Windows Analysis Report
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09

Overview

General Information

Sample URL:	https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09
Analysis ID:	1592055
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

PE file contains sections with non-standard names

Stores files to the Windows start menu directory

Classification

Signatures

Source: Unconfirmed 164092.crdownload.0.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_bd7d76cc-a

Source: https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success	HTTP Parser: No favicon
Source: https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success	HTTP Parser: No favicon

Source:

Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\release\Bin\Release\NewZoomWebLauncher.pdb source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09 HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/launch-meeting/meeting.a80ce84ab3be18f8c06b.js HTTP/1.1Host: st1.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/chat-client.js HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/chat-client.js HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/launch-meeting/meeting.a80ce84ab3be18f8c06b.js HTTP/1.1Host: st1.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /static/6.3.30118/js/lib/fingerprintjs-3.3.3.min.js HTTP/1.1Host: us02st3.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/cross-storage.html HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/web-campaign.js?env=us01&apikey=AM_FKF55QOG_vdWum455Vg&lazyLoadCampaignUrl=_blank HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://us02web.zoom.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/6.3.30118/js/lib/fingerprintjs-3.3.3.min.js HTTP/1.1Host: us02st3.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /launch/download/NVQttnGsIS73APtRBxQGfitIchtrSfEawwnAwPWvovJyR2BKLspNZCt36U9Qb782EHKcZLSDkAqyPmxO0hBlXrD3xTU1wIa1uN2cEGOwMg7PrTihYsOcdI8m0LOzrZFsSUPk9zoBLZ_8GN2bqaepc--kD9BHD5mLz46wzD3TSTvXsG8JjII6ORtMYCrv66ApbfDlt9uYPB-dcQSI2P4GXfgmNyd826PMyW7fUra6mvph8nQx-Jinn0HqK3su9Ip8NC6cbhcdUUCSRoMxkcG3C3EJ0e564juBdYv1XxwYoRNIORhgs0r_TwOZ4OuNYJqcIZmtMgyqNq6PW24uZ3YmDT9AQ8j9Z9NKkQMlm54wlzpqiJJDzO1qDLNjtSAw0Wwh4PyggISxWubncRjYep60xud5OGp3Ps6Hezz4k36aHhicXT68iPuxTebNYSYvJXZ1J5r1Zu_3ZmjSJv2CNkUba86HFU9d6gGKnZv2GX6v40QoEb0iGJAGBfw_x6LTd_JDwpJiehwdAESSLyFfbFJF_rzdZigOg6KUDjoeobnM2QZTJPfq4mmdlZZa5SY80ZRIw8FAmBB4lQuljTE8ydf8HcuiOT-C2_9WO3yn_Cog0JCopJ3xdP8V-UbQloxskNXKXMq_CbBDpB3SU4GJ.W2Pb8y6nJ3885ttZ/meeting/GHUZFqYbZAxfpx97V2BLKDkK6F0oLrpk4zZ3.JmDVu_7SylN8L67L/Zoom_launcher.exe HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; cred=D6A65E2EEC0C44AB91522D0F22160E5F; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; __cf_bm=67cTta6x7cBXKcvSlAQyY2hw08nzM5y.M3BIhN4Mysk-1736959935-1.0.1.1-52mhM_IY92jGJlFiuyiu99NOFam8RlQbEstQCQPbQmVRrU_D_t0Lfhs1oxmbR33ocvsrVvcWJs5X7JIfTPbfQw; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/018e6326-944c-770b-9e87-74eaf48b0e06/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/web-campaign.js?env=us01&apikey=AM_FKF55QOG_vdWum455Vg&lazyLoadCampaignUrl=_blank HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otFloatingFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/018e6326-944c-770b-9e87-74eaf48b0e06/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otFloatingFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2025-01-15T16:52:36.268Z; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Jan+15+2025+11%3A52%3A36+GMT-0500+(Eastern+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=03247620-a74a-4fc6-bc81-3cca142d1303&interactionCount=2&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1
Source: global traffic	HTTP traffic detected: GET /request/v1/consentreceipts HTTP/1.1Host: zoom-privacy.my.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2025-01-15T16:52:36.268Z; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Jan+15+2025+11%3A52%3A36+GMT-0500+(Eastern+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=03247620-a74a-4fc6-bc81-3cca142d1303&interactionCount=2&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2025-01-15T16:52:36.268Z; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Jan+15+2025+11%3A52%3A36+GMT-0500+(Eastern+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=03247620-a74a-4fc6-bc81-3cca142d1303&interactionCount=2&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2025-01-15T16:52:36.268Z; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Jan+15+2025+11%3A52%3A36+GMT-0500+(Eastern+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=03247620-a74a-4fc6-bc81-3cca142d1303&interactionCount=2&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: us02web.zoom.us
Source: global traffic	DNS traffic detected: DNS query: st1.zoom.us
Source: global traffic	DNS traffic detected: DNS query: us01ccistatic.zoom.us
Source: global traffic	DNS traffic detected: DNS query: log-gateway.zoom.us
Source: global traffic	DNS traffic detected: DNS query: cdn.cookielaw.org
Source: global traffic	DNS traffic detected: DNS query: us02st3.zoom.us
Source: global traffic	DNS traffic detected: DNS query: geolocation.onetrust.com
Source: global traffic	DNS traffic detected: DNS query: zoom-privacy.my.onetrust.com

Source: unknown

HTTP traffic detected: POST /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveContent-Length: 328sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://us02web.zoom.usSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_84.2.dr, chromecache_92.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://campaign.zoomgov.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://campaign.zoomgovdev.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cci.zoomgov.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cci.zoomgovdev.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cciapi.zoomgov.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cciapi.zoomgovdev.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://ccistatic.zoomgov.com/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://ccistatic.zoomgovdev.com/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://ccizp.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://ccizpapi.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev-zcb.zoomdev.us/static/resource/cci/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev01apizva.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev01campaign.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev01cci.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev01cciapi.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devapizva.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcampaign.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devccistatic.zoomdev.us/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcolo.zoomdev.us
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcoloapizva.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcolocampaign.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcoloccizp.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcoloccizpapi.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://developers.google.com/web/updates/2017/01/scrolling-intervention
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devlog-gateway.zoomdev.us/nws/join/logger/zccfelog
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devoci-cdn-cci.zoomdev.us/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01apizva.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01campaign.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01cci.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01cciapi.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01ccistatic.zoom.us/eu01cci/web-sdk/
Source: chromecache_99.2.dr	String found in binary or memory: https://explore.zoom.us/en/cookie-policy/
Source: chromecache_104.2.dr, chromecache_99.2.dr	String found in binary or memory: https://explore.zoom.us/en/privacy/
Source: chromecache_84.2.dr, chromecache_92.2.dr	String found in binary or memory: https://fingerprintjs.com)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/getting-started/message-distribution
Source: chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/react-intl#runtime-requirements
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/react-intl/api#intlshape
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/tooling/babel-plugin)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/tooling/linter#enforce-id)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/tooling/ts-transformer)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/formatjs/formatjs/issues/1914
Source: chromecache_84.2.dr, chromecache_92.2.dr	String found in binary or memory: https://github.com/karanlyons/murmurHash3.js)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/pmndrs/zustand/discussions/1937
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/unjs/consola?tab=readme-ov-file#log-level
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.38.1/LICENSE
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://go-zcb.zoom.us/static/resource/cci/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://goapizva.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://gocampaign.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://gocci.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://gocciapi.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://goccistatic.zoom.us/gocci/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://log-gateway.zoom.us/nws/join/logger/zccfelog
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://qa01apizva.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://qa01campaign.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://qa01ccizp.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://qa01ccizpapi.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01apizva.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01campaign.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01cci.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01cciapi.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01ccistatic.zoom.us/sa01cci/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://scheduler.acqa.zoomdev.us
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://scheduler.zoom.us
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/de/articles/201362023-System-Requirements
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Support
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Supportopens
Source: chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/es/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/fr/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/pt-br/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/ru/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/zh-cn/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/zh-tw/articles/201362023-System-Requirements
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01-zcb.zoom.us/static/resource/cci/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01apizva.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01campaign.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01cci.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01cciapi.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01ccistatic-cf.zoom.us/us01cci/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01ccistatic.zoom.us/us01cci/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://zcb.zoomdev.us/static/resource/cci/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://zoom.com
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoom.com.cn/
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoom.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://zoom.us
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoom.us/
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoom.us/https://zoom.com/https://zoom.com.cn/https://zoomgov.com/://https:///
Source: chromecache_103.2.dr	String found in binary or memory: https://zoom.us/phonesystem
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoomgov.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: classification engine

Classification label: clean2.win@23/48@32/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\release\Bin\Release\NewZoomWebLauncher.pdb source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr

PE file contains sections with non-standard names

Source: Unconfirmed 164092.crdownload.0.dr	Static PE information: section name: .didat
Source: chromecache_88.2.dr	Static PE information: section name: .didat

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 164092.crdownload			Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 88			Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 88
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 88			Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr

Binary or memory string: {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}{9BE518E6-ECC6-35A9-88E4-87755C07200F}{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}{9A25302D-30C0-39D9-BD6F-21E6EC160475}{A09D5493-0D9F-3211-B3BF-DD7ABBB318C1}{F2E0402D-AA60-32E3-8480-39AD5CE79DF2}{CC1DB186-550F-3CFE-A2A9-EBA5E5A34BC1}{09298F26-A95C-31E2-9D95-2C60F586F075}{31B44A9A-7CFE-3039-AEAE-A664F3C5F7BD}{E3F7F270-4ADD-3DA6-8B35-A924C134D49F}{9B775AA1-7B10-379A-9B16-7E373790568C}{DCB46B42-723F-350E-B18A-449BC6C21636}{09C0A8D5-EEC1-369D-8C7A-2E2DD17DCA5E}{86CE1746-9EFF-3C9C-8755-81EA8903AC34}{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}{820B6609-4C97-3A2B-B644-573B06A0F0CC}{6AFCA4E1-9B78-3640-8F72-A7BF33448200}{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}{402ED4A1-8F5B-387A-8688-997ABF58B8F2}{887868A2-D6DE-3255-AA92-AA0B5A59B874}{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}{57660847-B1F7-35BD-9118-F62EB863A598}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\winsxs\x86_microsoft.vc90.crt_*Software\Microsoft\Windows\CurrentVersion\Internet SettingsSecureProtocols0x-Zoom_Opener_WndPropThis0%% (Error Code: )MESSAGEWNDOBJChangeWindowMessageFilteruser32.dllGrabFocusWindowZoom_Opener_WndPropHandlerZoom_Opener_WndPropHandlerOwnerSTATICSegoe UIArialbuttonWininet.dllInternetCloseHandleInternetCrackUrlAInternetOpenAInternetConnectAInternetSetOptionAInternetQueryOptionAHttpOpenRequestAHttpAddRequestHeadersAHttpSendRequestAInternetErrorDlgHttpQueryInfoAInternetReadFileInternetTimeToSystemTimeADownload-rootCurrent-versionInstaller-namePackage-namePackage-urlInstaller.exeZoomRemoteControl.msiZoom.msivcredist_x86.exe/winhttp.dllwinhttp.dllfile://Zoom.Opener.Win 1.0InternetOpen API failed, error code: InternetConnect API failed, error code: CreateFile API failed, error code: GETPOSTHTTP/1.1HttpOpenRequest API failed, error code: %dHttpSendRequest API failed1, error code: HttpSendRequest API failed, error code: [req_state_read_status_code] zHttpQueryInfo complete, status:[read_response_file] Status Code:, content length: , total read: , error code: [read_response_content] API call zHttpQueryInfo failed, error: [log_response_content] cannot alloc buff, content leng: , Status code: [log_response_content] Content length (1048576 as unknown): , Total read: , Error No: [log_response_content] header:[process_requst] start, url:[process_requst] End for url:, return code:, Error:, Response content size:debug.logGlobal\.\debug.log[:] ***NULL-POINTER-PLACEHOLDER*** Fatal Error, __PrepareLogContent failed, log size:Zoom Video Communications, Inc.Entrust Root Certification AuthorityDigiCerthttp:https:mailto:Shell_TrayWndADVAPI32.dllCreateProcessWithTokenWopenProcessIdToSessionIdKernel32.dllexplorer.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
134.224.0.55	edge-log-gateway-web-158ad3d115123922.elb.us-east-2.amazonaws.com	United States	3479	PEACHNET-AS1US	false
104.18.87.42	cdn.cookielaw.org	United States	13335	CLOUDFLARENETUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.32.137	zoom-privacy.my.onetrust.com	United States	13335	CLOUDFLARENETUS	false
170.114.46.1	us01ccistatic-c.zoom.us	United States	22347	DORSEY-WHITNEYUS	false
170.114.45.1	us02st1.zoom.us	United States	22347	DORSEY-WHITNEYUS	false
170.114.52.3	us02web.zoom.us	United States	22347	DORSEY-WHITNEYUS	false
104.18.86.42	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5
192.168.2.23

Contacted Domains

Name	IP	Active
us02web.zoom.us	170.114.52.3	true
us01ccistatic-c.zoom.us	170.114.46.1	true
st1.zoom.us	170.114.46.1	true
www.google.com	216.58.206.36	true
edge-log-gateway-web-158ad3d115123922.elb.us-east-2.amazonaws.com	134.224.0.55	true
zoom-privacy.my.onetrust.com	104.18.32.137	true
us02st1.zoom.us	170.114.45.1	true
cdn.cookielaw.org	104.18.87.42	true
geolocation.onetrust.com	104.18.32.137	true
log-gateway.zoom.us	unknown	unknown
us01ccistatic.zoom.us	unknown	unknown
us02st3.zoom.us	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/v2/otPcCenter.json	false	high
https://zoom-privacy.my.onetrust.com/request/v1/consentreceipts	false	high
https://us01ccistatic.zoom.us/us01cci/web-sdk/chat-client.js	false	high
https://log-gateway.zoom.us/nws/join/logger/wjmf	false	high
https://cdn.cookielaw.org/consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/018e6326-944c-770b-9e87-74eaf48b0e06/en.json	false	high
https://cdn.cookielaw.org/scripttemplates/6.21.0/otBannerSdk.js	false	high
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09	false	high
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/otFloatingFlat.json	false	high
https://cdn.cookielaw.org/consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json	false	high
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js	false	high
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	false	high
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/otCommonStyles.css	false	high
https://st1.zoom.us/fe-static/launch-meeting/meeting.a80ce84ab3be18f8c06b.js	false	high
https://us02web.zoom.us/launch/download/NVQttnGsIS73APtRBxQGfitIchtrSfEawwnAwPWvovJyR2BKLspNZCt36U9Qb782EHKcZLSDkAqyPmxO0hBlXrD3xTU1wIa1uN2cEGOwMg7PrTihYsOcdI8m0LOzrZFsSUPk9zoBLZ_8GN2bqaepc--kD9BHD5mLz46wzD3TSTvXsG8JjII6ORtMYCrv66ApbfDlt9uYPB-dcQSI2P4GXfgmNyd826PMyW7fUra6mvph8nQx-Jinn0HqK3su9Ip8NC6cbhcdUUCSRoMxkcG3C3EJ0e564juBdYv1XxwYoRNIORhgs0r_TwOZ4OuNYJqcIZmtMgyqNq6PW24uZ3YmDT9AQ8j9Z9NKkQMlm54wlzpqiJJDzO1qDLNjtSAw0Wwh4PyggISxWubncRjYep60xud5OGp3Ps6Hezz4k36aHhicXT68iPuxTebNYSYvJXZ1J5r1Zu_3ZmjSJv2CNkUba86HFU9d6gGKnZv2GX6v40QoEb0iGJAGBfw_x6LTd_JDwpJiehwdAESSLyFfbFJF_rzdZigOg6KUDjoeobnM2QZTJPfq4mmdlZZa5SY80ZRIw8FAmBB4lQuljTE8ydf8HcuiOT-C2_9WO3yn_Cog0JCopJ3xdP8V-UbQloxskNXKXMq_CbBDpB3SU4GJ.W2Pb8y6nJ3885ttZ/meeting/GHUZFqYbZAxfpx97V2BLKDkK6F0oLrpk4zZ3.JmDVu_7SylN8L67L/Zoom_launcher.exe	false	high
https://us01ccistatic.zoom.us/us01cci/web-sdk/cross-storage.html	false	high
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success	false	high
https://us01ccistatic.zoom.us/us01cci/web-sdk/web-campaign.js?env=us01&apikey=AM_FKF55QOG_vdWum455Vg&lazyLoadCampaignUrl=_blank	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2845DA951CEDF0675C94778D4D1EF0E3	6B73790D5BA9E12C7746AB45352F07D616F77381	9A8E6FC7961F6578E0C79ECD64EA32A7B9B0E30E43FAA4431BB2F81458A4E941
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FCC73D32A5BEC5466A02181F90B1A02E	8DB9E1AB4DB8709AF247333B4BBE9120C039F9BD	69AF13450C3FE19149A0374D02C31ADE2263D3C2640ED7D30F10111E7E757C40
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3CE521E752752FA14DBFE79983DF3D90	EDC64C22D64B3CD9B0D457019866F79856F4AC49	8A32A9564EC6C844C398DC1A07184DC4F3CBF60D377C27DFBA0743DE2EE0FBD5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B2A1C773F84580F8FA7D9090B66A04FD	91AFBA7800D754AECB55EC9F22F1377C75233257	CF627FD891E3B539A00E63588A3CA6ABF61C28E424ADF02988799CC830FA9184
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	866FAED155ACEE06042AF4F53C822319	344AD32D8561F8BED62A896AB39088D34C5F3E5A	0C0A86F1B23090CF6D94140E98016CBFB30C39E2DBE253FB66109AC72E7599FD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7B437563A34812C4DB83FA2C07813A2A	E8819BB7080E0A34C0046082261B6151116FBA73	2AEFD1723B87011009F4AED0E188F86AB5E743558A9B127C1DA3946B17B37636
C:\Users\user\Downloads\Unconfirmed 164092.crdownload	PE32 executable (GUI) Intel 80386, for MS Windows	84928D50CA36826F9190E141AA8F2CFB	3F1C682ECA0C9D5B49BFD9ABD41E542E52DF5B68	1ED09BAE10F2216D76D9F3E914D04952C186CB1B23A19574F92D0D014A9F4F05
Chrome Cache Entry: 100	ASCII text, with very long lines (11123)	17F16CE78FB1F5B40AFD42E4351A787C	02E77F9C5B5C4C6BD13D0E0887A720AF03FE8E32	6BE3EFEB998248DB9CC1083AEF162EE483CBDE10B893057E4B5AE1A612C0AE3A
Chrome Cache Entry: 101	JSON data	990FF8ED62A80EB7A80590B866F8D5E6	5FF89EA7B63348360764A10B02AAE576E083F995	29A93D731434E92CD8081BB2AF123C2CEA435D7893245A04134D7FBF713518F9
Chrome Cache Entry: 102	JSON data	E27046DCE354058D26DA10CBF80E006F	9E9EF938DB6DDA64393D2FA413BCC29C469282B8	A47DD11DA2E0DDD463A3B74381FDDE1C6F137BFA02099DB02D9DFB8E11145389
Chrome Cache Entry: 103	ASCII text, with very long lines (65450)	73AF84D01649473798B68E2407F960D4	F118A00C8B2D69AE4554EBFAE1DE03221F9EF27B	E2E197A4570308C21AE58150D8FEA9D1832AC9936358C9E63A18567287DECC8E
Chrome Cache Entry: 104	JSON data	CB9D4B4D23CA5667D487AF37B2FD3AF7	9200010D7B4EBA93ABC5A0E860CA0839173213BB	4CA0EBC338DD47A2E37F9F55A3A3488820F8F7EAB9C2F5928878C40440B42188
Chrome Cache Entry: 78	Unicode text, UTF-8 text, with very long lines (18338)	CBE1343F6D0BB25C834ED945BF359002	44697AE04C01BF9B4DC5C132E4C8F22F6C43DD42	6C771B56F5A8B03487BCA289A9395677ED52E179C8A06169D26B0F14C152E0BF
Chrome Cache Entry: 79	ASCII text, with very long lines (65455)	F115C8FCA9B441635FC753620CC683E7	3DB889C399F6A60807BA77F74FC0380E503DBAF2	0068B328DC886133E94DE712C57B93368F820F34C3DC9562792B36BACE8599C0
Chrome Cache Entry: 80	JSON data	24AA23F9E7A252818A64E7A50E7E8E4D	16E43A853FE019F5AAE249E0CC7F5A8DA3F084A5	584F895BB024B067B440328E4D92BB57ED91C91FCCFDD464D20B078D5E6E2F7C
Chrome Cache Entry: 81	JSON data	B04CD3F8043EF04F417D4B0E4BCBBC03	88F259A4AE3045409B3657E7D7A791D321BA9DCE	59E58524340CD7AD353BE010374B124C242FDDE10A0ED41047FE2FD4BB9E5A2E
Chrome Cache Entry: 82	ASCII text, with very long lines (22445)	CE4983A0A113AA01F62CE9F3E8C4D63D	4565E0AF74D87DAC4D4385BB4B754AC8861B75A9	52E5401F96CA9A7FC38248BF9469BDC7006F53DE52D7ABFEC96F4A39CF665D6D
Chrome Cache Entry: 83	Unicode text, UTF-8 text, with very long lines (18338)	CBE1343F6D0BB25C834ED945BF359002	44697AE04C01BF9B4DC5C132E4C8F22F6C43DD42	6C771B56F5A8B03487BCA289A9395677ED52E179C8A06169D26B0F14C152E0BF
Chrome Cache Entry: 84	Unicode text, UTF-8 text, with very long lines (31575)	EE6E48B4073D72AE88A31205FBBC3CA7	ADE6A96848805A36D898D53E90804E75D86CC8BE	781331C091B62243CA57852A71DB442D0B37E50BB41114407C01E5A535516C50
Chrome Cache Entry: 85	ASCII text, with very long lines (1114)	50F5F1520ECD14BC7C6EC8A33B66C641	0F698A28E869151FAEF55D932D7E5CBAFFC8D8EC	EC92D95885B91D0D4A8E44684AD99D449265346B9CE1AEF1ABB47B868CAF3027
Chrome Cache Entry: 86	ASCII text, with no line terminators	1AE6B27EBA211F4CFCD99B904DA88BB7	53CA38F083C4A21F2EDA633EC304CB4582EDEDA2	961635B4E9661208EC118D285B3AC1DBF9F3CC96CDDC97F30E55CD2C6566448C
Chrome Cache Entry: 87	ASCII text, with very long lines (11123)	17F16CE78FB1F5B40AFD42E4351A787C	02E77F9C5B5C4C6BD13D0E0887A720AF03FE8E32	6BE3EFEB998248DB9CC1083AEF162EE483CBDE10B893057E4B5AE1A612C0AE3A
Chrome Cache Entry: 88	PE32 executable (GUI) Intel 80386, for MS Windows	84928D50CA36826F9190E141AA8F2CFB	3F1C682ECA0C9D5B49BFD9ABD41E542E52DF5B68	1ED09BAE10F2216D76D9F3E914D04952C186CB1B23A19574F92D0D014A9F4F05
Chrome Cache Entry: 89	JSON data	24AA23F9E7A252818A64E7A50E7E8E4D	16E43A853FE019F5AAE249E0CC7F5A8DA3F084A5	584F895BB024B067B440328E4D92BB57ED91C91FCCFDD464D20B078D5E6E2F7C
Chrome Cache Entry: 90	ASCII text, with very long lines (65455)	F115C8FCA9B441635FC753620CC683E7	3DB889C399F6A60807BA77F74FC0380E503DBAF2	0068B328DC886133E94DE712C57B93368F820F34C3DC9562792B36BACE8599C0
Chrome Cache Entry: 91	JSON data	E27046DCE354058D26DA10CBF80E006F	9E9EF938DB6DDA64393D2FA413BCC29C469282B8	A47DD11DA2E0DDD463A3B74381FDDE1C6F137BFA02099DB02D9DFB8E11145389
Chrome Cache Entry: 92	Unicode text, UTF-8 text, with very long lines (31575)	EE6E48B4073D72AE88A31205FBBC3CA7	ADE6A96848805A36D898D53E90804E75D86CC8BE	781331C091B62243CA57852A71DB442D0B37E50BB41114407C01E5A535516C50
Chrome Cache Entry: 93	ASCII text, with very long lines (65450)	73AF84D01649473798B68E2407F960D4	F118A00C8B2D69AE4554EBFAE1DE03221F9EF27B	E2E197A4570308C21AE58150D8FEA9D1832AC9936358C9E63A18567287DECC8E
Chrome Cache Entry: 94	JSON data	990FF8ED62A80EB7A80590B866F8D5E6	5FF89EA7B63348360764A10B02AAE576E083F995	29A93D731434E92CD8081BB2AF123C2CEA435D7893245A04134D7FBF713518F9
Chrome Cache Entry: 95	HTML document, ASCII text, with very long lines (5313)	224BA3D16A1DB8D8F73330E47CF25715	2EB64AB8A16E57BB6C63821137C60C8867372C8D	FA9B26738C2E9625C68571C4B3BC3F60DC8297E2D03836CF9E0C51880411019F
Chrome Cache Entry: 96	ASCII text, with very long lines (1114)	50F5F1520ECD14BC7C6EC8A33B66C641	0F698A28E869151FAEF55D932D7E5CBAFFC8D8EC	EC92D95885B91D0D4A8E44684AD99D449265346B9CE1AEF1ABB47B868CAF3027
Chrome Cache Entry: 97	JSON data	F130E816AF1CC5433347AFA2B84D62B5	DDFB8F6E8F6EFC3426B437F14B89F90F43E9237B	0B49ACACC1499A38E6A2346A0034C0B496DAE396AF3282BFEE9A30B4C702E49D
Chrome Cache Entry: 98	ASCII text, with very long lines (22445)	CE4983A0A113AA01F62CE9F3E8C4D63D	4565E0AF74D87DAC4D4385BB4B754AC8861B75A9	52E5401F96CA9A7FC38248BF9469BDC7006F53DE52D7ABFEC96F4A39CF665D6D
Chrome Cache Entry: 99	JSON data	CB9D4B4D23CA5667D487AF37B2FD3AF7	9200010D7B4EBA93ABC5A0E860CA0839173213BB	4CA0EBC338DD47A2E37F9F55A3A3488820F8F7EAB9C2F5928878C40440B42188

Source: Unconfirmed 164092.crdownload.0.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_bd7d76cc-a

Source: https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success	HTTP Parser: No favicon
Source: https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success	HTTP Parser: No favicon

Source:

Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\release\Bin\Release\NewZoomWebLauncher.pdb source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09 HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/launch-meeting/meeting.a80ce84ab3be18f8c06b.js HTTP/1.1Host: st1.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/chat-client.js HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/chat-client.js HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/launch-meeting/meeting.a80ce84ab3be18f8c06b.js HTTP/1.1Host: st1.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /static/6.3.30118/js/lib/fingerprintjs-3.3.3.min.js HTTP/1.1Host: us02st3.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/cross-storage.html HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/web-campaign.js?env=us01&apikey=AM_FKF55QOG_vdWum455Vg&lazyLoadCampaignUrl=_blank HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://us02web.zoom.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/6.3.30118/js/lib/fingerprintjs-3.3.3.min.js HTTP/1.1Host: us02st3.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /launch/download/NVQttnGsIS73APtRBxQGfitIchtrSfEawwnAwPWvovJyR2BKLspNZCt36U9Qb782EHKcZLSDkAqyPmxO0hBlXrD3xTU1wIa1uN2cEGOwMg7PrTihYsOcdI8m0LOzrZFsSUPk9zoBLZ_8GN2bqaepc--kD9BHD5mLz46wzD3TSTvXsG8JjII6ORtMYCrv66ApbfDlt9uYPB-dcQSI2P4GXfgmNyd826PMyW7fUra6mvph8nQx-Jinn0HqK3su9Ip8NC6cbhcdUUCSRoMxkcG3C3EJ0e564juBdYv1XxwYoRNIORhgs0r_TwOZ4OuNYJqcIZmtMgyqNq6PW24uZ3YmDT9AQ8j9Z9NKkQMlm54wlzpqiJJDzO1qDLNjtSAw0Wwh4PyggISxWubncRjYep60xud5OGp3Ps6Hezz4k36aHhicXT68iPuxTebNYSYvJXZ1J5r1Zu_3ZmjSJv2CNkUba86HFU9d6gGKnZv2GX6v40QoEb0iGJAGBfw_x6LTd_JDwpJiehwdAESSLyFfbFJF_rzdZigOg6KUDjoeobnM2QZTJPfq4mmdlZZa5SY80ZRIw8FAmBB4lQuljTE8ydf8HcuiOT-C2_9WO3yn_Cog0JCopJ3xdP8V-UbQloxskNXKXMq_CbBDpB3SU4GJ.W2Pb8y6nJ3885ttZ/meeting/GHUZFqYbZAxfpx97V2BLKDkK6F0oLrpk4zZ3.JmDVu_7SylN8L67L/Zoom_launcher.exe HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; cred=D6A65E2EEC0C44AB91522D0F22160E5F; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; __cf_bm=67cTta6x7cBXKcvSlAQyY2hw08nzM5y.M3BIhN4Mysk-1736959935-1.0.1.1-52mhM_IY92jGJlFiuyiu99NOFam8RlQbEstQCQPbQmVRrU_D_t0Lfhs1oxmbR33ocvsrVvcWJs5X7JIfTPbfQw; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/018e6326-944c-770b-9e87-74eaf48b0e06/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /us01cci/web-sdk/web-campaign.js?env=us01&apikey=AM_FKF55QOG_vdWum455Vg&lazyLoadCampaignUrl=_blank HTTP/1.1Host: us01ccistatic.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otFloatingFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/018e6326-944c-770b-9e87-74eaf48b0e06/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otFloatingFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2025-01-15T16:52:36.268Z; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Jan+15+2025+11%3A52%3A36+GMT-0500+(Eastern+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=03247620-a74a-4fc6-bc81-3cca142d1303&interactionCount=2&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1
Source: global traffic	HTTP traffic detected: GET /request/v1/consentreceipts HTTP/1.1Host: zoom-privacy.my.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2025-01-15T16:52:36.268Z; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Jan+15+2025+11%3A52%3A36+GMT-0500+(Eastern+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=03247620-a74a-4fc6-bc81-3cca142d1303&interactionCount=2&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2025-01-15T16:52:36.268Z; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Jan+15+2025+11%3A52%3A36+GMT-0500+(Eastern+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=03247620-a74a-4fc6-bc81-3cca142d1303&interactionCount=2&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us02_c_SFQwm4rRR8OUrShgz9TjzA; _zm_ctaid=4J7wOREPR5OGJglykil80w.1736959935500.a5509aa6facc2f34b4d112f297127fab; _zm_chtaid=950; _zm_mtk_guid=ebea9523c308405bac6127ddee555441; _zm_join_utid=UTID_529f8a41c6d348a79e0c6b647fedb8d5; _zm_csp_script_nonce=ebcM75JMShOsSx92wydXgQ; _zm_currency=USD; _zm_visitor_guid=eeeb5ae0ad03489da54c24d29a398b13; _zm_fingerprint=72dd840eb310f0b1b6f4f68e25296d97; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2025-01-15T16:52:36.268Z; OptanonConsent=isGpcEnabled=0&datestamp=Wed+Jan+15+2025+11%3A52%3A36+GMT-0500+(Eastern+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=03247620-a74a-4fc6-bc81-3cca142d1303&interactionCount=2&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: us02web.zoom.us
Source: global traffic	DNS traffic detected: DNS query: st1.zoom.us
Source: global traffic	DNS traffic detected: DNS query: us01ccistatic.zoom.us
Source: global traffic	DNS traffic detected: DNS query: log-gateway.zoom.us
Source: global traffic	DNS traffic detected: DNS query: cdn.cookielaw.org
Source: global traffic	DNS traffic detected: DNS query: us02st3.zoom.us
Source: global traffic	DNS traffic detected: DNS query: geolocation.onetrust.com
Source: global traffic	DNS traffic detected: DNS query: zoom-privacy.my.onetrust.com

Source: unknown

Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: chromecache_88.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_84.2.dr, chromecache_92.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://campaign.zoomgov.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://campaign.zoomgovdev.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cci.zoomgov.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cci.zoomgovdev.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cciapi.zoomgov.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://cciapi.zoomgovdev.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://ccistatic.zoomgov.com/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://ccistatic.zoomgovdev.com/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://ccizp.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://ccizpapi.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev-zcb.zoomdev.us/static/resource/cci/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev01apizva.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev01campaign.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev01cci.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://dev01cciapi.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devapizva.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcampaign.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devccistatic.zoomdev.us/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcolo.zoomdev.us
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcoloapizva.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcolocampaign.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcoloccizp.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devcoloccizpapi.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://developers.google.com/web/updates/2017/01/scrolling-intervention
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devlog-gateway.zoomdev.us/nws/join/logger/zccfelog
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://devoci-cdn-cci.zoomdev.us/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01apizva.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01campaign.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01cci.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01cciapi.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://eu01ccistatic.zoom.us/eu01cci/web-sdk/
Source: chromecache_99.2.dr	String found in binary or memory: https://explore.zoom.us/en/cookie-policy/
Source: chromecache_104.2.dr, chromecache_99.2.dr	String found in binary or memory: https://explore.zoom.us/en/privacy/
Source: chromecache_84.2.dr, chromecache_92.2.dr	String found in binary or memory: https://fingerprintjs.com)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/getting-started/message-distribution
Source: chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/react-intl#runtime-requirements
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/react-intl/api#intlshape
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/tooling/babel-plugin)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/tooling/linter#enforce-id)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://formatjs.io/docs/tooling/ts-transformer)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/formatjs/formatjs/issues/1914
Source: chromecache_84.2.dr, chromecache_92.2.dr	String found in binary or memory: https://github.com/karanlyons/murmurHash3.js)
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/pmndrs/zustand/discussions/1937
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://github.com/unjs/consola?tab=readme-ov-file#log-level
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.38.1/LICENSE
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://go-zcb.zoom.us/static/resource/cci/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://goapizva.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://gocampaign.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://gocci.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://gocciapi.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://goccistatic.zoom.us/gocci/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://log-gateway.zoom.us/nws/join/logger/zccfelog
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://qa01apizva.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://qa01campaign.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://qa01ccizp.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://qa01ccizpapi.zoomdev.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01apizva.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01campaign.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01cci.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01cciapi.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://sa01ccistatic.zoom.us/sa01cci/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://scheduler.acqa.zoomdev.us
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://scheduler.zoom.us
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/de/articles/201362023-System-Requirements
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Support
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Supportopens
Source: chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/es/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/fr/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/pt-br/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/ru/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/zh-cn/articles/201362023-System-Requirements
Source: chromecache_93.2.dr, chromecache_103.2.dr	String found in binary or memory: https://support.zoom.us/hc/zh-tw/articles/201362023-System-Requirements
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01-zcb.zoom.us/static/resource/cci/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01apizva.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01campaign.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01cci.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01cciapi.zoom.us/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01ccistatic-cf.zoom.us/us01cci/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://us01ccistatic.zoom.us/us01cci/web-sdk/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://zcb.zoomdev.us/static/resource/cci/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://zoom.com
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoom.com.cn/
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoom.com/
Source: chromecache_96.2.dr, chromecache_85.2.dr	String found in binary or memory: https://zoom.us
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoom.us/
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoom.us/https://zoom.com/https://zoom.com.cn/https://zoomgov.com/://https:///
Source: chromecache_103.2.dr	String found in binary or memory: https://zoom.us/phonesystem
Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr	String found in binary or memory: https://zoomgov.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: classification engine

Classification label: clean2.win@23/48@32/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\release\Bin\Release\NewZoomWebLauncher.pdb source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr

PE file contains sections with non-standard names

Source: Unconfirmed 164092.crdownload.0.dr	Static PE information: section name: .didat
Source: chromecache_88.2.dr	Static PE information: section name: .didat

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 164092.crdownload			Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 88			Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 88
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 88			Jump to dropped file

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: Unconfirmed 164092.crdownload.0.dr, chromecache_88.2.dr

ID:	1592055
Product:	CloudBasic
Start time:	17:51:11
Start date:	15.01.2025
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09