c8a27f

SHA256
f3f25d2b0369edec4ad2f3b680c13ebeba00b4d63c7ea4a59bea5cef9aeb1ce5

SHA512
d7b0918acaf38331da5bd11befac86c030efa8258e91246e4f4bcf44aedaec95e261b16d343564ec8613a6975e02b641d4b52fbeac3cc27b43bd500bb03778a7

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll

Filesize
1.9MB

MD5
992e29e7fb5ae072d8b9b53813f33cd9

SHA1
ed75ad514860b197bf6fb30a669b55174bbd1797

SHA256
7518d9c70a6480de402c45c018819f1903866b4edef203c59e02ec204f56103e

SHA512
e169686b2f46bfdf3cd1d5230454709ac9183266e570e9104f90db8bec314a3a33e3afff92f7c5bf94c80b527d7e4442f4a9754f85c287b42efe40eb07df406d

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll

Filesize
1.6MB

MD5
96048dd4225b2a18e0cead8f8a03c506

SHA1
69ff0ecafffb223147f8bd12de35b4586333d8e4

SHA256
237550ed2c2ed81eb6cb51849eb3ca52ef739ba634cbb07dbf869461352c6fb1

SHA512
a2c543afba66e451d9a97912acf41b38c6601fe9373f732d4404a2c7dd4786177b6f2067f2b06c0a91ea0726998c730b011d56c08a2f936cc44336dd6862ce52

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll

Filesize
158KB

MD5
aee20ef43cf692c9080c5973b1b79855

SHA1
b3885791b0e122f8360d6fb7c0e0ac7fe4fa14fb

SHA256
31423e905e29c8a40a483e81dae1491990805fa066634d218b35bb96692bef0d

SHA512
eab6684095c0a7555d921fb1a2e136fa1d761c5766c48571000a97403e6d437a3a4833c571f86c039aa8307fb2fc3fae1acffd63085ae9d2ea0d9e7f9ec1ace6

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll

Filesize
2.1MB

MD5
f0c8c199db433605638fe67feb1cb772

SHA1
ad64d44caa3c485208e0157d20054432afb143f4

SHA256
f7e5d278e67b5db5679ce5880293e789442b91c1064c398a10fd03efd363c64a

SHA512
2d70ead0c9ed07b545ea78f273dc0ab503f5aa8a4cee53b8867476fee0aeba3ed25801ede818f697a00d661cd58b7213ed1f848b897760d58ba81af3441b96ad

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dll

Filesize
958KB

MD5
d4dd946f5a74360f73d42e452fb1661e

SHA1
8dd85c939c4af3c6f2dd001286a25b4eafd906ff

SHA256
5a3bfa621ca6e30e0c692b4d86b44d6fcba3399f8e26cc7af81d68f9aab16236

SHA512
225fe077eb1e3332859224da102dd61f15fc56ffaad3b3e830b2d50180f4d13fe8f3f91fa408390c728218815205791a258c03645bb2f3f83bc3fef36e00a371

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZRCSdk.dll

Filesize
1.5MB

MD5
0632e6ca8715c502d652ea2b872ba41a

SHA1
7c4c3771df7f71a192fbf767a2c922e652df3de7

SHA256
f1ffe6d0532b99ad4c70be70e83d5eb45e98874e961b32908f06fe5b14163b11

SHA512
3a5fdbad2df4d6b2a4ec773b6ec11000ecfb5ba6d0f34056b2c5ed0fde5b0fe9d7fd7305221918bff8a28441ae5a9630f780ab380cd3b363130ba608708becec

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll

Filesize
264KB

MD5
75e40af043433f2841ea54b62f0dc04d

SHA1
b655e846b5111fa9d1974bcde9b21f84e81c5618

SHA256
070826e3cd68daf1f4d2b460b6fb0ef2358ed885114d0abd0ee7354e9e01d47f

SHA512
ee3986616389a791e518ee33cd4a0c26f24dd18b286734914d4f109ff401907a6626416311da791bf63b098583e9da82ab83c39f3bb194c5d4582f6209c7f01d

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zm6Res.dll

Filesize
147KB

MD5
e7d40820a6ab5c884f1e4ef7ae0f3979

SHA1
2cfae89e0674476671bd504d62aabb380027c137

SHA256
d30fa496e08744d1062d1bb6e2ee8e4a7399ba13df8c339ea4670a64cadbedd1

SHA512
0486b6c1329b12011eff9b6778706e7e67fbe050e98c2f9a8066e52d17b5f662765894b58d68e2b1827cb754035cc0ef2d39abc910e994d0cfd562d4840c7a03

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe

Filesize
422KB

MD5
10a8fe6cfff35e4670044c6da1369ccc

SHA1
eb376050c38602b0c8e364ba6efd9e328e693f3a

SHA256
12ec46e719c0f8b1ecfe65a258ca81fd385a43015ad27d3ecda2e22be1983d0d

SHA512
b9e35971f61a3232714b16e1bb855779a32cf58c47b5aa8bf9996ad5f6e0d84c0bc8cced8ae69a91d31175d14dffcc5b78dad8bbab0e01415665520df6744d86

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe

Filesize
339KB

MD5
f59e8483dd7943fd3082198cdf5fbc33

SHA1
fb63e7de30907a20120148dbc7e50386de59e081

SHA256
c39a1b4ea05ad2cb3d8287760f8f5858b8fa00b83a344a68c003fe03b79a75ed

SHA512
2fc24cdfd9c06f7e974e32f19b28f6badd3ff067d74916f09bc3faa8b812d0e1643c62387e8558366bffdbae5454c9807f5ed470ce80dc21c1ecb37377f05603

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml

Filesize
11KB

MD5
2a9ee458d5ba0cef7b4c21d6122c31a2

SHA1
d3a776bfd8460bee340535f9b25a22dcb56f7b64

SHA256
58d1c7ed93588e1238c1f0b82e91898c0499049b5539825a9be623f5a2feccff

SHA512
d6e47a80fc9115d9ec40d619b9ca2ef070d77d3bed7b1c2693969eb47f017e4bbc5d4f0f299a50a0e8ff79740fc57e9ed5e2c49811386cf05608406355e8b64e

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe

Filesize
658KB

MD5
3c1e08a75e7e68e1123bbd362d756742

SHA1
1585df5b0eb1f5d2a400a1adec620a79046d221c

SHA256
8e6ab85cfba3df14c716f719a2dc74781e5271af6482b8757447b46230188d67

SHA512
f373eee04a84cb74961040269ebf6f804dee59604fe5b35a7c5e8a09171632c545803b5b3cb14b34633853e6ae2e83ff5f0185668e1a8ac44cd8f2e52c783cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dll

Filesize
310KB

MD5
bb879636a5950541c212ec306dd59b0f

SHA1
9171736ad511d94629bb6a5ea9bd051753a47cea

SHA256
7b54bcff6af481d51a6b46a9c97d8513959ab1a0eb685d5cd925d1c6b0b28a10

SHA512
64405744cbbf4bddbf05767751e98df5a21df3ca3b048992e69320d17c9128148d484ca0e4a6265ab0166fe9ca4c2172a034c8c45dcfd1d0274409e9e823ddf9

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe

Filesize
415KB

MD5
d49d05618708222fd0cba5d7818b0acf

SHA1
123bebb2814c9520840d002bcad343ebf4246c85

SHA256
f9a2ff41762a377af2dddc89442551b2bf7fb3f98139d6b2729d96227401b0ab

SHA512
e3e5a9f7f9127205425ce607b62155b22532cd15658700fb37d99d1a9ef8add764d3bd774dc9f1e4959da1a3e04b1ffb695892cdc623ad6bed198af4f0ca78a3

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\annoter.dll

Filesize
1.2MB

MD5
691a4c5f66b415d71a1a246dbcc441dc

SHA1
d8785abc8ad0ca6fdbe1e5809bbcc04fe1adb81a

SHA256
27c22c80e6f355e560356bf492980aff7fd86af291617f411e5b000d06d37af6

SHA512
362056c7e9f6955177f883b9a8546da3aa412512ec6802aac86fd826644ebe50c90ca2ccc915b6109c3a214331f1783a7fddf45cb9ac285debe9ff8cbb256aa4

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\aomagent.dll

Filesize
363KB

MD5
f9bec5ad997857bebe94435b6f991793

SHA1
9f5b49c17cc80b66056f9921343a42862e2f6c95

SHA256
8ee52d4bdab795b647fc74080be2f43f3ed0b4111a083d960615ff019aa7b3d0

SHA512
8691c426549fbbf84b39744ad64d636a7729cdef11916fcd59d0e05c6869a65b8d850d4780929b3f8269b575a9dd2d2973ea0f206b0de94c04d5c1f54c4f673f

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll

Filesize
241KB

MD5
f74d9543e908069caca39eaa8831dfd8

SHA1
d04be65c26048b473f6329cb90a86e2c51d8338e

SHA256
18b0a59015b1cfb69d224f87694c90ac5e7a5a9c178fd200a412fa4302e9291b

SHA512
c9e4ea36cea52ca746bd1abc5df614262330a47d229fb8c42bdd7834916259975671edd7867bb91541bbc0975302e1cc6f6effbc98c1005e1aeaf797d9231df4

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cares.dll

Filesize
170KB

MD5
a101d1d777b7a849c5537070671b34ad

SHA1
a773ea0e9ad133bcfe2e4ab74db45a2a30d0c134

SHA256
9e63f64611beab637ff0e95923584fe01f67ddee50b3390a7178b73f903ad791

SHA512
e274294fb572178f625260a04c56d78ea6ecd1436fb229cc25d346e976114887d2781eefa4708b6e107d83b13bf66d2d281226fbff9d66680d8943c78c3604d7

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cmmbiz.dll

Filesize
663KB

MD5
f041af038065755e7c37440a450bf47d

SHA1
00cc9c0fbfbfc46d7654c6a8c14fdc875dcf8876

SHA256
c972fe45c91076b06e210134f963c41d1965728afa4660988dad67a29e9a15f7

SHA512
cbb694ea9d52aa326ec18679ca34c14c4edf96eb3b1ee50978146a24f4107ead21036849a608887683720f64495bee62b3436908c499da7fe5dd505e2a359d22

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcrypto-3-zm.dll

Filesize
5.2MB

MD5
d0a6e5d9e91cb39e54511a023c2a8b80

SHA1
5e98ca30155c0c396ba81511e084ab2e74f919b6

SHA256
d5fe29a3ff115801d8f16b2828ec9872f16cd939d0d87617e5d932b15440b0a4

SHA512
fc0792e98040b3644f9b402f79ac2f15bccbd4fcd148b1df1defda732a001401da7ba98b0c5d68733a4fdb89887706288e033aefec811bb4cf1be50651430fac

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll

Filesize
255KB

MD5
34ef5c5161e954d940e30711717ba406

SHA1
d75e72ac61ea0ad6aed5662dcde19c570726e971

SHA256
ed6c499354a9a3752102f1dc62f00b86d36f8cc1cada47aab4ca959ab696e379

SHA512
edab0cc5bc0cea308ced0ac446bf7518cd88092fa7646281c0225bb34fcc127e8369febf07be038d0cd4451f872657c1a83486a5738fb41c6c547cd15db83b58

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll

Filesize
821KB

MD5
8aff895dd10ddeae4cfc104c99433fd9

SHA1
b2d42d6b74d3d08901a49c666ed6c56468e4e871

SHA256
5df8560dae671f9c597e90bda6078871410db21d4f658e13a94184a087feb07c

SHA512
a52df1e69b6187af95a753a99ac2211b93e96c40d5c70dafc77936f7cdc3344c8edf9fea3843a019b897d8c687e1b3ef46d8b6d45f9c06ba53c7327f19515d69

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mcm.dll

Filesize
1.9MB

MD5
a6af6b1a03db32806d29df30bd261637

SHA1
08ad79792bf8fbbd6d2a89c6a27e58fd055ad810

SHA256
6a09a04fbc4f152bd364d4358dd09a5dcbfc5985381217c88032928d79366543

SHA512
a09580c7fdeee83921496561d295a908d27f833b445c800b0bf25f3d29a8a07e73f6d9eb7d07f40b43273f58c0b4fd42840a4e0645f7c1dc8f000b1d9e115226

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll

Filesize
141KB

MD5
7b1a0b4f2e67251780aaec02d9757fc6

SHA1
4e8bda67d2dce37ff8a1087d0fd449df67cfc27d

SHA256
1d4b0b23ecd785ec0fd305cd3a91297eedd3f6c475087b630cdc2bb819e1db1e

SHA512
a8aef50ff6b33adf5592e29f903d4716997939e59a1abb0ec568110e5acbae13cc37aebe02a241c0cd5d6259ffecd0083d327f8d37b750510a9bca5ee9bfa0c7

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll

Filesize
52KB

MD5
02226b7dfefb733ae636caf4dec3f7a9

SHA1
54c79963ba0306974bf88b64d03c88b5625e394e

SHA256
9594c5f95ca741aef7b15fb3155573e411f31e8f2fdb53c21d9eecbf57733e5f

SHA512
d797ee76f4b40939394c537d18ca35d0870684605869d71a0a56cbf08ccb92308591d09f6227dfa08d637284a85d7533fa9e35bce4bfba25b2b8bbe18f0674d0

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\nydus.dll

Filesize
2.8MB

MD5
2cf1bac4a47c4c044817c76b49357041

SHA1
59cd5827757dfebf5c135e2afc99827821fb8e31

SHA256
d9b6745b4b7bb207c71af66a289d767e72527dfea85a86cb26f400421073bf73

SHA512
3d54c363057dca2e4f56dd3c7e3c3a9bd6e03787f31ab085f09b16265e3c81d3f9154a17090f584966413e600db59ba72d01a631533eae65bbfad4cb0b2e492e

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\reslib.dll

Filesize
49KB

MD5
b94097027e6f6abc5963cb84c539ead1

SHA1
ea58ea9f042abebcb999304e57626d5d52788e96

SHA256
375e6d60dfe5305c44843e732f148b06f6a584d98a141d7dede5916e091b0c03

SHA512
790acd083c5fde12f08477f3280f8fa990460d79d651f5908837312196d0d7f0fd6f6debbee65d8c92c7320b34afcdaa6513ed70609344a6443345326bf990d1

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll

Filesize
4.5MB

MD5
954ec9803f5523d5722fa0a14e9e0fac

SHA1
8dce414183e5c580528e2807fda9145e24a8009a

SHA256
bab121bc7d073c82082fea1eced7b2ebc8875993fafd8f8dd69e9bb9d5d867e5

SHA512
62c58be4140d6b2d58fecb814e718997dc34072eea991a6085b1d6112e172557d82ecd9b558462592a6d9a875689b1674af624c2bcec6a7a3a6e13328286964d

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tp.dll

Filesize
1.9MB

MD5
5cfc2e1950deac36c18450389c6321f0

SHA1
46d1c7767b4b60b75c975a06dc1fe96fcc242fc7

SHA256
842b0105160b58e7f75ff16823fb25f994ec19a8d27700887132fbc227d394b3

SHA512
f38912cedbe7e67e7731d5d923842507fb9b318624666e6a03c2e6038d04335714b58a5ca71dfcb358f920f315b54bad71356f38ea3f6b7d597ab5e6a9c7ad00

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll

Filesize
1.2MB

MD5
1624e5bc920b70cb1c3c23c84cc0e50b

SHA1
785c601e182808a982bcc1975f7b698ffe861ea0

SHA256
1ab188d361d3e88815fdcf0250dccdecffbf723fe62e280c8fd54c78bbbffa91

SHA512
7e7a3a34b89ac85b42fcff7a9892d18f6a175c18e8631f312272a93b508272c3c74e6e8ca6f026d9f85a226497d9cc9da653edbf5c68aebd377729f604c0aa5a

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\util.dll

Filesize
407KB

MD5
8dd382593a8db7d22cc713b36c07016e

SHA1
23ada2e69833360b59ec3b4ab4b52cd576a03050

SHA256
33a366ec47e66b66b5e43d5410bb2182417a6ff027f9c3275908bb4a19a0a41f

SHA512
c2e8b298692682811e30f6c476714f95620f87bf71e539f5e4c125d2cb752b040be7827489d7d9371646a70d3d45bb7b27e97003233b501adc2276d5079fab5c

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper.dll

Filesize
2.7MB

MD5
2a3149285f5f29c0c083d9e0d53892fa

SHA1
154a19c7f0ad7526959b0a71900341e1aeae771d

SHA256
d89799eb62e05cd07b85956ad283506133347c6660a0dc608a804dc55fc12706

SHA512
0bf35e6d4c33522a71689c3f193081b62d33d21acb5430538e9e75092b94ed33ed72a83dcb5c9b87320b3f131ee5b66fe6ddaebc806d2643303727b549e95675

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll

Filesize
215KB

MD5
3d102ac884c3a6b22259ccd8d6bef4ea

SHA1
6bd79fa2b3fb151a7ad335c5e3ebe3d7fbd6f2cb

SHA256
3316b1564609268b6ece755fb561959497c4e71525893fe576068702d0bb5725

SHA512
b7ef8a793e97faee23352278d494a54e709fcf9bbe01e0478b097af48dcaad3eb9e048b9afdb90d7c7f4ade7ce7fe23c32139fd28796f33050df0228d119dbc5

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll

Filesize
53KB

MD5
eeda7199fe1eebd78cbe40616c443a4b

SHA1
2386507a0cd3b4fe682eb18e87567d0e701b51cb

SHA256
b4cbc00b7e4d92016c1c6dbeacabe8866c8a8673b30f549d3fbb667bfba984f1

SHA512
10d7cbe69e4011989be05e58cbe286512f2ed15b988507a4ecf21a6735c255670ec6bb145160d7479a2dfdc471b618ec9ef76100684b4a201646f6baab407b6c

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll

Filesize
481KB

MD5
143dfd438438f8db916ac876a801bda6

SHA1
d5acf9def660d841080e26a59cae4755f57d5bd0

SHA256
f4a28f531cfc1184fd812d5a87d53dbf288d5c44152174eb3cb0bdd31a338a93

SHA512
fa63622cdbde6d77b3259a898d37a6be5d971511ec86d8cef853c4c3172004c98d6df2419a19dc1e7111cb14abdeb445f182f75f0e234e0ecdea67e50c32d12a

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll

Filesize
35KB

MD5
94004264a019d0dc531a4656980708c5

SHA1
edccfac4208a7cf75721c75ae8fe582649db0a48

SHA256
9f512c5ef94bc507fd8c071aef6c40ee9bb79cb468e1b68ac5110bb527042906

SHA512
b5b2f38fe655b92c5454563ae3b2435eae3744f0b7140163a0a07729933c2b65e4835107faa0c0e68c9d1ed4235dc3ea4cb633d82a0c1e51a7ab63fce462e8b1

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll

Filesize
9.6MB

MD5
aa152810256918ae20b91f4818f5fd52

SHA1
e2f6ec306ba53c4348be51f072f85967e48a981d

SHA256
fbe0c23997854adea9add62e7429b2068e02d63bdb3ac984a9e32a40cbbfd597

SHA512
bd49e670de581950bd80f07490fc36c158291bf9e3136ef3629b84a41c26b146b5de05cdac73cdfcdeac96956432cb276e1956cc9e7d3a5e01e381ee0138ef25

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll

Filesize
9.9MB

MD5
1b8495497256a1db13d07f69eee132f6

SHA1
57e76e48b8ed651bb1aad223644aa6a5ec6010ae

SHA256
bd9a7c1996926308ff0c9b6fe14950c25dd272ff6b9f18b16e5a125d84fddb8b

SHA512
ca0a3c4d04af075238c455a3dfd0b2fb428e9059f88c5c043efd3260b4418d4f880cc5fa6b7a8689771974666f679d2027968801bf1aeee926d145601cfbc72a

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dll

Filesize
248KB

MD5
8b1eb8457aab5e7a681a414ac44df62a

SHA1
7ecaa249610a63ca80bc3aa563a943a29deb941c

SHA256
73ade41dd85560e7bc253029f40203ecd001b891d3a3bd1447ab6a51ededa6e8

SHA512
67a43425a15f576aff949a9e81307699e68aa200c94b70784dab83b4858e519648db7af1d01b053da653d3f8443cd6114bc746d8bdffa7140aea6a0d2644b3b6

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exe

Filesize
253KB

MD5
c108595bb729b24ea3d0e64d8ba3ebdf

SHA1
84f34ce46892b97c7d3b9c0c0f58f45ee4b38dd1

SHA256
12864fe644042c955211749dee7babf02e9fe3b7678f9ea0432e30acf15577c5

SHA512
594979ab78cf984f4b105138953cfd7a61c6590e89cbb0339ceceb9549b3a93ba23943e421ffb45e4dd0e91adeee6fb245b8e39f2368192b2809e4bc836f53be

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zData.dll

Filesize
3.1MB

MD5
083a9540a3723b525f6083dc2b6bf53c

SHA1
1f2979c1d08a1696d243a9d67e36b8957329ebb9

SHA256
e0848ff329b8cf96974757efff521caf9137c277db57f8ef0f4eb33e264523d2

SHA512
fe655b118fe69d939475adc84edf2a069b1e99457ca4c29c5966dc7edad6f4a4b2cf155eaed45bde5b65485bf376847ee46729bedf557af2d2addf53ece90db6

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll

Filesize
9.6MB

MD5
d9460cd787d789bf0125439a7eb114b9

SHA1
8a32683008391db05194163982f85493c93d6c70

SHA256
36bb0f51b87fc2617781450bb544adc7de6ddb976c2b7f780e152505def8ef05

SHA512
c75800c37bb70f3958032af9eb3ee4d1c52c68d002fc2015c456897195b44a2b8ba5e06e94c1fd9b73b9949d3f3bb81fcdedf34391281d77f5896df37f6e0fee

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll

Filesize
447KB

MD5
7da94c1dd9c9e13ee61fd718b5030c84

SHA1
25aff22a2b62db5f0b819de7109501153f0ef729

SHA256
8836267f13241c42b970b7dd32cd5de029293d234a11844dac7a8ed209a63f98

SHA512
0d0814e4fd34f2f0a080ae24b8e92fefdbaeebea905aa38a58ae77118ff14b9c2a7535001e6164bbe5f41259d9b83e8b5a13e4980a5db594ef973f1dc62059c3

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll

Filesize
292KB

MD5
0ddb76d1585a75f189619b1e6ddd2b4f

SHA1
a7f49905ac3f85daf03fd1d2f6ca0d15971835a9

SHA256
92e8b39e838cfd6b2a7e06e336963999b7d795cd032ad9025ff0bf0ff2beea9c

SHA512
0290420cb4d78447f33db17f6acab6cee492a3067f7fcedd8979adcafdf357e9cb554246eaee0fae4f5d893db25759ef3605f84207b0be671603634e22d3ca36

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll

Filesize
9.0MB

MD5
39753993ea74164ac16016831ffda94b

SHA1
57aa26245096455dda4dd271c28b43b15582df4c

SHA256
72f3d7e5c1387015de911dd8b6edc6fa9ff0b3f665756a2e4c014c529deabf04

SHA512
573989dd4b14c317bd47cf2a50f66f1d95cea3e2cf156e0cc089bb523f817596fd48e93afaf46fdae91ad9c7aa9eaa972b45fcb02c3266d77b06305c9902a5a8

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetDiagnostic.dll

Filesize
228KB

MD5
cc2df80b0e5ad9b773a4603d6c133c76

SHA1
510fe68529c7ddc9c2d1bb2cb97ed8146ca683a6

SHA256
80cf12bb73ca045c289eb2ed26e58daf739f05c1ce8f26656cf7fbba143f8902

SHA512
3f52fb559820abe84b5efaa2371d1632ea0700ba7afd5f510cf2ec24cfc33c00f142d73c151f28fc94e14256297a7b4d3c303c4a858ad59435568f083b8575e2

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll

Filesize
505KB

MD5
feb1ea7367104c10d0fbd992cf72c496

SHA1
2d82ecfaad4ceb0077b1db28097a6fb7c0e1b435

SHA256
0dc821d183d305f1d311baf95f4d7e8859e519cad9996274c2cdb4e5e64da7c9

SHA512
ff54e3226b2c951f0349bb19dc296d51021a930b5433db6f58ca7c8eb826107ea65a7d116650b02965c84f4ce378a7199b23cd2448fdf4acbb84f136c88cab0d

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll

Filesize
482KB

MD5
0414c84299058c19deaf980fe74dbea0

SHA1
ab034e5d73d9133e5c190b86b4f5e5a6503704ff

SHA256
f2abeabe8dff500231b441879db980582d43113cca0272c15bad02567ccb4bf4

SHA512
4feaffe49f0d0999f9ec4b996b0e098e3325b75346ecb4b88a60dbba935a21b9058f98a7c596aba2e2bebb9604ac8e3069c1d4adec2fd38558a5234f6cbed207

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll

Filesize
725KB

MD5
9ce7debb8282dc7f7ffd8097813ca64c

SHA1
78d7de2574195ea3a721b0db369abde8818bbd41

SHA256
1209517f755d5aeb411b0db87af29a0e56107fb0a1c11a803957800401e43145

SHA512
5ee68e3d3fae5bf92b7edd4f22985b0647a55434cd504077a83b644fb5262b492834b5dec85404861b7d87da1b89123209d9e4d7b8fdfb95d379c8c312063487

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll

Filesize
5.1MB

MD5
92b38d253ce71e31e96be4c2ccfd5ff6

SHA1
52fab6e2800101f6bc5b6b2efa1fd34259a43c7c

SHA256
c2acf5b02eb2ed84d3976b884e4857b14acdc9f158eb5035ba81e55f989b2f6d

SHA512
dec5da1d9ebcdc7a603733bf6cfffd63cb3a80c0e9ef58c238b16274092370037ef0d850ae64efd6ea2e050c983707dbc5cebd79e130f79379fb0c094af23ac1

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe

Filesize
433KB

MD5
8b8231fd20e0c1585a59066be4fcdabd

SHA1
29a4ac863d5b1d82de62a5fb796b896602fb8d29

SHA256
9846e8d6551488bd47557b962b79f44fd1bfe0337113654cf9cbba87415de20d

SHA512
9dc0ff8d635c78c780c919eef72c6ef9d5285b6b31e49fc03a2aefe43155921ffcbfc1ef4535a44ad8656021e31828b228c0136685ae975e672ce2d1566331c7

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll

Filesize
706KB

MD5
f2119cd031f2051155963569f63ebbbd

SHA1
3d006a232f577ece901e21dd104b2533c7c6d6c4

SHA256
cfb25088eed7c86c744b952fa2933d55e283471385f61c2b3a844660ba42605f

SHA512
1e887663296a9678854082a835056942287c884a8dcd49b850bf6e0b76f274294eb57968c1fcee03629ad1c630492ea6027e05a534cb99b00ecbbcc2306bd6af

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe

Filesize
178KB

MD5
394160c1fce41c7413cd27461dc84dfa

SHA1
1c16dd60c02ce630cad0584f3510988dd7a56262

SHA256
1f71004acc6b52f1b0925b8a6642c994614f9ea4cd46c4d9d2fbc70f39dfbd5b

SHA512
f49103671af8aff2e0efdb6b44ec840b2568dab04e5878548151b11ca4eafad1fc3bf3fd4376d97d1ae7109c2e55adcb279426f541a61c543053b498c43fcffd

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll

Filesize
7.2MB

MD5
92cfa7c81a7786426f158c3afcf699b2

SHA1
fbc26261e8d5a679374cf0dc91406a0bd3c600b3

SHA256
2dc84b7d330d4682f8ad459df1ae7acba2a51544a7be007b484c5e012c71b269

SHA512
ac58c27c9b8e1227036047590ce38fa6b74566518956449944f4a22531f3aab042cad2dab60206147f1d039cb986e2149e907730976af321415be758974c4659

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll

Filesize
12.1MB

MD5
5dc00ab6367f3c41da4f993b28d5db47

SHA1
3e07fce6736c49fd362065f091d8757b944b3edf

SHA256
1d84de4c04a14d67f847192c5bb2f40b5361d904663b9152fc929404cc77ab5b

SHA512
58533d24bb31d46b8ac59aa6e0be7d0ab2a4ca816721e092883b53d9ae440ce06bac35e4ad0a2271dea75dd1c3f97c2d937fabf05ed2785ea27c151557f0203c

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll

Filesize
391KB

MD5
675c8608f8d1683ece65b1301971ca5d

SHA1
f40788fb40bd68cbf94b0e684b58fd1cc8a5849a

SHA256
c85976cb99e242ea64c2ade157d69a70fab55835960aeb099f655553d6885411

SHA512
486eef69b87a8f9a9d85cbb79c15e70ab2d8d7626a9788fcf5ca848606ba75d783e8d3990c23efe8ca4490cccecde9aab3eb81c0c18af0bcf2ca78a3b8e6cd04

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll

Filesize
315KB

MD5
7adfc36886bb122c9f7315af711069ff

SHA1
8c639a09d3f0ec0afd3947fb85264e0b415ffdbb

SHA256
c0e783d4c341072349211732cb661106d9724554520198e03c7ebb5b43da9563

SHA512
31f629297d689d760d10f9e9add00cd16530da1ffa22ab72e5942fc14f37078aeccacbb93a02c0ae32b25b26b87349a4c99617cc7f28590cd4d3fc46c5b261f9

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll

Filesize
10.5MB

MD5
bf95ba6b1bf27610217b4358b50bc74b

SHA1
3e9dba333b381851a5d6631287da7eaf84bfa7dc

SHA256
28a655c476d492d2d353126855c4f111fd5fc63e080e7229c6677487d2dfd09f

SHA512
3a80dbefe3dce42981c8420634f7a83371d1c7eb09fc6e7155ecf605bde38a8eb85c564c4335b571f1973b7e43e4ee48c30400532295dd7ca813086685e824b0

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe

Filesize
755KB

MD5
9728e2fd7f2a8beba97f366f16b31425

SHA1
1bc54c1aa4a2ac2ce6b73c26b59df29ec7dbf009

SHA256
3a2dfa05ef4d7e5fe6584b26cfc7e1ca5b6d1493b0bbe93963f0977cc3c0e3f3

SHA512
f294bd325c78b4893fe544b3480572ab37a635aa0ad486167cf71fbfeb3cd6f3947f8047a9009bb483e7de6824bfc1008ddded6b0c6e9594237155d29addf0dd

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll

Filesize
26.8MB

MD5
99aef8566a0772db06a21620e75844c1

SHA1
0efcb3933a0746f358d25599bc95aad456302311

SHA256
459227ec4a6c27f2e0b6e1bdce4e60bcc118d47c96a12ea31c371cb19486befe

SHA512
2384711166e0abb010574a688208f2ac2cae4e6300cfa42d508a6ac329bf6fa7e566b1e94d40345336b54a7d9cc2084fb0c5c01e3995dfbe780270f38f33afb3

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zlt.dll

Filesize
5.5MB

MD5
56903bd9c42f4cfde6eac246aa990a2d

SHA1
eaeb61cd90d76c88dbdb87d34033585ee5da7ede

SHA256
eaea57707e0537a41be037404a7a876392b8415b4e6610166979b27fbef5b611

SHA512
1cecbc3fb9b62bad3be6dd01a8304ae6396a487ea902882efbe66004a7f2325c1ae1bb28eee111fa92d003081b93dedaa77426806f647f4466fda29e8133532f

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dll

Filesize
99KB

MD5
25b4db17cb83e33112b1bd67bbe69ed7

SHA1
25cb5e17160f0d3d855076a6c3d661f155e33724

SHA256
48c91863abdf6cf76dbe8bd3fa27f68ad578886df122be7b4eb4d6fe5f7d1292

SHA512
86091dab63ee9fb04b3ea5a61e19456e6f86796d528d6978153ecea21183a957329fee430f49429d6547178f8d75ba86518f3d6ab60e43dc4c2f6755f01efc56

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmb.dll

Filesize
1.1MB

MD5
45f39254855809a11c87883fff2d003f

SHA1
e08ff7f5e941616d81abe76a4f86d8ab954896ed

SHA256
b5a312408348fc3e9d7e177962df1da41b77df5c7ca07ec66b62f66734c099c4

SHA512
818e55aeb3a4978ca21c689326e634c4ae2ad6ecbe88dac1d604e5c80b6cec8c88333be2283e3161870087f4df0d5f794f70335dae2a8a67669d396b92365f63

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll

Filesize
2.4MB

MD5
4eb692a84c4aa4c53dc378f11ed3f7fa

SHA1
3a831f1a2797be6e707c8d75a3a1b201f9c35080

SHA256
7e8848b8e35253e5ff025a4a3b7d199c9c9329a821a66637a7c56fada493f886

SHA512
ebe307b26f943a3f04a0fbab5fc87b8b3d30a34391ab1dbe35ba525ad138a7ed2df4979856e35862720cd2e538738632339242b9e6d542b71f0ef5e9733c897e

Download Submit
C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll

Filesize
323KB

MD5
8cd20ccffd6af16e717b96395c8b35c7

SHA1
4b78162818e6d8da32fb3f5c12837f9464618c23

SHA256
5664e83c28d9bf969f95cd15616a1b2e5b75bbbf442af86150dcf2ffd644f0f2

SHA512
2efc26f771938dd148542d20ac5a3b054c0bd3a5132face1c77bc5d2fd3fb706bfd0849912354ad7636a35b18bf909ab20d83984db6155a6c914c2b83d145b95

Download Submit
C:\Windows\Installer\e57709c.msi

Filesize
227KB

MD5
6e17361f8e53b47656bcf0ed90ade095

SHA1
bce290a700e31579356f7122fb38ce3be452628a

SHA256
8811e5fe167223d906701bc8deb789de0a731e888e285834bcae164b03d43c96

SHA512
a566fc8bbb4d354db32f13de2fde73a1210c61b1c30a1be22b16c7e98b8d51c673259c57a924b04035cb9f0bf4a087a3e8b32221e7ff87032cddc840ffe3ed2f

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.5MB

MD5
df23b40af21676b45fdccd0ce2e422fd

SHA1
4c1d39c01497d6b914b4791445ee42c787eedc93

SHA256
d4b18707c4151e0889144d39856a88c62bc3ece7a8731bc5d8e790646b298de3

SHA512
cbb300322090bdcd718300d12ec7e96430207b313ca52328cfb63688fa7698f5976425484db8c13bbd7b7ebc85e0155412404ab96a205170be371aa1ed6bda3a

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
ab7388efcd1349da17f7d6cee9d054e5

SHA1
6c10f15a80f5e4f3beda3bf5611c1d7d85d9f913

SHA256
8481ce728e246a4880f4c396105c70feadfdda60cde947a596c48d5f79b1f46b

SHA512
93eb3287299c85c4d6d7f3e89fd3db48326d9ec41d08c525b0332abcc25845b7b5c369dce7749bb6264f078119105ac27526e09969a77b9df79e0b0ea24d2258

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.6MB

MD5
0fd6f13bfbc12f53fb846d9d0c5038a1

SHA1
58536ceaf90db1b4f0661ac5861ea75de8b379ae

SHA256
e7c576ab335f3611178598922d4adf3653fe980f2f2c7f4767d23f2641bb730c

SHA512
7d99b3d079a7aa49b494a4918ef9d7b49177e77884ccb16ea6623b1d951d18dac69f82c60a881f0fb2a98e2d66c7b9d4006a4e84251d9469c869bff5c26fb909

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
2d8ddfa33647aad7d1c2554071727356

SHA1
8bd0a1a5043cde9f9adf0770c2959b98d09f96a8

SHA256
d920faa7077d588364079b5ed2117931dc532c632fdf80c71fe33273a6032a61

SHA512
f08ecb648167a62b60fb1a782464402e5810c85d13dfd59c6436754e3d0242c73267923202e0bd02d713f535c29c12006c228b97aab87fae47d8a298e9c78b2e

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.5MB

MD5
78f4b21b7bc5cb6ff81261e19e068919

SHA1
527dcbce50b99440ef19f72c0de903cce31c95ed

SHA256
73f05208b41172923368999ab1a460e8daafc3ce91a771b293a1b3500d8398a6

SHA512
d4d9f8b592144b3c1dd3f6711af230411fd85c5adf9490b0f336fa665c7554ff95242954b2f155e24a489b56e37a011d579632644773b77160b808a6a716da00

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.9MB

MD5
0238665e6c32111b0e2ed148953c77b0

SHA1
8bec2c95a2793ed9ed0b668dd4d5a0fb3215a7d2

SHA256
d410d8cb0c472cab910b19b2cd21c97db3a87e840a74d5b364a41780207c63cf

SHA512
b60320a50e5582453edd6873bbc7797318fe1d853974ac75a42e56eb65e0e25137a4586fe25d0f8a3a8943d82f9b8858ff1800113fee7f6d8548a50316f8501d

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.6MB

MD5
7b97eb943b421c29f53c6347c290fc3b

SHA1
9f1caaa0c498ebe1cc444235a05401bff01d9409

SHA256
585fc7d28231271372abdfe083aed482f0f51eedcc96a14f552f0e2f38f933d8

SHA512
7e95d94ec86664135a57f4c7ba129a258ded2253ac0ce277c379001b6a15dfa4b3a2d21262589dd9f01e29e94d1f0444cff2fd1ad6c14e04c4886d8164296a4f

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
3c9250efc73f0cd203ebbaa75ec04eca

SHA1
ebbf292c1a38551c978462da5d4ab6354f26f041

SHA256
c5e27926971a109849183c6809d8e50811c95606c3b779ffaaedf34ae28d77be

SHA512
806eae174630df504da360181eb4c17e1f445be0a38b545c1107919ff78f8cbbb450b9700e061dc6ad75c060f809f9f36d96c65d1ce22d7ab763ebffdd4f1908

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
a69d120c30532e9c60b38f071f764fc1

SHA1
b4e683518219b5b4caad55431e2f22aecc14256b

SHA256
43e4e8d6d30decc92be2f98ee14039d077934bebf7380698dd95b3c1c9a2de49

SHA512
57bb3dc86a6529cd37fe086dd4fe1e0fc94569b8a488d2b9f552c60ae3b1233e75470f49bff8a74225d18fb75ed5263425bf5484a8277709e505ed966aebed9d

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
2a5b740bc66312fdd928b786c117c38e

SHA1
1c002b36b558f2fb58a580395d6fb9edf869d947

SHA256
7569c43c546aec147ef1d9b16cbb56d0a207881e590d9893f1ff02123929a9f2

SHA512
8e207dd6bd9b56d142137b68cc963068a8bf335dcc176c8dda0e7cfed07a36497689593a720c558491ce2897083b1b8a32a219698cf20d9bf776a0d9000805a1

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.8MB

MD5
191e7dcfcbc04447ba85193a129c5f8b

SHA1
ec0280d669919c7581524919942486eefde839bd

SHA256
188497a68adc73731d245ebed1c9c99f87ae22d775318cf6d0fe31b5ebd4601a

SHA512
890c4d47c96dcfb034ac893b4f42b27949dcc59702e81a42e809ece31487b7a98b3c2ff2f7193d9c7c5d1161c8c469dc60ec74f365766a6ed59c97523d340f64

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
d8811c5aae800d3956e2e17c32b239b8

SHA1
dcc4b7303452909d06a596524e7605a2e1d773b1

SHA256
c0d9950c00cbd396a909cb0aa9e1de9124b4bf376cb80373b889b98d3c0853aa

SHA512
36fa3d047872b43ff66ce2cfba62c1bf6f1d69a5540d86a950e7bfa48a86b30351205e3bf62d0ee69d6e376c1c282907562b86e32d9a7ba15a8ec43f5f96dfea

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.6MB

MD5
a113e36aa557c9f489fd0dca4f21754f

SHA1
5e40eed66642282f423eb57ae10e12fcf9a91482

SHA256
926879624bb1c61b6f70410e7aa75874e710b255ad7ff4374a21f7cf6739000b

SHA512
fde68abe9b378b7731d82e28f2577a4cb6e011e3e24735fe1b77233c0c1c7e0fc094a1f3a0371762b6dd208f9a15840c79dad57dde3f8856a88402431173c95d

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.6MB

MD5
8ce6f7c1dd221f6ee97956e0b078e3ec

SHA1
63bc8af030d5f925a60f5f6bc6ff5c4a14e5ec0b

SHA256
6c7aeefa49fbf8a97f0460dfd24c1fa992ef1c8042d51237b792ebe02309a02b

SHA512
2ae0023851381f22ef1e99597041eeb686ac2f05ccd4bc53d7d6ac4004c98aae02729275e846d47069199f3b1c17c12046c0a6d25952d602ee9cdd7459ccb00e

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.5MB

MD5
f312abe423966ef453ca9ebdfa04f4bd

SHA1
786068a84a4a58f3f476917b811703534302d8a4

SHA256
3e5d799fb4f9d89b4b7aa35a9c03e34341cbc78b3ea2209299ffa8af753c73c4

SHA512
ab85ef67e557022fb803182d19bc11529c996a981576a456f756b93835bf0253d92858a9ac4ac6fd58342efbd0ff440ba60d2fdeefad47daba91b7a8f997573b

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
fb81685ca1474efcab24fc2c2d95e23d

SHA1
f743c86a463b1f7cd0d26713d3df4a5a55854d93

SHA256
b2dd879389544ba681458d73e0f3a084b9ac348a2013a74b7dbfdf52ca47d731

SHA512
a5d518144b20699b9c1c31f16ffc81c8d7496193ac41d4e9e9efd4f9a419309fd78d0d0124dc2221802df1feae47295c6fcf9e87ec681880acf1be9eeeedd29c

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.7MB

MD5
6c2a93bca933da0feeb80140c7d0a0bd

SHA1
e3a7363a24c8600cc74a686d94ef1558559c6c0d

SHA256
372d40e085a2f6c42820ec03267687aeb3d31bb6a2f92fb1089979e1017c928d

SHA512
90df780a4fb9e5351477ef1af78accd49025528cd26f988163196f0829677101849e9cf4fd2463e1d799af59ffb01d1e56184058592e46535e0c6f7636e0e9e8

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
c628e8bed4606bea6ac9f4c364efe369

SHA1
f4f3a05c57eeb49e6e84d48224624e5ec472112a

SHA256
f021030490f4c62576002c846be12d5d1989a781048b741fe1c052586dd60aba

SHA512
36c4010be8af0c6eed2959bc81540d99a846e84ebf4368f494419da93ebdcc77614925b620faeb760d226affd29d3bbc792fa44862d0d389611f4f9488681f11

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
1dd3bb409ef09e0346adf83d044a2533

SHA1
a562c876e110850abedd7fd540aebd46f56fc1b5

SHA256
95344be4d0e58bee4f862777b361ec3aa85a8756dc7798c59ea303f1f3ba6c28

SHA512
9f0d076d042292a556c2c4ae76570b36d597323ff6f8f22960e9eb8b7fb8e33779d06b40a97b48ab43a840915857d454b70f492d11e8cf18ae4950f2a311a1f3

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.8MB

MD5
9aee9c9717198446689fbb4240ec850b

SHA1
eb0fbcb3c6d54fe6e12203a001c11a98382c832e

SHA256
8d845dbc6ccf0a79b7891cf4847ed9fbbc9f43deecf50f658f5341af380541f7

SHA512
ab063fcac8515744b79915ae5fdfc391d2569de8b4ec5dcd758d36c91c4f242deb6a574191dce23577e8eba59efd021ec7082e54afc05dd686583ad6676afbbe

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.6MB

MD5
ceb896cef18fd486aea30021972e0970

SHA1
f257a68f425f087cc7ae868ef8b3a67d4e7a5f9a

SHA256
521dbcb424dfcba41b5e24b65c8f9d99147966d2cfc895820559dcf2600dba6b

SHA512
ef17f06d4a6aff23a8e0721d12430db915d49b830202228fd6b11f7615d4561b0948c8aa36b36ce51a7906e268241b0c812b5d7fa5bacc7532764737140a6bc0

Download Submit
memory/508-353-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/776-362-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/1060-0-0x0000000002090000-0x00000000020F0000-memory.dmp

Filesize
384KB

Download
memory/1060-9-0x0000000002090000-0x00000000020F0000-memory.dmp

Filesize
384KB

Download
memory/1060-408-0x0000000140000000-0x00000001402D4000-memory.dmp

Filesize
2.8MB

Download
memory/1060-409-0x0000000002090000-0x00000000020F0000-memory.dmp

Filesize
384KB

Download
memory/1060-8-0x0000000140000000-0x00000001402D4000-memory.dmp

Filesize
2.8MB

Download
memory/1060-136-0x0000000140000000-0x00000001402D4000-memory.dmp

Filesize
2.8MB

Download
memory/1280-39-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/1280-38-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1280-50-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1280-45-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/1280-48-0x0000000000E60000-0x0000000000EC0000-memory.dmp

Filesize
384KB

Download
memory/1344-352-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/1344-58-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/1344-52-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/1344-60-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/1368-1023-0x0000000140000000-0x0000000140298000-memory.dmp

Filesize
2.6MB

Download
memory/1368-97-0x0000000000760000-0x00000000007C0000-memory.dmp

Filesize
384KB

Download
memory/1368-105-0x0000000140000000-0x0000000140298000-memory.dmp

Filesize
2.6MB

Download
memory/1524-124-0x0000000140000000-0x000000014028A000-memory.dmp

Filesize
2.5MB

Download
memory/1524-2001-0x0000000140000000-0x000000014028A000-memory.dmp

Filesize
2.5MB

Download
memory/1824-149-0x0000000140000000-0x0000000140289000-memory.dmp

Filesize
2.5MB

Download
memory/1824-22-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/1824-21-0x0000000140000000-0x0000000140289000-memory.dmp

Filesize
2.5MB

Download
memory/1824-13-0x0000000000500000-0x0000000000560000-memory.dmp

Filesize
384KB

Download
memory/2440-85-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2440-87-0x0000000140000000-0x00000001402AE000-memory.dmp

Filesize
2.7MB

Download
memory/2440-95-0x0000000140000000-0x00000001402AE000-memory.dmp

Filesize
2.7MB

Download
memory/2440-79-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2440-92-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2712-112-0x0000000140000000-0x00000001402AE000-memory.dmp

Filesize
2.7MB

Download
memory/2712-1720-0x0000000140000000-0x00000001402AE000-memory.dmp

Filesize
2.7MB

Download
memory/2728-152-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2728-592-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2928-2135-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/2928-137-0x0000000000400000-0x0000000000676000-memory.dmp

Filesize
2.5MB

Download
memory/3128-364-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3128-2171-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3876-359-0x0000000140000000-0x00000001402C1000-memory.dmp

Filesize
2.8MB

Download
memory/4028-523-0x0000000140000000-0x0000000140284000-memory.dmp

Filesize
2.5MB

Download
memory/4028-2172-0x0000000140000000-0x0000000140284000-memory.dmp

Filesize
2.5MB

Download
memory/4152-525-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4152-74-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4152-68-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4152-76-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4240-2169-0x0000000140000000-0x0000000140275000-memory.dmp

Filesize
2.5MB

Download
memory/4240-173-0x0000000140000000-0x0000000140275000-memory.dmp

Filesize
2.5MB

Download
memory/4320-36-0x0000000140000000-0x0000000140288000-memory.dmp

Filesize
2.5MB

Download
memory/4320-33-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4320-27-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/4344-360-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4556-361-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4580-217-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/5016-354-0x0000000140000000-0x00000001402E1000-memory.dmp

Filesize
2.9MB

Download
memory/5096-151-0x0000000140000000-0x0000000140274000-memory.dmp

Filesize
2.5MB

Download
memory/5104-2170-0x0000000140000000-0x00000001402A5000-memory.dmp

Filesize
2.6MB

Download
memory/5104-363-0x0000000140000000-0x00000001402A5000-memory.dmp

Filesize
2.6MB

Download