IOC Report
https://www.google.com/url?q=https://applications.zoom.us/addon/invitation/detail?meetingUuid%3D%252BJAY6v2LTHmCN%252BShxcZDnQ%253D%253D%26signature%3D3288f1e4a8dadc19f455cf0c9fcd93e4ca744f6fbd470f8518e31fe5fabf532c%26v%3D1&sa=D&source=calendar&usg=AOvVaw0T2-fu4h5tPwbdCU2y2lCO

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Downloads\12ff91c6-4bc3-464a-b924-5c44a704daed.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Downloads\Unconfirmed 28383.crdownload
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2908_1188347066\LICENSE
ASCII text
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2908_1188347066\_metadata\verified_contents.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2908_1188347066\manifest.fingerprint
ASCII text, with no line terminators
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2908_1188347066\manifest.json
JSON data
dropped
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2908_1188347066\sets.json
JSON data
dropped
Chrome Cache Entry: 129
ASCII text, with very long lines (65450)
dropped
Chrome Cache Entry: 130
Unicode text, UTF-8 text, with very long lines (17898)
downloaded
Chrome Cache Entry: 131
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 132
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 133
JSON data
dropped
Chrome Cache Entry: 134
JSON data
downloaded
Chrome Cache Entry: 135
ASCII text, with very long lines (22445)
dropped
Chrome Cache Entry: 136
Unicode text, UTF-8 text, with very long lines (17898)
dropped
Chrome Cache Entry: 137
ASCII text, with very long lines (1114)
dropped
Chrome Cache Entry: 138
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 139
ASCII text, with very long lines (20654), with no line terminators
dropped
Chrome Cache Entry: 140
JSON data
downloaded
Chrome Cache Entry: 141
ASCII text, with very long lines (65536), with no line terminators
dropped
Chrome Cache Entry: 142
JSON data
downloaded
Chrome Cache Entry: 143
ASCII text, with very long lines (65450)
downloaded
Chrome Cache Entry: 144
JSON data
dropped
Chrome Cache Entry: 145
HTML document, ASCII text, with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 146
HTML document, ASCII text, with very long lines (5171)
downloaded
Chrome Cache Entry: 147
Unicode text, UTF-8 text, with very long lines (31575)
downloaded
Chrome Cache Entry: 148
Unicode text, UTF-8 text, with very long lines (31575)
dropped
Chrome Cache Entry: 149
ASCII text, with very long lines (1114)
downloaded
Chrome Cache Entry: 150
JSON data
dropped
Chrome Cache Entry: 151
ASCII text, with very long lines (22445)
downloaded
Chrome Cache Entry: 152
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 153
JSON data
downloaded
Chrome Cache Entry: 154
ASCII text, with very long lines (20654), with no line terminators
downloaded
Chrome Cache Entry: 155
HTML document, Unicode text, UTF-8 text
downloaded
Chrome Cache Entry: 156
PE32 executable (GUI) Intel 80386, for MS Windows
downloaded
Chrome Cache Entry: 157
JSON data
downloaded
Chrome Cache Entry: 158
JSON data
dropped
Chrome Cache Entry: 159
PNG image data, 240 x 54, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 160
PNG image data, 240 x 54, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 161
JSON data
dropped
There are 31 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,17811650983729990506,3976685601423945229,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?q=https://applications.zoom.us/addon/invitation/detail?meetingUuid%3D%252BJAY6v2LTHmCN%252BShxcZDnQ%253D%253D%26signature%3D3288f1e4a8dadc19f455cf0c9fcd93e4ca744f6fbd470f8518e31fe5fabf532c%26v%3D1&sa=D&source=calendar&usg=AOvVaw0T2-fu4h5tPwbdCU2y2lCO"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=2208,i,17811650983729990506,3976685601423945229,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://www.google.com/url?q=https://applications.zoom.us/addon/invitation/detail?meetingUuid%3D%252BJAY6v2LTHmCN%252BShxcZDnQ%253D%253D%26signature%3D3288f1e4a8dadc19f455cf0c9fcd93e4ca744f6fbd470f8518e31fe5fabf532c%26v%3D1&sa=D&source=calendar&usg=AOvVaw0T2-fu4h5tPwbdCU2y2lCO
https://formatjs.io/docs/react-intl/api#intlshape
unknown
https://wieistmeineip.de
unknown
https://mercadoshops.com.co
unknown
https://mercadolivre.com
unknown
https://sa01cciapi.zoom.us/
unknown
https://medonet.pl
unknown
https://zoom-privacy.my.onetrust.com/request/v1/consentreceipts
104.18.32.137
https://mercadoshops.com.br
unknown
https://johndeere.com
unknown
https://baomoi.com
unknown
https://elfinancierocr.com
unknown
https://bolasport.com
unknown
https://us01cciapi.zoom.us/
unknown
https://desimartini.com
unknown
https://hearty.app
unknown
https://mercadoshops.com
unknown
https://nlc.hu
unknown
https://p106.net
unknown
https://goapizva.zoom.us/
unknown
https://radio2.be
unknown
https://eu01apizva.zoom.us/
unknown
https://songshare.com
unknown
https://smaker.pl
unknown
https://p24.hu
unknown
http://momentjs.com/guides/#/warnings/zone/
unknown
https://applications.zoom.us/addon/invitation/detail?meetingUuid=%2BJAY6v2LTHmCN%2BShxcZDnQ%3D%3D&am
unknown
https://24.hu
unknown
https://cdn.cookielaw.org/scripttemplates/6.21.0/otBannerSdk.js
104.18.87.42
https://support.zoom.us/hc/zh-tw/articles/201362023-System-Requirements
unknown
https://mightytext.net
unknown
https://hazipatika.com
unknown
https://joyreactor.com
unknown
https://wildixin.com
unknown
https://eworkbookcloud.com
unknown
https://chennien.com
unknown
https://drimer.travel
unknown
https://support.zoom.us/hc/ru/articles/201362023-System-Requirements
unknown
https://mercadopago.cl
unknown
https://naukri.com
unknown
http://www.opensource.org/licenses/mit-license.php)
unknown
https://interia.pl
unknown
https://bonvivir.com
unknown
https://sapo.io
unknown
https://wpext.pl
unknown
https://cci.zoomgov.com/
unknown
https://welt.de
unknown
https://ccizp.zoomdev.us/
unknown
https://poalim.site
unknown
https://drimer.io
unknown
https://infoedgeindia.com
unknown
https://blackrockadvisorelite.it
unknown
https://cognitive-ai.ru
unknown
http://momentjs.com/timezone/docs/#/data-loading/.
unknown
https://qa01apizva.zoomdev.us/
unknown
https://cafemedia.com
unknown
https://graziadaily.co.uk
unknown
https://thirdspace.org.au
unknown
https://mercadoshops.com.ar
unknown
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
104.18.87.42
http://momentjs.com/guides/#/warnings/min-max/
unknown
https://formatjs.io/docs/getting-started/message-distribution
unknown
https://support.zoom.us/hc/zh-cn/articles/201362023-System-Requirements
unknown
https://commentcamarche.com
unknown
https://rws3nvtvt.com
unknown
https://mercadolivre.com.br
unknown
https://clmbtech.com
unknown
https://salemovefinancial.com
unknown
https://mercadopago.com.br
unknown
https://eu01campaign.zoom.us/
unknown
https://commentcamarche.net
unknown
https://ccizpapi.zoomdev.us/
unknown
https://hj.rs
unknown
https://hearty.me
unknown
https://mercadolibre.com.gt
unknown
https://devlog-gateway.zoomdev.us/nws/join/logger/zccfelog
unknown
https://indiatodayne.in
unknown
https://idbs-staging.com
unknown
https://mercadolibre.co.cr
unknown
https://prisjakt.no
unknown
https://kompas.com
unknown
https://wingify.com
unknown
https://player.pl
unknown
https://mercadopago.com.ar
unknown
https://mercadolibre.com.hn
unknown
https://tucarro.com.co
unknown
https://een.be
unknown
https://terazgotuje.pl
unknown
http://momentjs.com/guides/#/warnings/dst-shifted/
unknown
https://devcoloccizpapi.zoomdev.us/
unknown
https://github.com/pmndrs/zustand/discussions/1937
unknown
https://formatjs.io/docs/react-intl#runtime-requirements
unknown
https://us01ccistatic.zoom.us/us01cci/web-sdk/web-campaign.js?env=us01&apikey=AM_FKF55QOG_vdWum455Vg&lazyLoadCampaignUrl=_blank
52.84.151.49
https://intoday.in
unknown
https://carcostadvisor.com
unknown
https://mercadopago.com.co
unknown
https://caracoltv.com
unknown
https://mercadolibre.com
unknown
https://rfpio.zoom.us/j/95410083827?pwd=Tcnpsb4vu5xFoif9ebNCcokKFaPuxe.1
170.114.52.2
https://dev01campaign.zoomdev.us/
unknown
https://mittanbud.no
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
us01ccistatic.zoom.us
52.84.151.49
applications.zoom.us
170.114.52.74
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.zoom.us
170.114.52.2
zoom-privacy.my.onetrust.com
104.18.32.137
fp2e7a.wpc.phicdn.net
192.229.221.95
aw1vaapplications.zoom.us
170.114.12.132
edge-log-gateway-web-2f8111e8e5387748.elb.us-east-1.amazonaws.com
170.114.65.138
st1.zoom.us
170.114.45.1
www.google.com
142.250.186.100
cdn.cookielaw.org
104.18.87.42
geolocation.onetrust.com
104.18.32.137
windowsupdatebg.s.llnwi.net
178.79.238.128
log-gateway.zoom.us
unknown
st3.zoom.us
unknown
rfpio.zoom.us
unknown
There are 6 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.7
unknown
unknown
192.168.2.4
unknown
unknown
170.114.65.137
unknown
United States
192.168.2.6
unknown
unknown
170.114.65.138
edge-log-gateway-web-2f8111e8e5387748.elb.us-east-1.amazonaws.com
United States
104.18.32.137
zoom-privacy.my.onetrust.com
United States
52.84.151.54
unknown
United States
170.114.52.74
applications.zoom.us
United States
104.18.87.42
cdn.cookielaw.org
United States
170.114.52.2
www.zoom.us
United States
172.64.155.119
unknown
United States
52.84.151.49
us01ccistatic.zoom.us
United States
239.255.255.250
unknown
Reserved
170.114.46.1
unknown
United States
170.114.12.132
aw1vaapplications.zoom.us
United States
170.114.45.1
st1.zoom.us
United States
142.250.186.100
www.google.com
United States
170.114.12.133
unknown
United States
104.18.86.42
unknown
United States
There are 9 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://www.google.com/url?q=https://applications.zoom.us/addon/invitation/detail?meetingUuid%3D%252BJAY6v2LTHmCN%252BShxcZDnQ%253D%253D%26signature%3D3288f1e4a8dadc19f455cf0c9fcd93e4ca744f6fbd470f8518e31fe5fabf532c%26v%3D1&sa=D&source=calendar&usg=AOvVaw0T2-fu4h5tPwbdCU2y2lCO
https://applications.zoom.us/addon/invitation/detail?meetingUuid=%2BJAY6v2LTHmCN%2BShxcZDnQ%3D%3D&signature=3288f1e4a8dadc19f455cf0c9fcd93e4ca744f6fbd470f8518e31fe5fabf532c&v=1
https://rfpio.zoom.us/j/95410083827?pwd=Tcnpsb4vu5xFoif9ebNCcokKFaPuxe.1#success
https://rfpio.zoom.us/j/95410083827?pwd=Tcnpsb4vu5xFoif9ebNCcokKFaPuxe.1#success
https://rfpio.zoom.us/j/95410083827?pwd=Tcnpsb4vu5xFoif9ebNCcokKFaPuxe.1#success