Malware Analysis Report

2025-08-10 16:41

Sample ID 241030-q4xknsvdpr
Target https://thrivecap.zoom.us/j/82899019123?pwd=zQbw8L0lubICMiQu8EAhDi9WCvFT4a.1
Tags
defense_evasion discovery privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://thrivecap.zoom.us/j/82899019123?pwd=zQbw8L0lubICMiQu8EAhDi9WCvFT4a.1 was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery privilege_escalation

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks system information in the registry

Browser Information Discovery

System Location Discovery: System Language Discovery

Access Token Manipulation: Create Process with Token

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 13:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 13:49

Reported

2024-10-30 13:53

Platform

win10v2004-20241007-en

Max time kernel

242s

Max time network

245s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://thrivecap.zoom.us/j/82899019123?pwd=zQbw8L0lubICMiQu8EAhDi9WCvFT4a.1

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\zm61E2.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\Policy = "3" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Zoom.exe = "11000" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\zoomus C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppName = "Zoom.exe" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoommtg\WarnOnOpen = "0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\zoomus\WarnOnOpen = "0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A} C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDA28A5-1B5F-4635-9877-73DF0D710C9A}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747697884108476" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\.zoom\ = "ZoomRecording" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall\ = "URL:ZoomPhoneCall Protocol" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomLauncher\ = "Zoom Launcher - 3.0.1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomLauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\.zoommtg\Content Type = "application/x-zoommtg-launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher\Extension = ".zoommtg" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomRecording\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomRecording\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",0" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomRecording C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\.zoommtg\ = "ZoomLauncher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomRecording\ = "Zoom Recording File" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall\DefaultIcon C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\.zoom C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" --url=\"%l\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{6F723D08-3F61-400E-9695-724BE04CA75C} C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\.zoommtg C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomLauncher C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\UseOriginalUrlEncoding = "1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomLauncher\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomLauncher\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\MIME\Database\Content Type\application/x-zoommtg-launcher C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\ = "URL:Zoom Launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPbx.zoomphonecall\ = "URL:ZoomPhoneCall Protocol" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\URL Protocol C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\ = "URL:Zoom Launcher" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoomus\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\" \"--url=%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomRecording\shell\open\command C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomRecording\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\zTscoder.exe\" \"%1\"" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomLauncher\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\UseOriginalUrlEncoding = "1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\zoommtg\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Zoom\\bin\\Zoom.exe\",1" C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomRecording\shell C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomRecording\shell\open C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\ZoomPhoneCall C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A
N/A N/A C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\cpthost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\cpthost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\cpthost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\cpthost.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1028 wrote to memory of 2980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 2980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 4868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1028 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://thrivecap.zoom.us/j/82899019123?pwd=zQbw8L0lubICMiQu8EAhDi9WCvFT4a.1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd769ccc40,0x7ffd769ccc4c,0x7ffd769ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4800,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4812,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4784,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4824,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4832,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:8

C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe

"C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe"

C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe

"C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe" /normal.priviledge

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

"C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" ZInstaller --conf.mode=silent --ipc_wnd=327724

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

"C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" /addfwexception --bin_home="C:\Users\Admin\AppData\Roaming\Zoom\bin"

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=thrivecap.zoom.us&h.path=join&confid=dXNzPWk0b1MwS0VQNTRGUC1ubC1XUk5fWDQyZnYzelkwVUQxU1dqQzFSbnAweDhvV3M3enJMTVBhUzZ4YjJLVlVKMzQ2Um9pemZxVFR4UHFJMWdjemN4YlZ6aU5KTW1haDYzZlJ3WEtIemxUN2FMU1puTy14bktaMDhlbllNRW5ZaVhESnBDcE5LamJhdFV2UG9mVUhaNkVPSGo0N2tFTFVubERxUGg4R3c5WC12WHNYMUpSbndlTV9tbDY4Zy5XaTd4TW1OcnFIM3k5SVkwJnRpZD01NmJjOTUyMWYwMTk0NmMzOWViMGU4M2JhNWY4Y2Q5NA%3D%3D&mcv=0.92.11227.0929&stype=0&zc=0&browser=chrome&action=join&confno=82899019123&pwd=zQbw8L0lubICMiQu8EAhDi9WCvFT4a.1"

C:\Users\Admin\AppData\Local\Temp\zm61E2.tmp

"C:\Users\Admin\AppData\Local\Temp\zm61E2.tmp" -DAF8C715436E44649F1312698287E6A5=C:\Users\Admin\Downloads\Zoom_cm_fwzu5ykiseZ9vvrZo4_mlOrKfUvQVPu3cU5pA5KPFpDgbG45S+4Vhcne@B7JHVJ-1NZTT+9pR_kdbe2e2edc1b04016_.exe

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=join --runaszvideo=TRUE

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x324 0x50c

C:\Users\Admin\AppData\Roaming\Zoom\bin\cpthost.exe

-event 00000000000010E0 -pid 184 -evtname cpthost.exe184-41-000001DE9555FF70 -exitevent 0000000000001020 -exitevtname cpthost.exe184_rpcexit-41-000001DE9555FF70 -user_path "C:\Users\Admin\AppData\Roaming\Zoom"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1472,i,11194820032914293974,2831244856339606712,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:8

C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe

"C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=preload --runaszvideo=TRUE

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 thrivecap.zoom.us udp
US 170.114.52.6:443 thrivecap.zoom.us tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.52.114.170.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 st1.zoom.us udp
US 8.8.8.8:53 us01ccistatic.zoom.us udp
US 170.114.45.1:443 st1.zoom.us tcp
US 52.84.151.54:443 us01ccistatic.zoom.us tcp
US 8.8.8.8:53 log-gateway.zoom.us udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 170.114.65.138:443 log-gateway.zoom.us tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 us06st3.zoom.us udp
US 52.84.151.54:443 us01ccistatic.zoom.us tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 1.45.114.170.in-addr.arpa udp
US 8.8.8.8:53 54.151.84.52.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 138.65.114.170.in-addr.arpa udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 170.114.52.6:443 thrivecap.zoom.us udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 zoom-privacy.my.onetrust.com udp
US 172.64.155.119:443 zoom-privacy.my.onetrust.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 thrivecap.zoom.us udp
US 170.114.52.6:443 thrivecap.zoom.us tcp
US 170.114.52.6:443 thrivecap.zoom.us tcp
US 8.8.8.8:53 cdn.zoom.us udp
US 170.114.46.1:443 cdn.zoom.us tcp
US 170.114.52.6:443 thrivecap.zoom.us tcp
US 8.8.8.8:53 1.46.114.170.in-addr.arpa udp
US 8.8.8.8:53 zoom.us udp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.52.2:443 zoom.us tcp
US 170.114.46.1:443 cdn.zoom.us tcp
US 170.114.46.1:443 cdn.zoom.us tcp
US 170.114.46.1:443 cdn.zoom.us tcp
US 8.8.8.8:53 2.52.114.170.in-addr.arpa udp
US 144.195.33.213:3478 udp
US 144.195.29.213:3478 udp
US 144.195.29.213:3479 udp
US 8.8.8.8:53 213.33.195.144.in-addr.arpa udp
US 8.8.8.8:53 213.29.195.144.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 www3.zoom.us udp
US 170.114.52.2:443 www3.zoom.us tcp
US 144.195.29.213:3478 udp
US 144.195.28.213:3478 udp
US 144.195.28.213:3479 udp
US 8.8.8.8:53 213.28.195.144.in-addr.arpa udp
US 8.8.8.8:53 st1.zoom.us udp
US 8.8.8.8:53 us06st1.zoom.us udp
US 8.8.8.8:53 us06st2.zoom.us udp
US 8.8.8.8:53 us06st3.zoom.us udp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.46.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.46.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.45.1:443 us06st3.zoom.us tcp
US 170.114.52.2:443 www3.zoom.us tcp
US 170.114.52.2:443 www3.zoom.us tcp
US 170.114.52.2:443 www3.zoom.us tcp
US 8.8.8.8:53 zoomfrarr213zc.fra.zoom.us udp
US 8.8.8.8:53 zoomamp30zc.am.zoom.us udp
US 8.8.8.8:53 zoomfrarq213zc.fra.zoom.us udp
US 8.8.8.8:53 zoomamq245zc.am.zoom.us udp
US 8.8.8.8:53 zoomfrarr213zc.fra.zoom.us udp
US 8.8.8.8:53 zoomamp30zc.am.zoom.us udp
US 8.8.8.8:53 zoomfrarq213zc.fra.zoom.us udp
US 8.8.8.8:53 zoomamq245zc.am.zoom.us udp
DE 159.124.42.213:443 zoomfrarr213zc.fra.zoom.us tcp
US 149.137.4.30:443 zoomamp30zc.am.zoom.us tcp
DE 159.124.40.213:443 zoomfrarq213zc.fra.zoom.us tcp
US 149.137.3.245:443 zoomamq245zc.am.zoom.us tcp
US 8.8.8.8:53 zoomamp46mmr.am.zoom.us udp
US 8.8.8.8:53 zoomamp46mmr.am.zoom.us udp
US 149.137.4.46:443 zoomamp46mmr.am.zoom.us tcp
US 8.8.8.8:53 213.42.124.159.in-addr.arpa udp
US 8.8.8.8:53 245.3.137.149.in-addr.arpa udp
US 8.8.8.8:53 30.4.137.149.in-addr.arpa udp
US 8.8.8.8:53 213.40.124.159.in-addr.arpa udp
US 8.8.8.8:53 46.4.137.149.in-addr.arpa udp
N/A 127.0.0.1:59755 tcp
US 149.137.4.46:443 zoomamp46mmr.am.zoom.us tcp
US 149.137.4.46:8801 zoomamp46mmr.am.zoom.us udp
US 149.137.4.46:8801 zoomamp46mmr.am.zoom.us udp
US 149.137.4.46:8801 zoomamp46mmr.am.zoom.us udp
US 149.137.4.46:8801 zoomamp46mmr.am.zoom.us udp
US 149.137.4.46:8801 zoomamp46mmr.am.zoom.us udp
US 149.137.4.46:8801 zoomamp46mmr.am.zoom.us udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

\??\pipe\crashpad_1028_CDEQWPJAVGVQSWVT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\Unconfirmed 32048.crdownload

MD5 bc48cb98d8f2dacca97a2eb72f4275cb
SHA1 cd3dd263fc37c8c7beb1393a654b400f2f531f1c
SHA256 c18fb46afa17ad8578d1edd4aa6a89b42f381ca7998a4e5a096643e0f2721c49
SHA512 7db6992278ca008e7aafa07eb198b046a125d23ca524f15d5302b137385dd4e40a4a54ce4dabb28710b71fbcfdd2d3315fb36e591edc2b3e1737b11b9ee45a5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 bc14f544c3d168113e2d3fb222ef70e6
SHA1 6ad296557b4de72e53c03d97f8cacbbf90491e54
SHA256 f2c6dd57b7245e6fc4a0498a7d3d644377f99b0bfdb0cb9d81548fac6eff14d3
SHA512 8dbd41b3c2a59969c62cee1f98d6de61a8bbe5a0d2920240126fa03b2dfb3914a374e4f2e9d51b8b3399cf5bbd7d057f7677ac402a2eb93db245d009a050dd5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 06ed750e5190c9826f8e0f4a444d788a
SHA1 9d480551f2996a20b9ea78eb8edb18b05db22185
SHA256 6fc91cd0924541a89af188c9e272c250de2ea33c664f1952e4a6c85f92132851
SHA512 c77043f2f0b8a2b0168e29f7c0f7e03b8c81a678508bb8e9e4aa5c2d77319806a6e55f8a2f01c510588b099fb1b7d5de7be5c71f76883b3be6df1929bf57f911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7261271ebb27157512d3e1da42bc0394
SHA1 241908c0f083dbbccede761f5c2ce91a2b59e540
SHA256 bf0e0136dfa5e4f8b42648451d17d3c6fedc1cd77385558b19f5f6b1cfa63fa5
SHA512 6b3536e83f055757348bf785ad2111bf3e7767ae0634db8e171a7ea758de7e50f070a986a4c575af878cc83708cf13c286a7ea741f8ce564c0413dfe95f99fba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 88c398a8d4d1defceb043afa54f6b90c
SHA1 e391151d5e282a11c79fe1970fe9ecf2ada97e8b
SHA256 553cd0853629cb5a4117979dadef36114f6fa0a0aaada21f8fed68747f8d97f1
SHA512 bcfe7b12b595569f056a79de7fc0841f8e191fd9dc31e8e95696b5c10114edeb831ad3798b09971dbcf2d13d1b077654511cf85aae875b4d95e5ea2803514a03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 10ee5aa13f4ff6ffe2f1920065ceb648
SHA1 b1d64dbd563ceb21823f85308a53a004077fcc11
SHA256 50cdbd76cfa572fb18e9bcee4c4897510bc51926e32e7cb213daffd0a7c62ec0
SHA512 1bae85b0f94bb7df34eca229d290cf4a87ecf219e508cfb4d25c6cf7c7e93b0dcd63d9240bedc9e7e69ae8d9add84ac10f3c87d8f39d317a2f64c86952bc6d98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b407d894ca5c70237682fbd01e5cd0e9
SHA1 2e621d1732baf6b2e91e343efcc094ea2fa417ea
SHA256 1bf1aecee84454b8783c57855687de876b28cb9697639042749be1ecc154e1cb
SHA512 83bf96de6e614654ec917c73129753cbac9e0b228e4f675a70910a3ba640c7f0ffb1d125e065b3289bd1513862252c08a969d9895b4c90d6a4f07493f00f97b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7369fe5b9fa785977545c7c25d9f22c6
SHA1 b2ac0b13a69a0ba03e615dd09b41c3956ea41aeb
SHA256 0937b45955a457bb2ca5f27463a585643c7dd9ff18a97d12830bdcebea4d1576
SHA512 daf32436110756c45f1316d6fa030b733c0ce8ba781d8ac67407b9b66f40798fd3dba8a484a51a2428c971675c4407dfb89e44cbcef4924cae3773973b755ef7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd60fefab4ec7892cf0fdcdb9bb2fecf
SHA1 3bdd0d270df7d9d1c1d1512023a6581adbba15da
SHA256 b6c429f3cba162c7acbd7dc5f7711269ff63eca58aafcc95e59b90dd8439e2ab
SHA512 6e0c16004c1e545508ad315f74881ef9aa2fc206c2b6b7a1e7aec9eb8ecbda25701c6f1f828c949b7ca61f3862d1617e1aa526a624f3bde84c24113d7eb1323f

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

MD5 0e2b19c5e6c1316a253af47e9c078791
SHA1 971ba1a9e8407eff09321f67b9a3c179e8d6c1e0
SHA256 bfed400ef36b0680c45237f51d9f0c69a2320a93567f9ecd39105d57e063465f
SHA512 bd534f2f19df8ed584114cbc83c0eb8d3adfd90b82560201a85f3349b0c3e098718e5d1c0c406eba4c3aa3b588cbb1ecd10b343e0db60ff2f6c698e28e58583d

C:\Users\Admin\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi

MD5 f89483d43b7a0d56989f0184f6938bcb
SHA1 d53c0d4e9742472f6e43187e93072f788975e1ab
SHA256 0f5beee62968b2eddbe2413b30abcdc045290e974da06a6ab4836029c51288aa
SHA512 1a058da2aadaf7bb2d2521f36b9ae55239218a01b2dc841e42dec13fe1a244c8c8e07a0fe6d0e3801c4b9b9c71911011adc1ad374c380022295508999335a119

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll

MD5 607ff37ba6d62c0a1f8b16a2c5d76df1
SHA1 6547ca203a2bb71dc1106490349ab01aee14ffd8
SHA256 36110afa90d56ea5402dd8e2b77255e9fcb8c2ffa4da862932ccc45d49caa1ce
SHA512 2a41f668b32bb943b64cf916ea3c7a946c7eeffd49cf11245fd42dba82a379c0ef074ea94d1662286d659b0f7ff9ea64258c1c4103de88ad89e455cc8b8f592b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cmmbiz.dll

MD5 45a60d9a5eb2b899060fee14997ba029
SHA1 9b8354c48c54bf66c7375d4d96483928f28fc1eb
SHA256 913f74b112f80443d84db39b33419272aa9f83ec444444f125f4de9823a3a3cc
SHA512 30e47f7ee0fc1055fbed7519b8bff9edc42edfc0dcd09eacf81034469b07fd3a7833c8ddb44fb7b771f4bc1421d2b474a300c2345958efdb4cd03e4fd8dde1b9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Cmmlib.dll

MD5 ace3328a5a0f87459e36592450299e53
SHA1 2fd94a42ba908465f1a4f021ecd25b7382d5587f
SHA256 3a63daacccfb214ce0cc2beedf8d8ae535bb71de7d5d17391209f69c18ce111b
SHA512 80a82150982223add1d409e744c4c606941e595d82b93b4061ca66ffe9c245a3fca0f298c5f7760a36a98427bbec5f90b2e23b4fb66ac4c2af4a456a31d7bb39

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CmmBrowserEngine.dll

MD5 793bb2beb57a01806284991ab2774634
SHA1 a3a83197324a5be14e63743349e11f8121b6b3ea
SHA256 41166b4cef0815d0f968b18e613708a97ae230d6b3f3131a729e712057ee4a22
SHA512 6718a47ea29f842fc6efe3ebd9ae577f3fbe146ae80567e25f0264fc8922a2e5ae46bd04526bd299c15402f2f4c08a6d6a4ae8b9e813387e9e879cf5344f92b1

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll

MD5 1bb1c5799d0ff0b7d3dc9634018c31de
SHA1 cab6e7956a6cfa5cdf7079002d499a19ff81daac
SHA256 9169f12ada74c4aab2c37c3f71423e9755d0dd6c6cdf2147c9f286d1a84a2730
SHA512 9e6b6a789cb3c47df25c89a13fe453d124a01b3c842038e8d191d5417f02c2b4357bf72943c9e60a2888beedcd65a9dec18061c7f2495d3e40018694c3143522

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe

MD5 b4568ee3c44468b2624277dd28b1acf7
SHA1 e7a98d556872cfe0fae5d9aed849ffbb75033c55
SHA256 4153c54195afc48597ec0329aea1e5971944e40d0315e4df91a58330733a5184
SHA512 ae0b1b7ae930a5f3de7e0e19453867ece8965a05299cde777913d4a5b3685b3523062fff93ae9c49fb20b1829fc8c92fff0a8acbacbc082b6ccca00897c8e860

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\crashrpt_lang.ini

MD5 fcf61aed8f093bfcf571cdd8f8162a05
SHA1 8de8177798aae82d5bcc0870c1ca5365f5d9966d
SHA256 1f5b45a5411f7fc71b9da789d6d1ead8ad30551fbea7bbb40fc7ea576d581abb
SHA512 8a5d252d115f868a4e20fce10f9f9ec5f3948f0ad5680d656e0eba1fd167d36889e54c6e59bcde756945f93685401b825ba9dd7243d907d74b58a1d826609d72

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll

MD5 0c5ec54de95e1a320e5ff90d3057d964
SHA1 803397b2c3d65451748f0c04a7bd7a97de9307cc
SHA256 07b27be2d029aa4478c77e1747fd7ce2c082abe10c04db9529563643984db9ac
SHA512 f082eb8e50531a69227322b8891dc7c9f8fa40d5716f5df0c73cbefffd0c6763a785fd05328ee48331d3a5730959b21831c590c4ede37a17c3529f1132643687

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libcrypto-3-zm.dll

MD5 e3f798f96dab17a9e31796339ae77067
SHA1 50c34e1fbe6298f86dd0545c0f6383604e15fd94
SHA256 a628dff07fc4a58c5fbbb6132875729d7e73c340e8ab5dc84012bdbdb4a6030b
SHA512 b412322d69390d00bd4b61e13833d02ac45d1d03d3430d64101a77f5daa9ca5afca17681d260420c017ebbf2668ffd3ad9e53120abd77da255614da686c23820

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mcm.dll

MD5 7a0f481c49d03d20cb30b2a492e7d923
SHA1 55f6ae9bd38c827d7217a14e28120c61f9904279
SHA256 d20fc2bd35939fdf34e4a33b8df5c1b27ae64bd7ccad8ed7269b45c91c37b505
SHA512 101db7a6fb6ce0e745da4b2ac35212e09a3674fb993d04000f9910442889bfaff46ae3717bbcd2e85c2d3763b1e445fe0fc831c59364fb00f313641026ad118b

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring_spatial.pcm

MD5 d60d149441ac263dcb477cc17f29cf35
SHA1 a5f8bb83e31164070b9b904a1af694f87be96a33
SHA256 5358f9d08ca9c8f97c66109cc804d90d2d61c3d18a7c0da230299cbaab239b17
SHA512 af3ccdf19b7088e491ad98f0e23e448253c87fecaac9f9434fc49ff201750dfa22e1941a6bafc0faa4930e9bd9e2c3a8db38b4d10edc999b7034fa760e8d3758

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\ring.pcm

MD5 15f886cbaee088418b6ffcc29115c64d
SHA1 9147beae4e9138ba609f67e75f9cbea7651ca307
SHA256 29792a0893ed2457c3872c4418bdd71f5e6c1b8e5894c2c921f8a8f8d797d4dc
SHA512 e5228897cffb5e05a7a66471c52089ddb682d544ac3b4ac312804883a2d335b60edb6236286dbfb6934ed12715709f8ffa09dc7014844acb89bb1b0e205a2daa

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\nydus.dll

MD5 e986fdf64606a83d95683daf8b4e2e10
SHA1 02575fadccebdd5b9015183e2ba43c854dceecb0
SHA256 89e2da17fb98d8f6f47b31ecc378e141425ca6342ff9a94881e3ca852a02cfc5
SHA512 f05d4b2b0f36cb7315f2ef3c08ab2ae0645115e3f8fb5a6b1876bdf0655e61dacb329dab98e668f9fe4564f06bde0414c7b421640bc7f133fab40f724f10ea2a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\wr_ding.pcm

MD5 c9318cc2306bf6b1ee74a5987a8d371a
SHA1 f482d3de9e8dd7c04344fab37d067a08233b64dd
SHA256 58cbaef9b7177a4e4427ceb303b852463964a5ac4e979055021eed1901ff164c
SHA512 04ccca6ed6c13872e8d967a9eceb7b485c5f0f7442259395773a1ef168fcf317e60e22ad2840579e4d8b849d1606190cf5dca0e00c2f88cd1891b8206e9a5ec6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_stop.pcm

MD5 0001fecb6b6e044d221fbc6a7e22e313
SHA1 c73a6506c92d9a1188aaa793afbfc1951cd5340a
SHA256 8cd8b4d3e8447d82dd045c7a3a8f175b97376c3db5895506cab0af6a0075226f
SHA512 1588169348727306e9c4ab444a7857924bcb88e4dca2be8e3526a2227cf117702c47431325df1c83f71da34bb35c28d1589eb3f59cffddbb3dbbe1d00d8d76de

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\record_start.pcm

MD5 ab8a5f2981e225d3edaacb520083835a
SHA1 c60c383fdb6850cb5013065576de87610270fba7
SHA256 193c4ffea3de04802e97e9e62fcd8533d8ca53e7306ba113a2234959b5262eb4
SHA512 4381f709c5e9d0172027fd2fe65ce37b0444087d3e9d7864cd54651cdae6e8429653c02ebb7a55a5de194ccf0d674f376961b012b088e131a11b7352f1ba69dd

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong1.pcm

MD5 8fe86d9e8aa5c709bb0563243172e580
SHA1 c22bb02d82516a66f8473dbb4209bf22bb60fa14
SHA256 2fbbb9ae6a463b360e1459bee558dafa8d864db2423f0fe4d2c56d22c3f3a5a2
SHA512 6c47e964421ebab2c0c6199b97fb9c61b0a228fc654abf2e4d2bbaeec9640be2a5acca92474dfdd0b43facc71c60a9c9ba727d300cadb6128ef1f3dcd9a6c10f

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\dingdong.pcm

MD5 54511224e61e71d2915ff67e57dcb268
SHA1 ba45f16f12d2e29480952367c0c6bd34fcd16827
SHA256 7aadf0e317831d287b51e41992b43f0f381ae48a312cb77a426eeb3b6129d6d7
SHA512 46b4ea771328a25c6384d5cdff7643ced94dd446830b165f80fb69df2dd2754062dca0636604602a7ebad4ce29b3f8ef62a81f59cf5502bfc78468c8c67a41ff

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\unmute.pcm

MD5 8cb1d13a418a60762bf3a3ee1aab96dd
SHA1 f3670aa2effd3ae73d67468ec3766181b1c27789
SHA256 8f045407724db8ec0e6bb8457cfe09856e80492a47b3ab4a03cd80f3a5f088db
SHA512 00657ce557ba08af58a7f45b14ebfe76ce067eeac07ad28f2a086cabf48bd78570f9894ba4f8f5bb1af66ec3867819630aa3550ba73eecb7232c4eab71b1ab85

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\mute.pcm

MD5 0c36d3ee8b0780bf848bff08fcce51f4
SHA1 bc009e83d4416044d660f3b7266e4035616014ec
SHA256 b778592a0d29fc31875474a84adcbb9a5bad1fc095e7cd2d408b3da219424a1e
SHA512 8cde508b52dd45b68bf796cb0fb8995a94ddb1d76ae2827416b8d1122ebc9afb9ac20c42605fcb4ca94263a1cd5a2a3828f5a97075220127ec87cc6c9c3133f3

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll

MD5 434046d361c4cfb11e236878a5b517d8
SHA1 3d97e453ae2735941176cc8c747f3cbd00508fc6
SHA256 5e670419382d79bed8af171e94edb8eb7aa1146fe555939a45170d1dc939cf49
SHA512 08a66b96b6dc52cc0457396c43cedf83d5cc84e701e2dbed2d814a68b0d4b09231c38c3beccc55dddff6e1b5069156c51f35c6f407f91d6f8009e2978bfb99e4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll

MD5 dad5b09f18256f4750ae4b09ab2a9248
SHA1 efe20971f2ea11b5f5972a58a3290eacea4edb79
SHA256 425e38e21350f8841a7d61b5555504245742b3a58752c73edf4d44d5428a17de
SHA512 b8919c03fe0c4cdcf07cb418c634158f7a522e75256a1042a1a8138e0a1fba54709ddaa7799aeeb1b4e8e684627d5de330cd4728b3678f279cf01078130068fd

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\util.dll

MD5 15ca6ba6f87f2a8ccec431ffae4dfa99
SHA1 7918f7fae5cf1610174f61adcb8f2103e845ec42
SHA256 927e2d8084381bf6778c46f7d03ab97f7804117f980bfdc14430c37c08775b28
SHA512 c6181854a8b22c8e479674eeb15bd248432f25d8b61899716cf60e9f47df24a5fe9d4e969f94f4b08dcdd43987473bcb3ee793952c053237093c79dda6495219

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll

MD5 65b71096b98d91452e4ac057304c42dc
SHA1 8e3b62066b62a39351db364d078738ab16ca7dac
SHA256 5f99df58d647998bcf2dcd1cd5e63e43cca90dd31d328412af381f4fc915e4f2
SHA512 664c10af9a29cf80c242ae1c03e6ff09d8a6431d0ffca9d14b1777b82971d31f4cf36e4688671a08120647ba1a8f19782194644cb751b680282655db30f11615

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\tp.dll

MD5 0dd7a5f5c3c2fddaad602563d881fe11
SHA1 9917612865b43c3d12b5319e760efe42b294b540
SHA256 42a7961256a842015291d0d2d0a5523a2dd3515e0671fd348f7dca0e1fa0df37
SHA512 7b5a30e3b478e74fe4baaf828953e4512f73ab75d6a41b15ea74fd1763481e5424d4e8aa2a12b7beaef6efe2268850a847144e3beeaf8903260c2bae92386f0f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper.dll

MD5 7e301c4e3d6194ed3eef3166b2893fa5
SHA1 67710a0d0324c9931bbab4b5182d19d2b98a5fd7
SHA256 8f33f9ab36e3882a4bb5563742a41be489456c31dbcf2816b2a2872b2246998d
SHA512 b799b6d3ac01889afac3d362b57b9b4cca0beecfb163e57b709bd125a78cd5a7d441408430c6d27ff3339b2f5dcbb5d439bffa2f47d9ccd4ed6994d53f55d707

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll

MD5 b293bf2006c1963c51f3b54aa7f82439
SHA1 20c210d6a352c5edb82b5ea840ebb82b8488bab0
SHA256 14c172b9979fbab92bca53a35b7e88d27adcabc7dfc56689d159d3df1f0d54f4
SHA512 880cbeb66e2dce77e4a7ff7fac43fb00e9ce21d008d014a6354c6e835684337f8256902045967f4f91e3f4baff04ae57086531969f1de3e34659130d5ab80fd9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll

MD5 310c843b29ad36cedc8a5226725f4fcd
SHA1 8fdf8da0cb66ca276c6f32263e95e9035ae8b3d6
SHA256 579edc0838af4182f1887f842b4d691c1dedbd79ebeb3684f24c4558d7f1c230
SHA512 bdd757f42f2745774160c18e21f64f6ceaf6f74759f6f67c944ae40ebce9d0e9a69a5a46491484a1a3b48400b2ec9726bcfbc3e4697e56b8397363791690f5b3

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll

MD5 0d04141efe63bbf7ba8b55e84cb6208e
SHA1 556e54859cf26f4436c05434b0adff720f5301d4
SHA256 cb62a093507571ba8517cd80c7a89c6376dfc94f8cb47acfc6abcaed5c2bc21a
SHA512 0d5496d41eac38d4491040c034cc5e897d985b300643f3fa892bf43bc0362dbd7c0cd3f5ef4fb299bc0c37d18f49db814b93f530467a903aa679c933ab97d8ed

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll

MD5 b222dc98f89c85f0e21f600481f2f81f
SHA1 6b37cef920ac1027429c73b1b2f709b2334b55b7
SHA256 f2fa6d0d84c4d0ed42c8ef75b5db09c776998042785fe968ede07706e5c7ddc0
SHA512 eab57393b87daabef413a6551ab2d53215cb6bfe143fc517951926cce8bdc99865f1519a1526204c3f56f663883bc04b7dc843ea9bd52318df8cf465f6ea8255

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll

MD5 6bbb72a0d64aeb69dcb62678e48fc31f
SHA1 0e08ae00351940f8d0cfbcb868654dcb1fa7c112
SHA256 4ebf94d46792a4ea7b07f0eec097b72e122d0aa61b2be2b4b0b76c3bb552db0d
SHA512 16e302c32cfe3bfcb75bd95284f43b83aa6339f76d343b0ddeb8bccb1a3a9ee80cf6f3c106389f46f42049de8272db89a671e5056336ef3c6cdb9d6491d39e46

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll

MD5 9254f297a117cfb8c57338d154f9c1e4
SHA1 cc473ce82931efc523136b9c478ee6e61042a3ac
SHA256 bfdf7a805f8e9759c36da2f7f69b2b0d704a3fbeedb2f3b3e7f5b9f202388579
SHA512 ff9323af7dd50d36ed456e971c708b9aab6a143964f6030fd83a63607f66690eb6cc562c4f9189d61aa7a8df4900136d25a3e2e98f3c175f5df5151c43d8bb8b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll

MD5 60407ca74075d605856fbdeafcb5fc40
SHA1 ddb7e62c739577c26c0338d4152e83d6e5ed5770
SHA256 6d3dd39c441de5dccceb43f24995758ccf87e3428dfb12014af77a4d2bdb3191
SHA512 a50825057e1aa00ecaf09d044ce7ea67dc9d300ec348c7034c06b98fd1995219737462237d71233d9053943686eb11b51b87fbf68f5128f00dba7b2fd7f06916

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exe

MD5 a006cb8ba2775164c95b5f16cfc8a573
SHA1 c5793c9316b8cafc0f5c2b786b381ee42f8b211d
SHA256 a2c0789285b280c403823c4dbf751a6579892c2f8a37d21a3561b0ba1a63cde3
SHA512 5d41e9f40d7e96ebd801a34abc77f7a31238dcfac02d3af9ae5efb5c19c12ec29618457041009267d15d07794fc48d4347eb56eb504027e7d2b184c886b204cd

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zData.dll

MD5 5417c834f264f4e0deec49736d6598d6
SHA1 6765ded2da68fddba704097b6bb2ae04e40e232d
SHA256 cd34c65b1fc6120e7b3fa349347b521dfd75d62adbb47ecc6e8569c14ad86eb2
SHA512 82b9aaec48942cb7dd65812e6f2800bc2ff6a3f6bd97f7846cd38179e97cb2ae478d68936d08edb647c2b46f2bbe88745caf5d45f67a8c9eb210955551e13b02

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dll

MD5 c31aed02c0622ecb53ce35dfe8fc3ea1
SHA1 1497f7a19bc8d4a6a2775f5593545a65341fcf93
SHA256 de44780545345bbe2c230e019f73df0d3fb2163d5ce4c2eaf5d7add7e480c5fe
SHA512 f1c0dac26e2b1210cf15e7f554e48ee61cfd57ec54be1291347c96ad6a09070820d7bdaab495e8f58198bffa29c47b91c00ec68af45ff0cbb5dcbf387942c78c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll

MD5 bda4e17450deca039ea7ab2ebd14d22b
SHA1 dbcd423b54511319510407f6875a143de15cf512
SHA256 31faf123f35739467522c8899f61537c69f822a4211f690c729f1cf8e71a1cf7
SHA512 90ea23099f5348af36ed70ce7879bea68310813c0a05c4a69ceba284b0f5b5b70d58c1c8b9db831d1278c213f493b4683bd3641ba9e6fbe10ae1a332ce23617e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zlt.dll

MD5 38c26160e812ed99f71e72ef91b03c32
SHA1 a27b00966c3a797116c8cca9d8406f2d52a92722
SHA256 6d09d0690f2685724ea6d7a74307a1073a14cb178686c792e83e1d18428b20bf
SHA512 1b7c1d9b983bda8b5038d7204c3c95ea6d3735f9c472021c340b75c6aedf5158754fb6d77e6cf6cb292a3601866aeee28da550a7ac4f0d79ac14b43e59372f5c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe

MD5 afcb8d6a5e29e76d1e2d27be9b3ae783
SHA1 4a7220b55dfee2c2027a31cd3af7a9960b2cabee
SHA256 3ea5e09de323d4dc44d1a906e36d2c16146a07a42687972f55cedd16facd8c62
SHA512 bf02602fac0b566e6f157cb63ff9570ea7b90efe8cd55c187855bb7ffde8aa758afea1371ecb4855522455df3527c372c31a0ed911f1739896cc834c07836597

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zmb.dll

MD5 4b07c1532b53fef28f89486a127dfb9e
SHA1 80ac10a4c5084cd4a4983c69c11e4d2851efd8aa
SHA256 f70fba07d5ea665ee0f6a47363ccd40653a6b53c809cf5babced28df6706ba5d
SHA512 9c8940a14cf30fa772c8048790d92f0c0f6635c94088d78c6c56bfe014c9565352c9ffaec10f375436d648f046b35f38f969b7dc40d69fc17234ebc1d4de5d9c

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Zoom_launcher.exe

MD5 f6d0797086e297869bd586cc9f2e44c7
SHA1 19d1f73ffb1ada038ad025ed8d2f27ee4ed4cb57
SHA256 7f52e6512e98921a9c7422906575dc4d44ec5b1e04860ea935ce7901c48a7460
SHA512 7e0bf9ac61ee1b56dc211576e0b47be69b220ef45c4f5cd47416a6d6aa268642c12bb5374c543f4314b65f6765ea9f1521354eece30abdfb2de9b6a16f837686

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe

MD5 eed4fb1f553f587d339746b6e4a1153e
SHA1 c72ea4c6623d8ea61ee6435b18c8b5def78eb858
SHA256 2c0cd95e3ab774fb072a51a46b0b8f011baab06895953516b20dfcd8027ea093
SHA512 23520d8dbce26a160d8b1deea26add90e2fdc37a96dbfea60c011570c3bf80cb26a60b9c6c3fbf7344f817033858fd907ecac739aba6928690b0073136f4850a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml

MD5 3b91a8f3cdbc704f44fefa65effd05a1
SHA1 88182302b6262f887736cd12986b1485b4eac932
SHA256 5ebafddd3d59573d67252988e719a0e75a087d7d9178223a8a77764cece645c9
SHA512 1d2944b4518aa2fe36487cbee98338b4ccbe62765f8b3f8981dd914929c75b34af63009f0e6799744aa274aa5aff4df91db37619f71385dd79dc71f4d83a9911

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll

MD5 4205a48ab21bb616bdda0cf310099bd5
SHA1 e7b63b54316adea39aafbc5135ba1e58b2e5a635
SHA256 260c9a0dca96b6f40b552696a288677100506808a84bbd5a50f305ad78f2b59e
SHA512 109249285b9e538ddab97ce223ea3af8f0f6910f5615c1e0f428b44ba42f254e5a6fb8b102735d90ba4565900b1dc4e69ba3155ebbd34915c0700b3e14b5891e

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll

MD5 838c7151e5996a91dbad1c780150fe9b
SHA1 76eecf240625d6f6304213540644eb7eb5c4e664
SHA256 c2613796af88e0318b35c51ed7d76aa601833c1e920242d0c4e2b2ab1ebac643
SHA512 4a544e2065f224378502fe23482b21f1795dec1e9eb36179ffe27613f45434573a4783c2c06592f0d15525b82cef0a53dacb93e3ed00ede365460698fd06d480

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll

MD5 2a6def65f88f08b15af36bcad23f581e
SHA1 1307dea12a99a2bb70be60f639b4c35f1b316a51
SHA256 dbefad618fbf6699898f8ad7aa5cb2d14fe31a6cacf06262dbe82bf414e0a8f1
SHA512 c5c110fbf2a01ebc242e97c7978a03baee6fa459f29d33ddaf04ab63cc944ce1be4b3933453678febf8ad48b5999230c85141bbd25fec3461dc20a4f9088b824

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomTelemetry.dll

MD5 f802ce125f1a36d2d69e8722c0393f17
SHA1 469fcfbf048d85eb705734c719033c430af68cc6
SHA256 16c681442af1c9c8d269252f08ef09c62eafefcbe9d49320bc30d497fbc80ac8
SHA512 2492096de9a55b13baea2adb792cd2a981b52bd6c52ba093735c9b9681e2961cea6f80dbd9ea28a4c5afc8652dd9619f7e16e17ce0162312a023dbb94baa9b14

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNet.dll

MD5 f2e12d0af0136ebb50eef351dc08b65f
SHA1 549bae8c86d1d62ee615a93a199d53e50b83fcbc
SHA256 1b78c15814fd0b68d683ed7bdafc02c5b202e086a2667b39cd299587d5f32ad1
SHA512 72c6784c96fd833b78ec69c1124bde2fba8a9854da05648fffb686d7d2a4ce580ef5e034b444e8ca07c8648b3c9e04612a491d524f148e16bf6b4277b03ce8f9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll

MD5 43f4f001c311acd6e6cca77a2f7e836b
SHA1 32a91eec2875805a80afddf19783d903e7911f70
SHA256 955d80603227791ca28af81ddd5dbb678e2c4e3bbcddb5567e991f3a2eb13adc
SHA512 8d3f13e49396bebcbb16be6d9cebb03dfff8dab2ac27f2fccb7a10b7fe795a4c4d0d9359c0500d1289ac3969c78fad6da565d2a8dee48cc444df47e92aebb49a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll

MD5 e52281aa53ace2e3f1d55d991d23a2f1
SHA1 2b5c3d88b1b57df040b5cfc0f9f0e98037d2ff75
SHA256 1f08b02625b66e61c09a0adb2d7cf97bc13c77476cb5a83d2569c15f30918903
SHA512 6c626d4c4c15d42630a87318e3333869963fe10d3834e6c2d17487abc24a57a189f52bb00ad2c64a8ebcd4d26939aa6193266525b858afabed4ddc960a8ff8c1

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-medium.pcm

MD5 aa93ab138ec89cf7cfb8b4b0ea8990a6
SHA1 d13b139d666c76cb12e1c0280c1343770adc8aac
SHA256 d754fc9d9378772b7a17a53e6598c9cfe4a0f3ec492f0ed30241020562f58509
SHA512 f91c59cf1b1645b24997a1201bddb52953c0904f855b78add275d71401e4f9e6bcef59fe1d7205e222470689dacf2d55ae752cc2be66bbee5258db284b42e6c6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\clap-high.pcm

MD5 c32f95839557340b4b4197a68847ca1d
SHA1 0feed637c4766b9b30ab6732259670f8c12c5538
SHA256 0a16435cb3f7b8b1787476575ad646361e6fb4c07587df874940413de004dd08
SHA512 f5f0dd4a313ff6686bed5090aaa64885d319b8fba51fb2722b764668b26f06ce95164444652661b027e35f3c6928d3919422e4816bbb81bbd0f7914869004700

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZRCSdk.dll

MD5 098f2594f0e3f5a290634896cc1b4319
SHA1 93b2c297b803fb6c62a7453dbc1660e6c44692da
SHA256 a5daa8b24bcc9b84d2352cd0814ec0845a30b542f7304e3daaf4df759e0a7235
SHA512 748aed64f5c9efdad395288c2752cc77843def672c19bb9f3545104f64421ec7a977d4614a28c252d3eba8cf4d4a5902d4e3f35e2d5e10e4dc57c1140498a1ea

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll

MD5 f4f964ba3d0e88b7cdaf8b8f978646b6
SHA1 cdc5c1eae6d7336b995ef670ceafe6e5a1b8bfad
SHA256 bc5f20783773b1bcf8b3f236ae8e2fb35f9539fe8e7bf9562e9f7445e098bb34
SHA512 cc631b0f18eb0c3db41857ce71329cb59a0e62682fa670c1d7f238a3aad99362c6b1b61ca6d5a0d69bab2af29db55c21bcf20191dd58037837c71d2f0fbbb398

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\annoter.dll

MD5 25f7b63cf99af8e8cbd21e3d4dc9cc44
SHA1 dc508b44e43530b63bd953a627caa91dc9b408a7
SHA256 193d82eb41e5a76532f3cc44bb146f30b9ff713da2f8e3df44fc5754802f186b
SHA512 68ef52173d7eb3f2c81f6a76923267a239787234dc9518262b743912477a90d5dfa09e4e57349a038a1b4f04111f1e67cdc7e18d78a5c5f298785ccdd89c9167

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\cares.dll

MD5 d652208049b3b74c6208b5b687e17b25
SHA1 d78a1c3b67944c9aa80247a66aa66cd177d52505
SHA256 b4b570f176cfb6302066d24cd3ab7c6b321a06a0b7f8ae75e3f50e21b3107981
SHA512 8668da59834d3dcd68632d742a62fb03ffe883df75ca0e0ca47042000a7d2aa7f7cb99d7b533cd772fb7ab001962a657eabd18a77d3f6b1ad9c8d931a5a76c0b

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll

MD5 96712d0d372a44f31083569d5c2ffd28
SHA1 bc158594225586db1398f82e3e7e5fea2991eba8
SHA256 2a370bb0e73c5843eefc245ed0e8ece45c623c09ac3e2af5a20ce48745c5e886
SHA512 87e521a1efb6aaf0b4d506e5d3fbbce36683e38b21ff62c1f099ade6b068b670e5c5cb13d2df164f4277f709d8fca2f30d7294ead28c34bf737972e1c38cf0d5

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZUI.dll

MD5 8faea8ba370c6a1aa857040ab9a258d4
SHA1 be16aa904ee4157909dfe99322238d0c6b708183
SHA256 021cfa739e5c3fdc4201dad53553d632fc1d47108f105059baea7e40134e9d58
SHA512 5c1540b2c0040decdbbd7bbe6ce0780b02e14e496ad676836bf9fc15e3e3e61b8dfaeca8cc86667cfb9e14645d67f88e8d1ced7179dafbe659b1ed6da79d042f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUIRes.dll

MD5 3040975bfc776cba27b953b15568ac86
SHA1 404842f38f08dbe67057d6da072bdb3c1caa9b7e
SHA256 47f42ad5c28d98c4a35d59f2b00a6e961623b3bf68f7913242ea03b34c6bc825
SHA512 7dae23e1d216da897449a28029fb8625c6b50cf248f521915db45ed04007b23636482971b74b7ce29db41a3690861ac3dfa146bf6883428aab19aacdb2097320

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll

MD5 60dead0eb47e0207e0c1bcf2d5bf10d7
SHA1 d492cce9bd6023a20ed6effb618bdc8a48aa8def
SHA256 7d3ebf9652c2e09c3afa8a1ab8c3a5c450746df3a50f4954c6f93e98de33c0bf
SHA512 17af84e699818f718c06e3613bdf678fe80c61965582ee600d3ae1493b6fe67f3b5a008ed037e9af64418d017f514e4bdd9b8b4443838e7e6087356889581550

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\reslib.dll

MD5 c2977da1448d6c7cd695aad2a126f10c
SHA1 65a5a3dff5f4e4fd1b5f2d836750e967336bdfe4
SHA256 80402b7da4c01459a71c05fdca84e0d0b47f283dd5a55a50694a0166f5c53b9a
SHA512 f38b39c645faeb10a28250b23e4e49f34079d7fc90e1a4b863ae83ec960b3dc9711792501f05e404e04ba6d1bf219e04b0230911c66f16eaf7edc777fa9d0ffa

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt

MD5 7faec2006bb231d14b794a9f31769448
SHA1 c2b5a34fe521502f6fca3031201b47074f30f258
SHA256 7ed2acca31a243ba107d8c12fddecd52462fd326d3d2c73b04d4cf10c76765ff
SHA512 777e0ec5d6b599fb0eabb8180fb6f302012ff12245e3de6a3dc568798cb057858eff18b08dacd28a72250236c4767abc2583670d92a946f684b45cb5144bd7e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\directui_license.txt

MD5 ab54b14548a4cc76dd7c27414d971111
SHA1 68a3888b33ee1c5d5efb913846867c9a8788cadb
SHA256 6033476be3d1d41166b65984e2be94c87ac98dce55bfec887e932b696e859295
SHA512 cc8c4d90efedf4aeb3ba3b64ebd0e938576867618a334bccf3cb6790338c6a1da239393a618f6e6a1186cb363cb514ac9528ada51f0090fe2fc709e5c666d971

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll

MD5 2b7136a220551b7d3609ab4a35680156
SHA1 74ae0ee8f409510989bb39a295deb7a2bf74836f
SHA256 7b42bb00ab8c6d74e391add815d78b20ed53f30657ef065997b6643b37d5c73d
SHA512 30b697eb385c7d0073bb522c60f65ec37a5058b3e2ad911c600b039ee914cd638401438bfc21e1e515d19e1c63fdde3b3767ce39ca65883619da771633d640cb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe

MD5 00f083d9bfe05cb711e257da07e5e536
SHA1 b3d942958eb09fe55d0f91d124db30bff1839390
SHA256 d9e2ba68197bc56bb974cda83712c6fb52f0857d1809a6dc32896ed648319765
SHA512 c7f9499f70319f0c57d8da1589593e8f3751999a54423c14d757d96ab4b640f67ac001410f56bb2a611a28f582b533139515562a5ae3344726de70dcc6049c63

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptService.exe

MD5 8d2cfecc1d07764c68fa1053a591274c
SHA1 610ff4ce7074e5a6e8b5e848e1f993cd0a325399
SHA256 c517bb5fde32a5d72890938125699689a1f8d2169b9614e84a9ae8c46cb34591
SHA512 f04883646a472589adbea47f997b4ed14b3a6f88d5e01785bf284b79ac983b1df06ed0dea2b512c31e04d8bdb621dd6257ea94e9a2409622f0b603125cd3cc10

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\leave.pcm

MD5 3fcc19f6a199e97646a0ab32423c9332
SHA1 05613b14d6c7336b24e9779963d245098e73b40c
SHA256 efbd514b0ea241a560f1333cdbb90a9885d5c70c01ed032d11b8a672b1096a04
SHA512 b370ad863badd0d86d982eada1fd98306b686ef1cca4cc522558cbde40257effa96afd7327141beb08d9927a6b190e0047ad7978e87a41bf299f030c1cee121c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll

MD5 525c9c85d361833af2d86e5e62d52115
SHA1 e3534033ac844624362c234624301deb582cdbfa
SHA256 75b37e0835a4270b17afeed794dfa51b4fb7ec6ebdc68d13d6f866dbbc7d5209
SHA512 677139c0b501a51590265d9efc7c35c0f14db621a8a6c1e385deae509050f7b76b02031fcc9f1e94de970991c5bad1e09200cef1abce55148b0cb6808e5fe5ff

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll

MD5 5ea79049448880ab675f44f40ad978f7
SHA1 6fa1abe6dbfdb8c3237271133eb435eb23ff76f0
SHA256 d44c3cadcd7ccd0728c21d61ff9ef70b4959362b9f5e8ac2841feec444b8055f
SHA512 a48db061c2469ea534d74c6051830cd45f07a90ad7f30a50d8ad7708921e1ffc5506e799cefb34f296c0f77de8c37746816ca625835c5f4ecca7067e671e995f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe

MD5 06a9649b6a3ece0608f4ad0b758cc0ea
SHA1 64c93b6c8135394a6cf552733e09a260042502bd
SHA256 fa44c549fa1651fb6577af998a73eed697606174be3eb6c7ce1cda2593d1f699
SHA512 d4988093e3cbf9a7511e25b530d17cdf9b5028264118e8f6e691eba3a3cb174a149ca510a79591a887ebe9836f7a13421a321e97e6fe26469df7a20429ba0d46

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt

MD5 078690812af4ba8567fcc2af2ca1d307
SHA1 f4f94babc436555d2f5992e29aacc47433fbadb4
SHA256 e82bc3dd03400aecabe12201219ba14750dbc4b36faab58663a7a6068548d372
SHA512 f4e1f1092ab90f380a63ed1954023722d265e32f7f3d9b86100fbfa7d6ecd8c584a7dc22b4e3cc4182957136e2d765d0d6a293694b739377c09b076e5fe448fb

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll

MD5 873e1ed46184a3f845490144dfa50bf0
SHA1 471d0f6aa282d440c3abffe960a6b3fe4a12a2f2
SHA256 4f75291ea9ae323b2f81930cdff8a27a9a75e68d640061493f017e20513ee634
SHA512 afb94f4f8b6d19920f2e136671f3b331d7f9a653dd63ccf8ad24f2e21c1bd262f2ba6dcddc946dea76ebdd143b72148fbfbc50b70b3a886bfd5a57cba62f8f70

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_raisehand_chime.pcm

MD5 cd7d41d5204013ce176c99c225016d6d
SHA1 996ea48981e81ecb107cd77fd0d6e35edc4d4214
SHA256 cd9b81d47633fe9aa3f1020d895161de8c31797b365f93dfb22a60d920cc2eb3
SHA512 44afe616a2596abc76cf9f862837b26c00e6214a08b61c6569e7ee07ab4331f4968d718889863cffc74ceed55ff377932432c7191dba4efdb638ea3b96badebc

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\meeting_chat_chime.pcm

MD5 b30a997b4a9df68d8796eef6f457f4aa
SHA1 23890fbc1f66c1061c60b8287659566c69b297d1
SHA256 f2ff5d73ee2a89135094ecb5165b30e351bb24ee4eeee95508f311eecdc9811f
SHA512 8cfc3b13d7c2ffa0438ab12669aef756bac76063cbf317e449e5ba4127c0604bab6fba793866857f4a68806e9ed779c0c521fc46c5ae3aab42de7c72d98613f4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomDocConverter.exe

MD5 8a880ca07c700b778c8451d4f168fafe
SHA1 4961c7c9d1ed78f6e603cb43ac658dc36ccfdfb2
SHA256 1005deba097843969616abf94fee9b33d7a8e15b02f48f14316ed65d01ce0d25
SHA512 1870ce3f29876b8fa8ae0929fb3290e3638575731e301298007a284b5e8f824af9a297b3d0b89d31900e01c9cd0094b18f7469b07533a494129a432e9b7058e9

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\Droplet.pcm

MD5 923d4747324854f50ecf69324741c8ca
SHA1 4c19f847fa8fdf55e27b2847bfe09789adfb9e59
SHA256 3568dba00a55d25b736737a48163c13c1348afc5d4022a29ca0d3724d29ffe9f
SHA512 4ae265a89f693304fbeeb661d46d0cd96304083af75b5c245db63a632f40e08ca280a68f20115c6c38f5202801b29084633ffed4da16304689c4379f77693a0d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe

MD5 5dd40f3770a551153c17abf079825470
SHA1 70e30e3eed9f218d46c3d042bf120430df4844e9
SHA256 823af74da153794d38db996f38ae0140e6760dddae9904aa2685710465a42a54
SHA512 4639ed8d7c6e1d9afe37a0daeb981e5ed0a79a0e27f6e058059eb81e6d212a5e732509b47f3ba08657135dd8a9410852b1ec9b15b3254366796ff32e62278418

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe

MD5 dd4dd9d6a2d43863c34236005ef84bef
SHA1 a0744fb1935394b1882fdb8db007bea0c0cd431d
SHA256 90c36a8e42bf63611fc474bf8bfeef4229bbac8cffd2ed39ed06e8e5662f5ce0
SHA512 0a63beaff0898249ac8eb2c80721e8f01024c4fef641f582c40bcdc85ef49c7fdf9a9e8113a84b8f01b4f8c50651768040ed84dbf7bceb62b6667ef5002a382c

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll

MD5 cba2701267a7db4e288f58096c0d5b26
SHA1 ea9275867ebfc80c0131af57f21cd8df4d75a62e
SHA256 3daf50e5a76afb31eaf3874718f917d80299e15c53043b632f6cc8dbb4e2b672
SHA512 eb7e7aa4e4f0e7fed3f5073d0f3cfe160762ab121a6001811c2cfd463a1ee1864d957020b43c8afe762f81faea8b97ae8d49c63fa46cf502f35449fb07a2033a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll

MD5 35682faf8cf5761bf4d756e7c07aba54
SHA1 1cdf3f46f91a6da58c308422008d4289daadbd48
SHA256 31b3fae83fef7f552c0911148a91ef66fd67bef4b0e4115cac03ac946cb34162
SHA512 b5f5b9b23d807668aaae2a10172342801c65d5cb720d55497fa20ddfd4cce8abb6704d3f1e85568c4e007a5ec7d049d84fbc55951ebbb81e08e1e46c3c780fa6

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll

MD5 5dcc546a949c756589ec38ec953ae109
SHA1 dddfd5a1a4d290b6099017b971908a7abae0d2cc
SHA256 1a912aa6ffd947887d93f5c926e1868c9b9fecfff96f682eac43357114f9e7a6
SHA512 7f6deeed22dc98bf80784800c507fe2883f1b4088bcc4bf161d1a19f0a6e9e0739223158102fb303a178bd64446b6842425d65d9c1393df6ceef758010a7a75f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll

MD5 1eae5e70761ae2b8bfbf48e5914d53d6
SHA1 c5ea5f99ec00b4a85ccd20a7bf5d819b7ff98552
SHA256 cc72a8fc97bd01c4e9d5d5d4365a830d6a094abb5f7c2c8c0101824280d9cef2
SHA512 47d51465a9fd3b58a1d0fc72a3986f951d112357b32fc24a20eb6def1aba6b0ba31299efa93ba6f48558ac0a08617f6d2cf7bbd7f8ff5678d54e863504991c9d

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll

MD5 668bcd195982608cad2182800462632a
SHA1 d2e1861a9ca78c6cdf54fe893e7cfbf264c35a37
SHA256 6c0ebe4696c79b73e408e72655a777d4c0158c444acb79b05c3795a24c77bb48
SHA512 f29db4ce8648f5ac59d6b25ed9f9485ae7010550e3888a2731ebf7559c67b34cbac31c18f1b1e8de95863611ef98c8d139e5a576b63f289066faa7330490a2e3

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll

MD5 52f36653d084095e4fcc86d31d7c506a
SHA1 28cf5da52975452833e801759f548bfee976ed70
SHA256 4721a9d12900224ff7ed19b9ae977dbcc4eec7e5b3dad7e551e961b6bd6bc7c8
SHA512 529de1e2c7878c1c1125d7ad3039cfa8031de9bbdac93a3420720ca1a14ddb689cce1c32a5fc38003292ea0ed61ae408d46fb166fb113c4398342c4317d7d5d4

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll

MD5 2235b94dc1b2202cfa4cac06d4016914
SHA1 c1bc41ea1616fe3e20307019c63f7e100ecd6c5c
SHA256 ab1e6a58ead455b42d95578a1146dfa496d5e41b7d4bae24acd7d29edf8f6e3d
SHA512 4cd89d4c68f8263bf908365db9d8dd3807373d6698284f2a3d39987bd87283b5819ba7e958776428e5c7eb9e2c987d977435c25624533db7837e67115e3a6b40

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe

MD5 8f89efb9169ae55471fdb05ef469343d
SHA1 fd797e4071afe131104c1d29cd0cb606da62f3d5
SHA256 c507b460343920dc0d5860ff93df5b003b96d4543d85bcfc216cd5cc3490af15
SHA512 24bceed2b14580cd0ffafe82252fa4ea599d2f397dd813a8e47eb609abfc269123f00eb198023d38ea9bcaab815e61aabfdeab8936f0ab019c8b8255135c93d7

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll

MD5 aee20ef43cf692c9080c5973b1b79855
SHA1 b3885791b0e122f8360d6fb7c0e0ac7fe4fa14fb
SHA256 31423e905e29c8a40a483e81dae1491990805fa066634d218b35bb96692bef0d
SHA512 eab6684095c0a7555d921fb1a2e136fa1d761c5766c48571000a97403e6d437a3a4833c571f86c039aa8307fb2fc3fae1acffd63085ae9d2ea0d9e7f9ec1ace6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion.pcm

MD5 388728657dd2d77d2257a90b9c935650
SHA1 17c15f9be8b263c52dc165b3395d8d92e72ec313
SHA256 dafa23315ef2893d200a88b65b8f455e788acd616d0634c35385d460f07c6a61
SHA512 5b4b298df61c4bafa4f2b4ffe2193ed331460ed922a17f2abedcd20f6f1b1af8719694299e367af0ba757ec3496d99fc67ff1963e27195ed30a95e5dbe97a2b5

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\percussion_pause.pcm

MD5 fddc411010d812fb444d70781e253ed7
SHA1 70f75fbb27a50f80e78c1c08485928ed0f05b3d9
SHA256 e8c8ae4267e1a14352d631418b4fb16d767e3d42aa9528adb5cf378a219b96f1
SHA512 155176a313b5534963f1166139403301cdebc5ffc082d48058975da4f60e083ef25e21dc262e20f0414aed049b746d630bf668961ca486200c327ebc554c6488

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\archival.pcm

MD5 2da32e501e9720b40d438ff7352a5573
SHA1 e59fdecd75b2c8cb4b26bb4a2b3c622dca8a2e3b
SHA256 5e7d1491e7d6969eb67646f87ab2dbf0ff1d1cb4f5cf631128a305e2b67d4a1b
SHA512 5da2c201bfd01fc1ef1724acb0f6fddd7be39f83b6fff5c80aef71c96f14d30c694da82b1c41183b2b9ab9ef99d45faa657c4f6a984f87a97aef08d9e824ccee

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_3.pcm

MD5 3913cdfca0b0dfad1c11ab3cdb81dcbb
SHA1 92e17b1f78788d5b98bb539aaed018fd72244411
SHA256 f8902a24f7dd5f4355e684ac1cb0029992581c610ad011ed2c900f8957c104ad
SHA512 43d22a611b65e10b9bb4b8405a993a77618c24d8866032672d43911707ac9f6497826cb6c975ae422c7d61412d6bb2d2df0412fc7fadc0e5e5f84ea09c7475ff

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_2.pcm

MD5 d30328c7ec556e0fc8537d1a2316c418
SHA1 bbd09bfd865686297bc06ff35fbd5f56374e3dc3
SHA256 37db0a7b3ab878fcdc1da65dc21c006daba8791c87ae37d000d516cdea9d4804
SHA512 913c7f778f1a954c43c275e544689a528fc4a59d30f1d315359191de60f9bc9544bd322fc6842b63e8931e8f0ee8579f63a3e810f165d92a2f702ad3d8e5b6e2

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_1.pcm

MD5 842932d135c62a4866c698cf415a13d1
SHA1 7977e8280576cdfe14449e0522a824342899e21b
SHA256 1a5eb409a8dd747b37e24b3a7a0c3c8aa7c55778a9bf4a71f4bdf3b5ad298c5d
SHA512 a34ae285e13cf25beb93153f1de77c6bb61941fd4d8f91b9689cb84d37204072ed4ddcf17a7f2319393db6383a949d4d0a8722245116f6aee8ef62524a403e29

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_0.pcm

MD5 285974390c5114e6a8e91a2d63266a38
SHA1 f5b5b5ce959380d0358c463e2dcb9cafbe709843
SHA256 394c441e19f6d34b46baeb7820726f279bc71d21e6911070dbb58e67568ecb9c
SHA512 de85e1fc198fa235bc233cfd45747c30a8247af71b83e8ca30800cd754e6c45ae2d9754e4de0d51e3f2aed26ff8cc829d29374960f3b434e48acbbdf530ebe43

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zNetDiagnostic.dll

MD5 18a134f2e015e4d03115973da7900b43
SHA1 fc5fbd54a9d4992683bdde15278bd56e906c9f93
SHA256 435cfaa48b3b651555f28de512a5104bc7035a7cc467f8ae6c7c1a3dfcd89518
SHA512 69f3b5199bedbf94abeb7d6152b61b74c3cea41c89f718758e88dc2e3be4f9418f34f3643c479775cd797649d186036d73b95e1a064ea21ff985189ccfcb39a9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll

MD5 758d540f6331036d5b3bbd42464c6482
SHA1 358cc73aff6b775f4d1c85c643aadeb48a679caa
SHA256 c2ad38693998e7e79a3dbaa5875b4a6f3af817108df6210b75ecde6720abde3b
SHA512 93a9f09976bdc6bd3b32a7a24026481106997e2f7afc2844213249887d389f1208f9f857ed64b0d37a15043eeefad95c75baf000acdf87d49bf6800e6a0e9bea

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_5.pcm

MD5 532231d1e36ea53a168830033cc0aec5
SHA1 4407c14ffe5b12b7100db43fb011564269f702a0
SHA256 83ef758561576bbaa981e976510b74eeeacc181834064ba7412eaf876cc25290
SHA512 05bb2d8ae7cf3ead9dfbf05fef4983ebfd4f5a8991ba43a92191a1a97b485dcf17e315b9a8d39300c71be7114f15f0113a75c6648fcdfc46b46e6cfd2b3ca0fe

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_4.pcm

MD5 065ce5dc0d49c48589a3eb19603510fc
SHA1 d0852569e60486c2d9206c35be826ac4d23f79be
SHA256 c50e689f830fea83f82c6cb2e5472b3827c5635490f0d2b0e56c346bad616a64
SHA512 c4661a30868376a7ed681d4d984efcbb8af4a7449059f31225c63ce1cc88a3b4a7fba3e3047f2b29a0e0e437e8b4832e888f65ef86ea40c2063aa0f736c61307

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_6.pcm

MD5 a8e1e6ab27026fcc27307250e40dc64a
SHA1 a3d1bcd57edd4aa3f52c259a5b72c120f040d583
SHA256 ffc6da3e558a9b25cc03249f675aff3bd3ac21d54435fa8b23f37cbaf54dded8
SHA512 c82fb729e9aa1fb56efae9b76f42567b871b2626c29945d0e6b51e4f876f43b97b8bc5f0bbaefa56cd8b881def405c6b8a44f331500f169de80aba120c98f766

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_7.pcm

MD5 4f9cb5dbacddb4099469ff30fb61490f
SHA1 0a338b3aaa04309584af7ee0f14f1767afbe1da7
SHA256 79f7a132b33c6525ee483231a53b8298620700ab21343cfa70d716e96fd12b8f
SHA512 488fba0f24d2382dddd25c05531a5f61683f774dd86d41b652ce9473224607de9744a5a4463907930eb3b010e6f97f7b7d1ac5a9daba8453525735d338399a5a

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_star.pcm

MD5 814b4f610592e7d68725f87b04dd5691
SHA1 9e3f0489d1889b3201753730211fb14ea1fc1e21
SHA256 719f8aa3842eef2b413eb8dff026c2b442acf051af040b295af595ef207dc32c
SHA512 929f10fc51e71759d375d82681f6b9106932b27e0cd39fcd0fbacc2359d1907631a912d34958628c651c37617bd4d5d9db93d321f0592c30d0294428890abbd0

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_a.pcm

MD5 6a95093e7fe3117bb1e614fa9727bfdf
SHA1 1df81e069ed43aeaedd8dce9d1c8bf56fa6b96a7
SHA256 d705d27155e39da52d84034389fbc3953d98f2e7a6007c44cf0ea1bdda4b3bb5
SHA512 925d6b17cec73d8ea98ddc3b55d17c6e014a5d4504251563c5d5d55a9b7f8caa43dcc6d7989bbce72a62e1708a54ab7b09bdd84f79da9010bfebf6cff7534c99

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_9.pcm

MD5 cedbfc417b6ea8e076c99471e4d746ad
SHA1 11d95a6490613c3d7f350f5525ae47ddf244a5f0
SHA256 c5e274011991477635400e5a2c81d3b6cc12c50a61267b0ecc70077cb92a9aa7
SHA512 358120f75fb51a89979cbec3c1dd0227e286019025be9308e81f5e2f4c02cd9bb0022bed4db357d42990c5f0503aadb88963d7062382d9cd832440e12a338cd7

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_8.pcm

MD5 a9293ed20c46e09ebb87caf37e92f3be
SHA1 dd6e3ca3ef79d26f71fe432a2d928e9177f13205
SHA256 4c682a59d37c32715d7e82c1592fcfd51ceaaca7fc4464817f74d0c005a02372
SHA512 ae2572da5274f686ab5b2ca05c273e103e037f1b2d21775f86e780a6a4e97f61059387a063e86f276253011bdaf188b2ca20cb29ffca5803fce5cdd9a69f38a6

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\beep_intercom.pcm

MD5 618a307ef3efad70399a6107cb1ce9e3
SHA1 8b42e7fc116a27a3fa868db49b3d0204f42cd913
SHA256 32567197286cbb2dffc282f7cae8d46d13af9d5e83bc98773a836904d244326f
SHA512 3181f538cf34e09de3ced6b702eb55654888b3b533a339eaff97f6f6da9014900f076c76ddd407c0c3736156a896fd23a07952c04c06664103cc74f317b8ea74

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\double_beep.pcm

MD5 a2243b1ddd8cca6c40030020b57c606e
SHA1 9d0084832970caaf750335d5b27a3104623e2275
SHA256 e00dbb2ed88cd107bf384102e1353bb8d3a777dd9624a680579e4267080888d7
SHA512 04ba003ef55787f3d19006e8a3489b861ab86834acec445ec463172f5530fe72472c0bb39f62ff8d0222f388b63a6b2e28f5919fbbccea416654d7cc13f68b49

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\ring_pstn.pcm

MD5 f199df8ed884c5af8fd07aa0e046d19b
SHA1 507ca087de97053c4e65f4576f78157813e6c174
SHA256 0a23d9800db639dd5f40ff0e1ca3df5729df7ab81affd1a02db445b4b0ab235b
SHA512 176a88eb7df30c78442c435f102f865e1f8c8a6d0fa03f1af823cf6b7a3c290e50df229b8775c9234f09a0ab5643410f5e00bb4eae550c13cb59ee3d4147d5f9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll

MD5 0f5b0fd5912e1409db2bf3da52b32016
SHA1 d78762f88877c68a9da345555fc00371cb3fa852
SHA256 70236f16a957583060719fdd11140b1ecb64a095a51ebc00a23472cf66e3a560
SHA512 c6d53698611795bd8d8fa3c64f97503043e815f890091c408bf59b14c80a575a8cf30d651bc60965082630fa116484416c523178abf1089450658cd2485943ac

C:\Users\Admin\AppData\Roaming\Zoom\tmp_bin\pcm\dtmf_hash.pcm

MD5 569480b0dfe8b64b44f72e5740a58230
SHA1 6f4ed602780fdb7c3eda983bcb29007bcd8fbf77
SHA256 1a256021a62abb1386eabe58974db5bac91c622f9fecddc9f87216c102c23628
SHA512 89f6452afa3aee5265de3eac9ce0a5830163187abe6c5415141133a0b9c7ea091dfc198cad0b4662588b8f3785c93e310feccca3200b13af0c15caff7ab45d1a

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dll

MD5 59bc25b2116f83ab0667e73e5889f06d
SHA1 c462e67d56d864d191dbf7db5597e6956e9df9bd
SHA256 e68174b8509389c9322d09dbf815c187959820a4014eb73343a927ee14d9a7c5
SHA512 5608ac2f0d87a61f5f6a0297aaeac98c17a5ba49f46b19814331981c9053bb36b2d8fb45c89262bc46fdb3d0b91cd33b18f171de247e937630cb280c1a7b70f9

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dll

MD5 1141a26bb3d5d4d08a71a4dc59140956
SHA1 bc8bef5650ec8d699aa01eceae626226d9048cde
SHA256 7c7ee6aba7f6f2bd0f288e66fa0b6a2177b68dc3fd88c807ffddba114bb8b6dc
SHA512 dd6193f86796cb13715424849f793744b885fb50506e785f815b23efbb9e84ffde23bdab108540d49b97c71d963f36aa9aff0e7e9c216e6fa27152f909aa6f7f

C:\Users\Admin\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dll

MD5 a56e2d6259263efddd4bb2ba0da1b60f
SHA1 5afc9398ccdc3826bfc3eede97220ba3eab01c09
SHA256 f938a6d3db86452c797b124bfc90f81ad6f7e67c3e57017eb86a2f70a40abcca
SHA512 3f0189c2a55e615c2ed81cabb86928bd3ff1a2d921bd7c523b3d60e371fd71b8124f4c0ac30837f070aa0dfed3df32e54f119bfde16ccf21456073f25cd3dac0

C:\Users\Admin\AppData\Roaming\Zoom\installer.txt

MD5 1b97bab2d898d02c72762fb346e2cb83
SHA1 ee0d4d401438e615009cb4ac592774a8232f80f6
SHA256 71373ad10778617d6d978a59f5a0bcb608235e215677ce9fa94a0af6a35613f9
SHA512 53ada78dd0dd284085b583d42373f11fc3d3f75e6bb1098d6e3c888d5957f2719b45ef2d81be6586f49e2da615fe26f7966deca13535683ca3cc105788bf50c5

C:\Users\Admin\AppData\Roaming\Zoom\bin\ucrtbase.dll

MD5 61eb0ad4c285b60732353a0cb5c9b2ab
SHA1 21a1bea01f6ca7e9828a522c696853706d0a457b
SHA256 10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd
SHA512 44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

C:\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140_1.dll

MD5 ab03551e4ef279abed2d8c4b25f35bb8
SHA1 09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e
SHA256 f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44
SHA512 0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

C:\Users\Admin\AppData\Roaming\Zoom\bin\vcruntime140.dll

MD5 7942be5474a095f673582997ae3054f1
SHA1 e982f6ebc74d31153ba9738741a7eec03a9fa5e8
SHA256 8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c
SHA512 49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

C:\Users\Admin\AppData\Roaming\Zoom\bin\msvcp140.dll

MD5 5cde3aed10412762e83b7fe43694a22b
SHA1 4ffcdf063eafc901105836c27a634530ea614755
SHA256 10ddff48d704c6007e4c2d53fb4856b5e5e79479503366236246a323aaa76e9d
SHA512 fcd7bc262e7bbcbbac9258e31b8d62efb2e601ac1fffac4c86819c8f2aed26fc19403d992a57d48ec92752b2a0a8b04e8204423d6077c7800ea4015f016faa23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c57fa4752fb986df0994b11dd0c0bcf
SHA1 5a14a8d2f3137a98c10a6773f966980054ce1d0c
SHA256 b60b04ddcc200024aa22330cdca966dc24c4cad8d85b4ecde70bd6fc6a04e6aa
SHA512 25e2fb13e89a0f9974c12308d5b69dc805889406d036a21e55e8a8494736ae89402205a2b497e2e6b2bc2236ef641e7d20735218577a634cfd91572255b9d37c

memory/1036-1204-0x00007FFD616F0000-0x00007FFD61C67000-memory.dmp

memory/1036-1206-0x00007FFD5CB20000-0x00007FFD5D5B5000-memory.dmp

memory/1036-1205-0x00007FFD5D5C0000-0x00007FFD5E022000-memory.dmp

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 2abb0d78cec99ee57eef119462fb073c
SHA1 b53c64fa5ba36d9ffeb33962b7735e9829dfbfc2
SHA256 11dc5efe18828338563e3a4038440369483247242740dc1da980c0b36b744902
SHA512 dc5413981bcd69fb169d0c9210bec8de0a5141ff1ca2d9af988123a386d1188a17a6d40b8950ac17ebb50b4f7e1175a9f54f88f2bd3cddfe764bb1fbf674d4bf

C:\Users\Admin\AppData\Roaming\Zoom\data\Zoom.us.ini

MD5 f86e65b96707f1398598fdb5be29702b
SHA1 06bec11a4cdbc8bc0a0584a8d8e7b7c27ebb1b0d
SHA256 06316dc7bb60170c36f69382d8ef4f08f3ba933fbcc25870a6da2bcfe4e18b0e
SHA512 9df9b4d2f9aa6e96885c79e33289cc320a2308d2c7c1b5e9a432c6843f929ee4d8536c55575ff0900158f19dfe7467d235a1033ae8ccb7352298a1533e2338e7

memory/184-1461-0x00007FFD5CB20000-0x00007FFD5D5B5000-memory.dmp

memory/184-1462-0x00007FFD58350000-0x00007FFD5905C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ZLANG~1.7Z{.zmdownload

MD5 db33381b3af5bc18889dea5423257257
SHA1 448db4e634275948ca1917852523f5f88ea1b932
SHA256 f9ae6a6f4ae3475470e432f4e2dca592ecc811881fe4e68d6c5eca575e46c28c
SHA512 7d9761722821e5433130026cc3e1ff9f81ef4990dd1c8f256184a54be08038afdc7d7c5ac96101ef97a6128936e6498ffd394a729086c575a1fa328434a094bc

C:\Users\Admin\AppData\Local\Temp\ZCLIPS~1

MD5 4274ac354b2ee0b4cb538d81f5e72135
SHA1 4b81cecaa9456c1eeeba55b5c9bdaf3d3aa9b89a
SHA256 db6e46e6d3fa49d60e9e555e0580e5d9b44e194ab4cd9130ee0b830f42e8acf3
SHA512 c4fd40e29699a0dee121485d52dd66f4138206fba5f420ec19abbb135fb3c0719b510dbeded9be6cf78a999f7d0208c3c7902add96484d4ad3bb88d01d2ab34b

C:\Users\Admin\AppData\Roaming\Zoom\bin\zPSUI.dll

MD5 a47aa5db4cc3cdf799b86e2ed08c0719
SHA1 bf7e687f0e33547a3ed73d78ac66dd43050f988c
SHA256 9ea5d7f5afd3db12440871544310dcbb26e56bf0de85deefa9bb56c955ee60ed
SHA512 eab45d03613060887aa7f58a73aafef8001a4aca649d789a92ca6926fdb61856785395aca3fe8f7219307fdfe412197a90f2fd271d6a3306df3fe83b8758ae9a

C:\Users\Admin\AppData\Roaming\Zoom\bin\swscale_zm-6.dll

MD5 4d199499920b80bc1f8433532620e9cd
SHA1 db7a43aad718953dabf585c07e8e5b84799ed3f7
SHA256 9f55bddb1d9faccbfef2cbff2912373ba8eb790f150f4cbe0e3740201b47ec5d
SHA512 af11bba084150fe05c9498c8a1db487aca8ccc97d3b07fe7ccc509f66cfeea38356c817960b2b36d628c52fffc62c42d5f64b6d1d6cd820f1edd332aeb0a1286

C:\Users\Admin\AppData\Roaming\Zoom\bin\swresample_zm-4.dll

MD5 452fd68eb9f7eb7e3e1043082eb6f27a
SHA1 0e5583f216e21706c1c5482794276d2f79a1e03e
SHA256 8b9baa966efc331442e7e2045fb0096f90a6f7ae94bcd6598812f237bf651039
SHA512 fd078d3983d9cdf0eebe1e189d07a7d775cab9e71f5695667e5e1a98f3bca116d7090f80e68ae7be92cf3176fef74a04dada6791891e7f45d73c4afef1e400b8

C:\Users\Admin\AppData\Roaming\Zoom\bin\avutil_zm-57.dll

MD5 a919210cf377080c5e123d92e3b35022
SHA1 5713c8a467205fba19ecab99f7a1c38708b9265c
SHA256 e489844cab59b271105cb46523cae5ba464ba12d868f01604b12ea224452de54
SHA512 744ea38ae987d3c0cc8c1791916dca77c9efea43b082d60df7bd42038d4d6317f19911846e9e0bd094e7df561f136b60122e12e252c9cbae5636da3ba54a9a83

C:\Users\Admin\AppData\Roaming\Zoom\bin\avformat_zm-59.dll

MD5 c3518f98db98bb29737f96d398a82a5d
SHA1 b8ec56ac4eaf8c4edac0a39364a33d0ad3d02eb9
SHA256 56ba4d6236f763cc1b25ffb163ee1cb38452e970f9ebc4d50ee0c70064574e86
SHA512 0b9965f26f495099288d7301704d3721c3850082f0adc9d60f3264ab5d8d10860f58f1385c24de08b36dd42d61ecbf7639d6fcc12c19c541bf6b9dbfa53383fa

C:\Users\Admin\AppData\Roaming\Zoom\bin\avcodec_zm-59.dll

MD5 57a9b5aace4b0179a80f2822146dbafc
SHA1 bddef1b82832546d0fb38e11c1947cf537fcd073
SHA256 16c44522acf4016ffce2defbf3aa28a9df6905179c3a1c117c80df741dbdc43c
SHA512 f07d0b3c98487459e1979d0e00d5a8fb9f86500b84355f123a7500ab48cebf4447a73b3b37715fcbe32689ed543d3f10935afd244ee267305bec785161c81a3b

C:\Users\Admin\AppData\Local\Temp\ZCOMPT~1.CAB

MD5 8e4ba552b0a6d148baae7651356ac7f8
SHA1 b7ac331c3f7604eb58d20923e605ba60fa598135
SHA256 e6446bc7330d42dcaf0fca2d85afe2de6981574db36d9dc68121a2351b6f848e
SHA512 a6af6011ceab63d65f4c0888fed842295d1a64a7830c47e0ac4d37ab4c50ce55c49461a71419a63643fd03582553a7ed11e1f5aed11e5955c946e4ffea050274

C:\Users\Admin\AppData\Roaming\Zoom\bin\zPreMeetingApp.dll

MD5 7fee9b1c4a1f6c8745ab6a48dcf8cbd6
SHA1 1585ba72d3f811ce13e0b305e8a4d468be2e3af3
SHA256 f7791d62e004d5515a7b3c041162e3d3959ed80b52130067776bbd9067ddfe14
SHA512 34f59901fe0fe65b2664cb01dc87f7259f7f72969e5e9328a29b875e87b94789109a41f62232c2e8318132c2af842d2f3bec39695e8967aadc299488a54aa552

C:\Users\Admin\AppData\Roaming\Zoom\bin\zAppUISdk.dll

MD5 947b124aaa3197cbf0edb63922614e27
SHA1 786bc30e70e838c045182706e3c4eb9624ae0920
SHA256 acfa8a63019d4e83ee5894cd1659ad33d6fe027a80c39e0fefffa17d5145917b
SHA512 d2675454500b6694e673c2767898dfcd0b574b85af84c781d0ed70b6126409cd20a98113e7caf62c8fb772ee55ac8a6e108328f0bc2e5421f22e15a61a81ee12

C:\Users\Admin\AppData\Roaming\Zoom\bin\zDiagnostic.dll

MD5 18ceedc7102720dea88133eb5a9d27f3
SHA1 5c80226afbd637f85c256442ea4b5160ee43cf1f
SHA256 148f6b189eef9cef589d2384c15cb2e238e0fe4c41a880f4a4d33566899cfa42
SHA512 0a9b52521e2c6f838db5025f0a192cbb6a5d65f349e490922199e5260443dbb1248402f48ffb5eef369f9dc41a3fd161db9a883a9410783bc51dfe381581f959

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Zoom\data\WaitingRoom\02F4A117-4E65-41D4-970C-C8925D733C95_default_image.zmdownload

MD5 2261a7001f0967aec2e8950de1c42d1f
SHA1 0cbe324d7e3dc091c8b8a72d78ab754207329ba1
SHA256 695d9928ecadf0f61266c61863b735d6bf8d0e57c55248543aeb11b6af1c6bf7
SHA512 cc80a3e82ebb2e3ec9aeff7db959044c33f2c0ce9df08519d17d79718325970daa283ce8847e53db2beab6ef59cb69fdc08d36b78d28d98f7ff68e411709254c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 951197f508bcaed3a2eedac8cb7889f9
SHA1 f068b09ac0bbf544e6fbc533b20f6f68388ce0ba
SHA256 938116b2ff4de2360cc982470ff30e88f7583fd33e2c3cf25f9bdd1967e1ae92
SHA512 0a22c05700a5aab7d8c5fa7faebae476761b3e4247bea81b6d9d9413b05018617aee264642fb1190a007b4f34f3bbcb70dec716b9aa19b81091360f51f3f5625

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 78902f7939e107dd3fe498a2ae25721b
SHA1 dd52856529a322d7680a288bacaf9463c891d34d
SHA256 6c9ce79de16b290965cbf56eb8c3a9f2f07ff90661f52f7aede175ff1a9386aa
SHA512 d59a1e5009f0b1179b573ae0d2832f7a9b48002895bfcd654be14c8a217d9b846ab614ab009f0fad309b5c062013a5daecdf13e5e303ee94a00801c26073a74d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 589a21329723f334a36c17b7914e7306
SHA1 a4f59e85677fc152148fc34b19fdaa048ed3ebdd
SHA256 5b31dd9a60a00663b7ad14b7f40a7735ceec0123e95cb4105e3b53b82ee0e920
SHA512 f7bbb50ee76e7b314828ef0358a50c808428ce19323efa7b054aac76aa8d758e303be5056da0fce77dd63d503ed9df6fab9acea4e5204725a4fb5c2053e1d422

C:\Users\Admin\AppData\Local\Zoom\data\emojione_low_20240219.zip

MD5 ba4ba86b9a0a274aeb08d2381960e475
SHA1 2c26ec3d748e96f1adca393090b04a98f17ba4d8
SHA256 119a9b978ebbfa3565b483595c82c5243979ddbf9de49b4246a0f88c4d16c8be
SHA512 acf66606e8fff351736ba68ec0b04dc59ca79dfe50f4336972cb0ebad09679c8e8c982e8cfddcf5919623d1b400c5bff578a760818af2be3d0a1cffacbfbd072

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f1f2-1f1eb.svg

MD5 f8d3c0bef471e7640b5849b87ba7d56f
SHA1 eacf345d95892bae61555e6c5bc81bcea26028ac
SHA256 5b27690c0d0ff60589cd44639e0ccadc35c8c0a77353034b5090d46bab89f23a
SHA512 472ccfa74c68d29ddd92bad21212468cd916d4655c2cc45d9738453f5fe3b3a160d5c0a6662c85e1b5ec7f63ed8fa73806cd62c3a996e8d9b9ba4490e58c3237

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f1f2-1f1eb.png

MD5 e24a5922490ea09bced2c44613107ed6
SHA1 33b14dd8c226a1826161801a71d537042ce1e402
SHA256 9e74533f8c5afa2bbdc06a3972b41bc0181c4c503674156d96f940c2388de7c9
SHA512 33430271daed2578fec0a6774a98457a709de2a599b5aeb35110cb73a57753ef4ee8a2683fdd4128b4d58599fb5616b592ff6ca3c4e72976e72182d29e4cad12

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f1f8-1f1ef.png

MD5 7c500d8f8a6b86b737ffaffce72d0e75
SHA1 dec92c55ac76eeb3a156c937bcaadce2908b73a2
SHA256 eea25ccd8b456a7d28f8736e7eb48bec9cf58a6168233ad0ed2949be10ae52a5
SHA512 94c1950ded281097f35f8d8b164f8f4712eb9b51056680bf3e09a7df804e73b6914e6c7ec16dc320d3354bd5400b3c01ba87b5b362fc83573e0346c35f8350f7

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f1f8-1f1ef.svg

MD5 f7fe36fc9582b6f1aec06c3c73db814a
SHA1 a6e0588f908d6c90dc3e1139e84f10e82614378e
SHA256 60b79284599504b50170ba506dc0198a4b058711058050ecdb1c0c2c617e463e
SHA512 759bd57e7aec253f22e45bbb78ace2666b256e1b0593231ee5a124ab1bfadac1e29fc080e0f83c28c3dc3b449ef2a432c7ab3ae2e567f3763497c1a3f0372475

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f3c2-1f3fd.png

MD5 1f7c872d3697d3839067abba356349c6
SHA1 0a3710417cc88078bc2f6b943a662127cf8e4d08
SHA256 644c6ef33b0f10df4480b63d0516c3adc2f6facd92e474a92b36e3545b48e9cd
SHA512 0d5c2800b68b177c271bae96c6e290cda0b1095fa76e397c8983b2e5caf2598c238849fddcbf04cdd17dc92cbfd998ab0e1a5ee6d08c4cf321f27e404f3c72b0

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f3c2-1f3fd.svg

MD5 78a1987b430e7ed93a0b5e24d775bfbf
SHA1 25713b0457877a92d59a0163c3b49b26a31e8aa3
SHA256 48d68ebb5e24b6a03f8d3de6f219178c78ea5c7075bb00f7cb2909623d38a735
SHA512 cbd0eece4f6522288f3670c203f5112dde50aae0fce683867a47e8c3d3544c9408b206f84bb123a71a28e15ea3bc936551943baf3742f311eeb3f4887ca4e6d1

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f3c7-1f3fd.svg

MD5 2f2d75ad4844b043de6a9466b2243049
SHA1 7d3c79667a3bbf8a1dc6716bebc54a4d1ad8e584
SHA256 f2a20336a2ff3706b8ad123e0c2d053d4c6cc77a8c9879d9ead1cc1aadc563b6
SHA512 1397d5750a7845df9a3e0bc385d518db16beec705684a5905dfcb282ed6a7515ff8dcfc278bb13553f469fa7ad2428aad572974fbfbedf06e2011ce8132d4601

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3fd-1f52c.svg

MD5 a60e9a7b24ce9ab6d0c0957d7d6a65d9
SHA1 9b871da8744c9a798ea4253c51c94a18a77d8aa3
SHA256 f0ed131631098d4105d7876796827037da16b711688b6fe488451e8dd4013d20
SHA512 8ae4d41e5073fdb0fd4104706225b7e734de9d354cf21ee51fb47618bc4215c5ddf0d51c28d5a8279e8c83fd3276cac9ffba6e14950b245e153cad287d256e0b

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3fd-1f680.svg

MD5 7e3467e8140070dbb54f3c730f8c3b5e
SHA1 1d1cb357a9fc85335504cdc1c2629a18fa6113e2
SHA256 d6a92323fa70b50cb0c0afd30fa9fe5ad6c6a6d698b0dc4350bcbc5ab2c7c031
SHA512 29c2a1f28821d97391293f01453f5d96e4c2fd41748b01aaabe56f18a1434aa20aa40ead38d39ad1c09ff7c6d708fad9f773b8f43f3c11b7ba5dec050dbda80b

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3fd-1f692.svg

MD5 6ab9ba64e70c4531b2bf14a0f4a9b9ee
SHA1 b03115c46dfdda9e3e3e2df99e010e0445e114f0
SHA256 b83e0855f895f68b6526d6a5d4625dd58541c7ce45362fef749c076342c8ee23
SHA512 fb6bb47fdcb13f493b73cb228179af72ad414231532e7c53206710d10a66bb417500acadf6211cbebf604df04bb88877c8808b2c06730db63ad01e2107784c4d

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3fd-1f91d-1f468-1f3ff.svg

MD5 735c34515def34f27a7154fed455ea2e
SHA1 7b01c41ad4f90adcb16aa88f5a14d78b8c1f83e3
SHA256 59fae5454e5926bbce5b7c4124021a57b3a02872e2f701bbea9120195fd92e83
SHA512 a5c4986f9d13c3eca29f1bc336767c7f71d675d08170e20871652290d69740810de0200a5fb1b2b2df448eb3e33b88b5e4be033b23de814c80208d1d0cf3fc1a

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3fd-1f9bd.svg

MD5 fc7781dbb545d1ed0e0cf7e0fea1e792
SHA1 6659d41a8053f815157715a71e5ee866272c3e4f
SHA256 7c3b276d2abca816fd4e1b9b8d95fc34996fda262a75622ba0d8ff6f7de0e0f9
SHA512 3d96d7596d3b856a0069eb47254bd6ee8bbf8689052cb74290a79b622b69988fd4471ac7cd29a335172697be95cdb67114268ca0240a00661c1de300793df107

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3fe-1f91d-1f468-1f3fb.svg

MD5 73b97ad95a8461f3f26fd08e18696aa4
SHA1 a2e4a2f24028cf64e44603a4812d498550d3781a
SHA256 d3b32453dd78d825ff4b5d87a120513a7b9bc5c81c4a35d5179aa3c06fe26b5b
SHA512 c539292ac33bed2769090aba2139f6cc809c1be752dc63590f4061698faf23a13928eda3aa1885e21897e9e5042ba09dba51d29d43884495c44af0eab56ff47f

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3fe-1f91d-1f468-1f3fc.svg

MD5 9b40204af1b6a28bb88fc7ffd2ea57f7
SHA1 824ee4ba5ef1bd86373f3cf52d5d6bc89ffe6ba1
SHA256 c144c5d554397a26731f32a9e549cdf334fbc41de2596e084bc65f849beaa4e0
SHA512 ca5f8ac7bbaa90680cc1522a3fd4f0ef633cb020c5cdc212f5128a2ca09f2bff43d32c36c1fc6452aac81d0363f2d51180a16488b7b094662d7e757524e5e292

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3ff-1f91d-1f468-1f3fd.svg

MD5 0efa0e226b7360feca7568589b016d91
SHA1 674b86f0672f480ed7475d13589502a0baf2ecd0
SHA256 4b8f977152adb5b7d55df1942ee6c7964413e51dd6a3d66ad25b6e661f05d02e
SHA512 148aec3dc5c273aa7dbd92f1310024621d39bcd39f72020f300bfd857f6652e292ab12219af2201ef23d0f025633944014b79666ff8f72a505e003dd6c05f741

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f468-1f3ff-1f91d-1f468-1f3fe.svg

MD5 ef29f154a48c86d08cbdbab7572b3880
SHA1 979867f22c49ff27a7aa104b3d96fe4f2dcb1a06
SHA256 a95e0f316041c2dd52c554ab832b0f1103c720fb19512ec28e8a8347626137eb
SHA512 5d4b51221019317b30657474b684723fb4562b8b63fa886f4b88bae07fe97e7b8391c54658badb019ac7c630eee606988cfdae6d100d5a5cb20ac47eac0f1d20

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fb-2764-1f469-1f3fd.svg

MD5 d606bb69825d52fa232142bbdb7f985b
SHA1 1ded24b62be062b9f1c8a5cfa9c848d32339d7cf
SHA256 8668216cc468d471d6e8b094bf1e9cac324d16adc16813529f7fc3b94b84fab7
SHA512 487428414fc0e809660aefdb351da080884fe5061dfb26c692716daabb56e9dd4274ec4ac239094ff847d0393334aad93769eaaa39b66435376b2178667b5bd8

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fc-2764-1f469-1f3fd.svg

MD5 11c10dff05c7f85872f5271ec9736b83
SHA1 ab621f1e66514bb91674b94b643d0ba020428178
SHA256 5f65cf830f17a777ef12a3389030b8b9681165e46e9e3b78917427297839fad5
SHA512 9bba1235cc734c40cb34f3014b28b9b2ebd38e6000d4d624b4220d5358b12f69028217de7db06eeb320a33abcea09bdf9a63bff228c603b2f24df0fa54b9bafa

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fd-1f680.svg

MD5 8ee07bcac94dcf71e0279de998389346
SHA1 817c77b801ca926485663bf7ae600ba162a9eb4d
SHA256 a978d221a399f35ce822a17831140bd52f99b4927b9f10937f4326454a5dd931
SHA512 685908420f4e154a10baac33d1515f8baa6d4fdb22d815369e9fcd30b892a961db0fa21c3eb0e138ace0ca61b519f1771c8aca323b565a2668a988f84cb0003d

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fd-2764-1f469-1f3fd.svg

MD5 2272ac79c299d048406d97dff71d8d36
SHA1 5d49db7362686cd9d04fa8a86b19674832121302
SHA256 9527f0b04ccf0c6633b1644e6d0c0fe24d730f58cbff1d4f8f51e71611341454
SHA512 03ab7e85946062d3a7e6f36fc80836f67a13acfc691fe31e801adf5ef903b296e78456bf03df18861be1254f2265ee283509920748e520d587e142226e19e4f0

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3fd.svg

MD5 6c51ff1981a4ace8c74a90c23b04dbb9
SHA1 7a363f1e8d3e2bd18ebf13aa39e2474569b38a80
SHA256 1f4ce13a13158a72aeae70a39582f45370b3c1386ebe69af95a9e1ed3aff9db7
SHA512 86f7ecb883a4d23f7592b44f26a1d584ab6635c5d6dac16de166cad1d20f3d5c7837bcd9c573d57f2fec64f4bf130b3a2ff51cc5e1942faa55fc5318ad693afb

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3fb.svg

MD5 20a407b1a3f9f733c2481bc07a720e02
SHA1 776f21c31de2320e76d92512320e179ca2ead555
SHA256 db667fcf69cfd628d5c2132b84e1baf54df55296bf074903f94c41dcc3b669e5
SHA512 01dea1eeb77e91a80a59ba68d1c260ad4f324121fd6207626b0fcb25b4027082a64e83fd0890bdec25e4256efc29357439f47d8383389216c0360eb181634597

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f468-1f3ff.svg

MD5 1d6feb3d1dab84ff411803ddc017d242
SHA1 9e0dd2de762aaa367a809ce0561d1f7f6dd8f56f
SHA256 ed280f6d103dbc28bfac0b0cab9ebe4e942fed35afeb2da72760aaf49e3dc5d0
SHA512 5a2c45bde99b07393702270e6329bba5958c9199895c6c6d6039941058e1f05fb494bd49f3d318282d7b1116364c2a1dc103a5d69b1949ea06c5478dc59e4159

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f469-1f3fd.svg

MD5 a7da7cef7a6fd12281b1e4449432d0d6
SHA1 4830693cc4a35d84e0372c81b99cf2cf3c84bbda
SHA256 1a9b5d7e925726c1efea278064a3680e7db975e02ae94571ef49244f9965ea40
SHA512 a4c67899f65ab7241351606747d453c61811e70861cd91fedd9b8dfc1232ba4395dc61f8ce59b4800b7d4596a017af6a8f4a845f7247023e3135a4f37e78b781

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fb.svg

MD5 568f422c37971b93d0ddc7bae6700654
SHA1 a7817d0cbab87c58052b69e4f98916efa0ef76c5
SHA256 ef9fe06c736ba437ad56e3ee0237192fc49aa33df6b740c1e73f0a385d8deace
SHA512 436b3179dace2232471f18a740e205bf4eefa16d51e17bb38e61e890573c2fbaed39ac79762e5c1960c9a6e21a5d632d79351a4cf79bef87a89edb98d85b4659

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fc.svg

MD5 5cbade4f5bb1bc7ef2e86602870b7416
SHA1 13747f011855f3b13233afabaafe95e3d98b0a15
SHA256 80db7ba93c507ad2706a2abc88cea4aa6d3cc2b95a3c28084c66761a36923ff5
SHA512 d944ef268a0ec5886979193694ab39ae90c6891809960e594d8ec65ba949247d0e9d211464d2e5eba37124531fcae8438352813675b04934da33a4ef4884f85f

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fd.svg

MD5 6110897ee9a8172c6759a335a7c731cb
SHA1 664d134854e2559a575436db21bf2d43b916f686
SHA256 2b1d3918282eb77ebfdbc7253a0c71cdbdbe2a3cfdd4b4f3da42ca10b6d2f30c
SHA512 1304265e21e5eac4aad87c83cda67dac345b8bd0d1146c240b686a3524b6e0ae1c35ba360ed318d38f9af474f9e087471b2be38afb5cf9349e847362d3770ac6

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3fe.svg

MD5 d2fdf8b5cb9c5971ac4065cb15654ff9
SHA1 755f6d74cd650f3b5e7f5c409780fd251d9f16e7
SHA256 ff727128f23fdb8307a4752a3176068902efdf4842f06dc5ea1f7991da0ff0b1
SHA512 4c0c2a5491b8836ee872afda22034ab0a116fdef5d410057288c0f1c9513b1ad094cb3f81d180e9e6534dc8785eb55cb1b9cf4e957a223151fbeb87f6f5a5554

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f468-1f3ff.svg

MD5 6afb2712780f4552488392ac6ca95d1b
SHA1 67923ba2ceb5f4621c34e2f460bfa95daf1f6109
SHA256 cd59ba9c3aaf161a12fa5e863a638f4afe59df3def11eebb7838c1339de3e7b3
SHA512 60f40df51776dacfffea813c4e64797944e49f3f1a46caec3ce39bf07b222d3feb1fd903901b86be130c54fedf028f876eb17d7990acc1a4967a86de0d0f5930

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fc.svg

MD5 a3f59b88beb651c150e7de7768709d9f
SHA1 2d0cff322641da70d78183a82422fac199a67797
SHA256 890bfb6808ebbe175580456aecb93e32c9420802b2f5621cdd17fc48acf6c343
SHA512 c447f6b989f4288c2542d76357daeae726cd218af17487482bccc24f532a4f8378d85881fd429165728d7f352bb4042d31090e5b2f93d5174c23cea6e0dc41a1

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fd.svg

MD5 522586e57b24029cf40f2510c81f2189
SHA1 f379229ed47ce65912c915171bfd0ddcd4ba1b86
SHA256 c4609758c8ceffd10011777b56634e63899ebfd6fb67030d57520ef46c2b057c
SHA512 dc359b1ff7e28b491766782edfca51c8e7282d328788ba3c437a88881996dfa7ef084a08c958b4d2f38745ac4f334e850645ff7e42d0c131a4c75a1ebc8ea639

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3fe.svg

MD5 404086eba8b7cc4b8b5b44ec9df3e07b
SHA1 481668caf334af1c4a470cb286047d9d062c3eaf
SHA256 1cfa0c95515f597fe85227dbfc88694acc32bbb14f95149afd8f4f164e6deae6
SHA512 09620638e04eadd7271584acce100b833df9bad0f6cd0cdff256516a314e79ee96f1c4738a98a3b418b391eac70c0337e9b3d471183a2a4c9f2802d25aa3f8bb

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3fe-2764-1f48b-1f469-1f3ff.svg

MD5 50f60f979f5b8918df58d0501b4d7487
SHA1 42a84fec6a296f3b413b7a744ed3e6992f7fa2e3
SHA256 b23f3ccb4901679eecd5bf5e9ea5e029b0321a514bba5551aa1afc483f5cf00c
SHA512 f1733430b43924ea1e5ae5646d79c5bd79eb3602f10e45a44168024e65d6c5f7b28eb195799a8f26a8d495025bc73e3cf277109165e3800577cf8c72a8f6ec74

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3ff-2764-1f468-1f3fe.svg

MD5 0f4f1eef680448dc3265335226c70da2
SHA1 5c71dded562a410791f65ce456610a7145f0d038
SHA256 7c881e18ff73044a0e05d838cb14331c591e874aef47a50828d6d392a0db5f31
SHA512 10e2303e0c11cfb5e44002666b9a5bb85edadff592a479792a6c580defbdc56bf6fba4283f21d6e0af1059693f8679f3d2966a2b40b56f6ab0fc52c073b3e1c2

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f469-1f3ff-2764-1f469-1f3fd.svg

MD5 8f868a263f6b4a796f00e95f9d15fbd7
SHA1 7d083471defacb2bbdf156f251f75755bb188de7
SHA256 df1592e5d8be506a05c38df852ce0fd3b09208939920e0ddbb7d5d108f33b30e
SHA512 c3dc960ae8210ca9d9694d0332d8520397030f685d45e745dc3598b9473f557e0d1c96ed7a9e7e9ec7ab1def29c9128e65277c7d830bfac03b9a79449b2b0a6c

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f47c-1f3fd.svg

MD5 31907a7b5abbf66956cce5ad22f4af36
SHA1 51d28c4fb0becb6ad4ce8339974f569c9f129d3b
SHA256 756a3b424199212f63753a1f2672245a7241c9877a9d65dd263c596c9e9e52e4
SHA512 6c676ee42bd2cd0cd4f7f0703d1fa16ea937ea6efa595456836f43650bba4dfca52bd85c5d7d48db65efd67cf00fc1c4cbd0928739a8a0d49c3f9fc66bceee7d

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f482-1f3fd.svg

MD5 38fb06613dec33a6351b424cdcf9e798
SHA1 84258f41e485bbf36fa16a0f7691aa345c30543f
SHA256 bae702a8a27664f5d7378b7bda228564e8eb87979756800fd8233c7fff7f774a
SHA512 d688ad6e7c87ddf4a5bdec4c21c5be06110c918b6c1a45c88f8781a024ccffb8f17a3ad32224a841879362bd3813d7485fe809e5fe427722b1df93daa6599f7a

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f482-1f3fc-2640.svg

MD5 aa8b34acf3940fb01ad81a331966d9d1
SHA1 09f4e91e539fccd1a161337a0e2c1aea35e9d33e
SHA256 b382cec8be2da96902d0b13040614767f5068e669a42ebf9b633d210c7c75f52
SHA512 17c80f0b1728d7b990988d25ca960cd40adea3be218f8317d7b956501beda4be2014063d6362ff5f2f332d519dbe1b951f6c3eb8e5edaa04375153316e8732a3

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f934-1f3fd.svg

MD5 2c3304dbf27e8b6205b1b315982cad8f
SHA1 a61bb150f6ac5f91ee6003a7f09bbd9c4dd719a2
SHA256 1687f8f975770db3bcd7ff60181a0d9350592dea6d247fac0ca050488bb416a8
SHA512 ad58a0af50afb3833782702a794a23b9257ea71433d7abd79baba186def45a529780614074545c5088c48f3f8a5f9d214df05f07e05224014acfb31487bb6a5e

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9d1-1f3fc-1f3ed.svg

MD5 cda158ec90486e293a00101388fb056e
SHA1 0896e006d0a755dee3491dc3411fa97d574ad940
SHA256 7859e07bb93735b5532862e95b1f4928bc1e7ef186ecf6d8ff7fe354e93cb103
SHA512 411b7c52371031271e4bb2f42a6b49233acd8706cab3240a34fe2cc126d4379deae34697f89adca1df4c8752dc85351292f41af1120f854cebe1264978b78dac

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9d1-1f3fd-1f91d-1f9d1-1f3ff.svg

MD5 c4fc238c34048e2343d2f1d333f442a7
SHA1 d28a3374456d986883a13db2cd6cadf837ad9721
SHA256 27a51afdfb403eb26dceb8e93a6cb81f4b27b10feea67b80deee3b7615ea054f
SHA512 429bae9b278b36fc645839a2edbd8b2cc9ae88ef1403825f8a539b997bc5828b447980ceef5552e4e98f8b12fb3641ec6796b70a7977201e426b57cd6683623e

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9d1-1f3fd-1f52c.svg

MD5 1ee874650b8f60d065c04c24dda98b36
SHA1 a9f7e11278178260b22459d9592dcc74e0dd0f68
SHA256 c208c8c9c35327edcc490a569b768660ad8d363e1a6df57f9ec2d23cf7b3cfa5
SHA512 1404ee708959f84f435ec6b933bd8bb8e5f8112759aa5c5e3e36f24947bc29c54130a59b365fc6ba029af3df2af28c94beeaac66aa22cb400e5601ec1827edd9

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9d1-1f3fe-1f91d-1f9d1-1f3fb.svg

MD5 0be420408cb2e02a9b44994f5531bd54
SHA1 a06b83bfdc3a7148032a74ce0ec1dfae35e04192
SHA256 4c3213d121cd3088cf8011f35febf1da55b0fd12463526c123467c9f66ea0128
SHA512 1e584942195bf05e145d1dd418680bd08d669573edb8c4c2e11a57739e0c8167efcad307e6ed7f937affc082399d54d43b25f3ab26f3feeecec7680d0e6e3700

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9d1-1f3fe-1f91d-1f9d1-1f3fd.svg

MD5 e62b4de2a7185945388326c56cb2b684
SHA1 f1af67ed15c5409bd21550a641f8ee505e02cadd
SHA256 5f864eb3b33162d211cf6f22c4fa31be34a09bd655a23db510a968b3bf6cbb59
SHA512 7ebc4d82fe969be4b4440157f125d130adaf95cfecdf4aa808fa71b0ffc43f3570ffc2ae5b453a4e4211128de80ff08ca5cdc6dfa810ccca2eb9365d6b4559e8

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9da-1f3fd.svg

MD5 b1a6c8f815b476d05e0b208319d946d5
SHA1 fd604b0eb467422a2c2033112358a8d6da60a7b2
SHA256 bdb723ab23ac185b0fb42c9979cb72b93d6c3167ed666c4f39d32228492ead23
SHA512 fbe911dcf98380240b6d52b55b5cddcf714b4df978d94c87dc6c28159ae477a282a5b07b63f9b246e4b1000e79fe5a116684792ba1c9f50fee3eb5065ed186d9

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9dc-1f3fd-2640.svg

MD5 38be49d9c762eebbecb9159b93493180
SHA1 f0034f4ecea3228d316dcd5b2c1aa288529901ff
SHA256 bdfb39589b195ad4e36414bfb8ad249558c55dce74533e9ad8ba87e63371d75c
SHA512 56da800b3e1e4e321528ae37ff5402c4ac89966e25b9fd5452253bda8e21c3913d989869b824c339ee6df54e348685f65ab692e96b2bf72e0b986eb8844c9c9d

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9dc-1f3fd-2642.svg

MD5 1766a43198f64bd18de2e07c2a5e3293
SHA1 80f361eaa5d358e62a682955ef01e276b0547ac5
SHA256 5d9d857ae1f8f5bf207fc53ae02aced36d3956e4935920ccceb86cc7fdee1dfd
SHA512 50fbc7333b587c2ddb8b72fcec371d77651d9a52c961592e22387d7e6fbf93ad9eac7debb87f4f8be55259e2687db7a5d840e2774de96a3baf7b9b6808032e5a

C:\Users\Admin\AppData\Local\Zoom\data\Emojis\1f9dc-1f3fd.svg

MD5 ae020a92111b11fb3de388bc4b244b1f
SHA1 8eeb8aa46c23464932e9f952751391a20a1037e7
SHA256 ac9ef9a5952889dcb438f0eac84fae7c0c8ebf3acceb7b85eb602e14e4e77a60
SHA512 d5d522e808f6b74ef82918103a2a05d6896f9a550c4a7d89f452f65c647e99fe4a6c5faa46ef7a6bf6951cf5d391c2db0ebca2b14bc9d151cf8a2bc88a13e28f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0833e4996adafc19913aee4465a8aaf
SHA1 6ac4e63b4562d26fb5e6ea661ad37580afa3f101
SHA256 4a4c4a834d2d3a947c9e13beaab765c21643fe5fc52edaad15f77c2ab86dde8e
SHA512 dfebf7632258804d708feda21eed6bee632fcee0409f93d0c356c7e33fb5e15e7e5986b81aab837376892c60552422d44333aec1fcf805ccb5d331d477ce922f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92b71fcefcbeafd1f88d6080efd81011
SHA1 635d84527d73dfdc3a95ad2afd7d700c86c4211c
SHA256 54cc57450cdfe82a17045baa261c3fb166878507fd633213ddf8831ce9e14a39
SHA512 290ce3ff8274ae94bc908cb58b292aaa4aff25da84f667ec393ea7b17950a22d4b0e7ec4e1041a6e09ff424debe13e6620461886fb6adf82cc897b750ccae198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27e7ed3809b2a21c8beac9898a20ef65
SHA1 04a928f61d22d85ab75217be516f5ce26fbc689c
SHA256 4a914cbfc904223fb863a638c7015a48453d84ef29dac9918d9abd27590121e0
SHA512 a7c75cae8cf1d833c43520faaa79f34777fdbd64a2ade6865578bf5d1f111c29bfc313aafbd3268f39957539a545f2c7801a42b0d0cf5d0c5c36f8032d1a72fc

memory/5408-16917-0x00007FFD5CB20000-0x00007FFD5D5B5000-memory.dmp

memory/5408-16918-0x00007FFD58350000-0x00007FFD5905C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4f5899b2-cd21-4e69-b2d2-374d9d6c3ccb.tmp

MD5 6bbfa062459a1522c7f30eb6a78c89df
SHA1 808935a71dcf4bd4c6ff0cb643b302e2c44debff
SHA256 d88f2c19196f5cd78b5209ffde011e5e354db3fc4974ecf7a6a7ad45138e8064
SHA512 3e388ef8602e486d77a54efe0bed2f7052dc590428ed2cf5f717246533ce25c657efa86e10c97d5cca7ddd35475d9f0f6fffecb09d093a8c45a8a088aee2fe54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53e0a9b3c0c3449ec3ba74382618d89c
SHA1 d606727576cba69a7f4a55fd428f090ef066650d
SHA256 c5f4f3311d4984c3894239d93446c8fdea3cd7fcabe009a361e21655c2a24c03
SHA512 4ca0ed3dcf629f631052911677f8643403e28c1a4949342d145481546e39aeea1f1e0e83382ce8ef39fb63ef4b2448c166df8f0dfa0e33404aa672d1989e5003

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8f9de521d8721ef96d728f0b6ecbb74
SHA1 c780de18474aa246c21c045e5888077198492dfe
SHA256 c4d2f08ceb0517321edddafecc5cfa57c29e4de88ad933507856bed46c2e078d
SHA512 2c468293e9f66ac364db55984a2ec34d682c3165b746ed0978fa33fdeb589689a2fa723323d6d300ef2b1ddf2172151d66c3e0a0d36db740fb9bb9f05edc0483

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7725657f884f5418dd068f9d89feb8a1
SHA1 1562166dd5fdaa5462f5a6123c45ab8dfad0f032
SHA256 ea3e3c1e5a7fd0fc565eeb5308938ad404f69edc24d78c8c8569426b6204d1e2
SHA512 ab7c669fd8cd54d660fbade227d86ba732e33512c9d8ac555d7d694a342e919eb7160d4af2f023e445b3fc454ce13fe38cd0e43432b58a84a5f48fc51ab5ea87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1baa5d1eb7eb2f636d645245229f91d
SHA1 a7ea7fdebd8b89250d43d80bc177186d4332c5b7
SHA256 d57257468a639a0c7df008f5375c2f9c8a8bdeac042c3890d0b30779a7d018b4
SHA512 e36f54b4f06102c1955af558175523fe6419a5da0284af9c9eb90d0617af1f107eed3afdcfb9937a4dd7885edb2fb027feef8365195516a2654a23b9b755daa4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60049255645c83cac5d80634f70727be
SHA1 796ab08f9547d3f3032cf3f73ee911dfa251dbc9
SHA256 09055c7b659781af9b905ed10543a9a16d1f84a9813db2ebfb9234673f4064c6
SHA512 27932e414fbcce1e1ed8918e33e386dc2beb980e5966c94617df6780f0dd8d43b2512c6f1de0d5abf2d5d5a72e8e2df1cbae20baf357ec08e271fd927df4add6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1f09cf71-c714-4fb5-824c-e5f93304dafd.tmp

MD5 4956b54027b3e6ae5cc1ed39e5598ab1
SHA1 22fd24db6fbff3d9da8030680fa13cf5cf182b99
SHA256 28c4bb11c4021eb2018e1683ba728b72bff2c55d1711e5bf2df2e5fd60c4efbb
SHA512 df2ee118720d9dbb7b6b8aa4e0aa36bd0fe602a6b446920ba5c4a08503df157b774adc957a5a9be3e46629860be7e0264b9aa6ae1f581c17c8fc0d738e59a29f