IOC Report
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 15:52:10 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\Downloads\Unconfirmed 164092.crdownload
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
Chrome Cache Entry: 100
ASCII text, with very long lines (11123)
downloaded
Chrome Cache Entry: 101
JSON data
downloaded
Chrome Cache Entry: 102
JSON data
dropped
Chrome Cache Entry: 103
ASCII text, with very long lines (65450)
dropped
Chrome Cache Entry: 104
JSON data
dropped
Chrome Cache Entry: 78
Unicode text, UTF-8 text, with very long lines (18338)
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (65455)
downloaded
Chrome Cache Entry: 80
JSON data
dropped
Chrome Cache Entry: 81
JSON data
downloaded
Chrome Cache Entry: 82
ASCII text, with very long lines (22445)
dropped
Chrome Cache Entry: 83
Unicode text, UTF-8 text, with very long lines (18338)
dropped
Chrome Cache Entry: 84
Unicode text, UTF-8 text, with very long lines (31575)
dropped
Chrome Cache Entry: 85
ASCII text, with very long lines (1114)
dropped
Chrome Cache Entry: 86
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 87
ASCII text, with very long lines (11123)
dropped
Chrome Cache Entry: 88
PE32 executable (GUI) Intel 80386, for MS Windows
downloaded
Chrome Cache Entry: 89
JSON data
downloaded
Chrome Cache Entry: 90
ASCII text, with very long lines (65455)
dropped
Chrome Cache Entry: 91
JSON data
downloaded
Chrome Cache Entry: 92
Unicode text, UTF-8 text, with very long lines (31575)
downloaded
Chrome Cache Entry: 93
ASCII text, with very long lines (65450)
downloaded
Chrome Cache Entry: 94
JSON data
dropped
Chrome Cache Entry: 95
HTML document, ASCII text, with very long lines (5313)
downloaded
Chrome Cache Entry: 96
ASCII text, with very long lines (1114)
downloaded
Chrome Cache Entry: 97
JSON data
dropped
Chrome Cache Entry: 98
ASCII text, with very long lines (22445)
downloaded
Chrome Cache Entry: 99
JSON data
downloaded
There are 25 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=2516,i,15545475571777590935,5594633485127959606,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09
https://dev-zcb.zoomdev.us/static/resource/cci/
unknown
https://dev01campaign.zoomdev.us/
unknown
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/v2/otPcCenter.json
104.18.87.42
https://formatjs.io/docs/react-intl/api#intlshape
unknown
https://github.com/zloirock/core-js
unknown
https://sa01cciapi.zoom.us/
unknown
https://zoom-privacy.my.onetrust.com/request/v1/consentreceipts
104.18.32.137
https://devoci-cdn-cci.zoomdev.us/web-sdk/
unknown
https://us01ccistatic.zoom.us/us01cci/web-sdk/chat-client.js
170.114.46.1
https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Support
unknown
https://devcolocampaign.zoomdev.us/
unknown
https://devcoloapizva.zoomdev.us/
unknown
https://us01cciapi.zoom.us/
unknown
https://gocampaign.zoom.us/
unknown
https://formatjs.io/docs/tooling/linter#enforce-id)
unknown
https://log-gateway.zoom.us/nws/join/logger/wjmf
134.224.0.55
https://cci.zoomgovdev.com/
unknown
https://goapizva.zoom.us/
unknown
https://developers.google.com/web/updates/2017/01/scrolling-intervention
unknown
https://scheduler.zoom.us
unknown
https://eu01apizva.zoom.us/
unknown
https://qa01ccizpapi.zoomdev.us/
unknown
https://formatjs.io/docs/tooling/babel-plugin)
unknown
https://cdn.cookielaw.org/consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/018e6326-944c-770b-9e87-74eaf48b0e06/en.json
104.18.87.42
https://zcb.zoomdev.us/static/resource/cci/
unknown
https://zoom.com.cn/
unknown
https://cciapi.zoomgov.com/
unknown
https://zoom.us/
unknown
https://cdn.cookielaw.org/scripttemplates/6.21.0/otBannerSdk.js
104.18.87.42
https://support.zoom.us/hc/es/articles/201362023-System-Requirements
unknown
https://support.zoom.us/hc/zh-tw/articles/201362023-System-Requirements
unknown
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09
170.114.52.3
https://qa01ccizp.zoomdev.us/
unknown
https://support.zoom.us/hc/ru/articles/201362023-System-Requirements
unknown
https://eu01cciapi.zoom.us/
unknown
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/otFloatingFlat.json
104.18.87.42
https://github.com/karanlyons/murmurHash3.js)
unknown
https://goccistatic.zoom.us/gocci/web-sdk/
unknown
https://zoom.us/https://zoom.com/https://zoom.com.cn/https://zoomgov.com/://https:///
unknown
http://www.opensource.org/licenses/mit-license.php)
unknown
https://support.zoom.us/hc/pt-br/articles/201362023-System-Requirements
unknown
https://github.com/zloirock/core-js/blob/v3.38.1/LICENSE
unknown
https://us01ccistatic.zoom.us/us01cci/web-sdk/
unknown
https://cci.zoomgov.com/
unknown
https://eu01cci.zoom.us/
unknown
https://zoom.us/phonesystem
unknown
https://ccizp.zoomdev.us/
unknown
https://sa01campaign.zoom.us/
unknown
https://qa01apizva.zoomdev.us/
unknown
https://sa01cci.zoom.us/
unknown
https://zoom.com
unknown
https://devccistatic.zoomdev.us/web-sdk/
unknown
https://github.com/unjs/consola?tab=readme-ov-file#log-level
unknown
https://formatjs.io/docs/tooling/ts-transformer)
unknown
https://cdn.cookielaw.org/consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json
104.18.87.42
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
104.18.87.42
https://cciapi.zoomgovdev.com/
unknown
https://formatjs.io/docs/getting-started/message-distribution
unknown
https://ccistatic.zoomgovdev.com/web-sdk/
unknown
https://support.zoom.us/hc/zh-cn/articles/201362023-System-Requirements
unknown
https://ccistatic.zoomgov.com/web-sdk/
unknown
https://us01apizva.zoom.us/
unknown
https://dev01cciapi.zoomdev.us/
unknown
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
104.18.32.137
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/otCommonStyles.css
104.18.87.42
https://st1.zoom.us/fe-static/launch-meeting/meeting.a80ce84ab3be18f8c06b.js
170.114.46.1
https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Supportopens
unknown
https://us01cci.zoom.us/
unknown
https://campaign.zoomgov.com/
unknown
https://zoom.us
unknown
https://eu01campaign.zoom.us/
unknown
https://ccizpapi.zoomdev.us/
unknown
https://gocciapi.zoom.us/
unknown
https://github.com/focus-trap/tabbable/blob/master/LICENSE
unknown
https://gocci.zoom.us/
unknown
https://devlog-gateway.zoomdev.us/nws/join/logger/zccfelog
unknown
https://log-gateway.zoom.us/nws/join/logger/zccfelog
unknown
https://fingerprintjs.com)
unknown
https://dev01apizva.zoomdev.us/
unknown
https://us02web.zoom.us/launch/download/NVQttnGsIS73APtRBxQGfitIchtrSfEawwnAwPWvovJyR2BKLspNZCt36U9Qb782EHKcZLSDkAqyPmxO0hBlXrD3xTU1wIa1uN2cEGOwMg7PrTihYsOcdI8m0LOzrZFsSUPk9zoBLZ_8GN2bqaepc--kD9BHD5mLz46wzD3TSTvXsG8JjII6ORtMYCrv66ApbfDlt9uYPB-dcQSI2P4GXfgmNyd826PMyW7fUra6mvph8nQx-Jinn0HqK3su9Ip8NC6cbhcdUUCSRoMxkcG3C3EJ0e564juBdYv1XxwYoRNIORhgs0r_TwOZ4OuNYJqcIZmtMgyqNq6PW24uZ3YmDT9AQ8j9Z9NKkQMlm54wlzpqiJJDzO1qDLNjtSAw0Wwh4PyggISxWubncRjYep60xud5OGp3Ps6Hezz4k36aHhicXT68iPuxTebNYSYvJXZ1J5r1Zu_3ZmjSJv2CNkUba86HFU9d6gGKnZv2GX6v40QoEb0iGJAGBfw_x6LTd_JDwpJiehwdAESSLyFfbFJF_rzdZigOg6KUDjoeobnM2QZTJPfq4mmdlZZa5SY80ZRIw8FAmBB4lQuljTE8ydf8HcuiOT-C2_9WO3yn_Cog0JCopJ3xdP8V-UbQloxskNXKXMq_CbBDpB3SU4GJ.W2Pb8y6nJ3885ttZ/meeting/GHUZFqYbZAxfpx97V2BLKDkK6F0oLrpk4zZ3.JmDVu_7SylN8L67L/Zoom_launcher.exe
170.114.52.3
https://sa01apizva.zoom.us/
unknown
https://github.com/formatjs/formatjs/issues/1914
unknown
https://us01campaign.zoom.us/
unknown
https://devcampaign.zoomdev.us/
unknown
https://us01ccistatic-cf.zoom.us/us01cci/web-sdk/
unknown
https://us01ccistatic.zoom.us/us01cci/web-sdk/cross-storage.html
170.114.46.1
https://reactjs.org/docs/error-decoder.html?invariant=
unknown
https://sa01ccistatic.zoom.us/sa01cci/web-sdk/
unknown
https://campaign.zoomgovdev.com/
unknown
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success
https://devapizva.zoomdev.us/
unknown
https://dev01cci.zoomdev.us/
unknown
https://devcolo.zoomdev.us
unknown
https://eu01ccistatic.zoom.us/eu01cci/web-sdk/
unknown
http://fb.me/use-check-prop-types
unknown
https://support.zoom.us/hc/en-us/articles/201362023-System-Requirements
unknown
https://devcoloccizpapi.zoomdev.us/
unknown
https://github.com/pmndrs/zustand/discussions/1937
unknown
https://formatjs.io/docs/react-intl#runtime-requirements
unknown
https://us01ccistatic.zoom.us/us01cci/web-sdk/web-campaign.js?env=us01&apikey=AM_FKF55QOG_vdWum455Vg&lazyLoadCampaignUrl=_blank
170.114.46.1
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
us02web.zoom.us
170.114.52.3
us01ccistatic-c.zoom.us
170.114.46.1
st1.zoom.us
170.114.46.1
www.google.com
216.58.206.36
edge-log-gateway-web-158ad3d115123922.elb.us-east-2.amazonaws.com
134.224.0.55
zoom-privacy.my.onetrust.com
104.18.32.137
us02st1.zoom.us
170.114.45.1
cdn.cookielaw.org
104.18.87.42
geolocation.onetrust.com
104.18.32.137
log-gateway.zoom.us
unknown
us01ccistatic.zoom.us
unknown
us02st3.zoom.us
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
134.224.0.55
edge-log-gateway-web-158ad3d115123922.elb.us-east-2.amazonaws.com
United States
104.18.87.42
cdn.cookielaw.org
United States
216.58.206.36
www.google.com
United States
192.168.2.5
unknown
unknown
239.255.255.250
unknown
Reserved
104.18.32.137
zoom-privacy.my.onetrust.com
United States
192.168.2.23
unknown
unknown
170.114.46.1
us01ccistatic-c.zoom.us
United States
170.114.45.1
us02st1.zoom.us
United States
170.114.52.3
us02web.zoom.us
United States
104.18.86.42
unknown
United States
There are 1 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success
https://us02web.zoom.us/j/82310935206?pwd=bzgvOGVIZGpqRjFnN3FVVlhxQ1pJUT09#success