Windows Analysis Report
https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09

Overview

General Information

Sample URL:	https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09
Analysis ID:	1417117
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Classification

Signatures

Source: Unconfirmed 778273.crdownload.0.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_79edbeca-2

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49748 version: TLS 1.2

Source:	Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr
Source:	Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb~~ source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09 HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/launch-meeting/meeting.fd53f2d51cff9b53de20.js HTTP/1.1Host: st1.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0
Source: global traffic	HTTP traffic detected: GET /deflect/customization/zoom/lazy-solvvy.js HTTP/1.1Host: cdn.solvvy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/6.3.20485/js/lib/fingerprintjs-3.3.3.min.js HTTP/1.1Host: us06st3.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /launch/download/WTfSO2hLE2Rb7JgFRotOY-Np5LXjrYCNUqYMiEAvOOoum-ihsLxDfYBZW10hGYgnj5IOqHkgzKAQ7R34ymJoCjCCU0DdPU-I14ZTM1lGMJdq9ENCzlXsyrl4juT1OBcL6ERaJMJI86o7N6ODHdFGv6ITCN0NLtr-ZROl2yOuerd7ZdyTNiU5uT0M89n2kWJaSp9199gm1yKkS-MErnWhWm-IOOcxstfHnCMZLIwpr8db2ktQmEgGjCvFnmgy9Ul5U1GVczGsJabAGDipyQ2J1K3DlGanVbaPJvQCEjI8CZIsYsMQLzNb_56wbAFrZZbTV6nCno7ecy6zROwHOjC_qYJmzeyI_KHZVIqFu1hCrpv_rebooYdSL_hB4CV9BzDLphx-TcgAdLE3SPyrMGFGR18LWyqa_bxYvgtGUJf73ebyK-nV-1wdrZtxe3r9x3Rb_1WdJXag.ep4e2FVO2n705Dhu/meeting/71Ex5G83-aCBhG4C7jbxh9sSGyo8ip92-vPG.OCmSDwYjwM3oS5gK/Zoom_launcher.exe HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; cred=398EE63CDA3C0A4B7080D96DB29A3D92; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0; __cf_bm=JWQgtH2hmzgL01sVCAiBKUZJv5BfY8hLVyjNsKkF0_Y-1711639116-1.0.1.1-y.e6Qf2.m.AfkGyZsurzKNjjJfXoPgJYbcU2b9svv5pJE1yGvzFBpwA0UYs1cI.gI2DE69s2XhlOYYKMomPDSA
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0; _zm_fingerprint=4b396ab381331c351e5c92fe03fb44f0
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/03b083f6-168d-47aa-95ab-f1c0fbc62fe1/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otFloatingFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/03b083f6-168d-47aa-95ab-f1c0fbc62fe1/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otFloatingFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /request/v1/consentreceipts HTTP/1.1Host: zoom-privacy.my.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /launch/download/WTfSO2hLE2Rb7JgFRotOY-Np5LXjrYCNUqYMiEAvOOoum-ihsLxDfYBZW10hGYgnj5IOqHkgzKAQ7R34ymJoCjCCU0DdPU-I14ZTM1lGMJdq9ENCzlXsyrl4juT1OBcL6ERaJMJI86o7N6ODHdFGv6ITCN0NLtr-ZROl2yOuerd7ZdyTNiU5uT0M89n2kWJaSp9199gm1yKkS-MErnWhWm-IOOcxstfHnCMZLIwpr8db2ktQmEgGjCvFnmgy9Ul5U1GVczGsJabAGDipyQ2J1K3DlGanVbaPJvQCEjI8CZIsYsMQLzNb_56wbAFrZZbTV6nCno7ecy6zROwHOjC_qYJmzeyI_KHZVIqFu1hCrpv_rebooYdSL_hB4CV9BzDLphx-TcgAdLE3SPyrMGFGR18LWyqa_bxYvgtGUJf73ebyK-nV-1wdrZtxe3r9x3Rb_1WdJXag.ep4e2FVO2n705Dhu/meeting/71Ex5G83-aCBhG4C7jbxh9sSGyo8ip92-vPG.OCmSDwYjwM3oS5gK/Zoom_launcher.exe HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0; __cf_bm=JWQgtH2hmzgL01sVCAiBKUZJv5BfY8hLVyjNsKkF0_Y-1711639116-1.0.1.1-y.e6Qf2.m.AfkGyZsurzKNjjJfXoPgJYbcU2b9svv5pJE1yGvzFBpwA0UYs1cI.gI2DE69s2XhlOYYKMomPDSA; _zm_fingerprint=4b396ab381331c351e5c92fe03fb44f0; cred=63282F292A24A6A5F69FD631C3C71438; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2024-03-28T15:18:53.098Z; OptanonConsent=isGpcEnabled=0&datestamp=Thu+Mar+28+2024+16%3A18%3A53+GMT%2B0100+(Central+European+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=f116c827-9119-4530-998b-edc9ff7bef81&interactionCount=1&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0; _zm_fingerprint=4b396ab381331c351e5c92fe03fb44f0; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2024-03-28T15:18:53.098Z; OptanonConsent=isGpcEnabled=0&datestamp=Thu+Mar+28+2024+16%3A18%3A53+GMT%2B0100+(Central+European+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=f116c827-9119-4530-998b-edc9ff7bef81&interactionCount=1&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1

Source: unknown

DNS traffic detected: queries for: us02web.zoom.us

Source: unknown

HTTP traffic detected: POST /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveContent-Length: 328sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://us02web.zoom.usSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_76.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_61.2.dr	String found in binary or memory: https://explore.zoom.us/en/cookie-policy/
Source: chromecache_72.2.dr, chromecache_61.2.dr	String found in binary or memory: https://explore.zoom.us/en/privacy/
Source: chromecache_76.2.dr	String found in binary or memory: https://fingerprintjs.com)
Source: chromecache_76.2.dr	String found in binary or memory: https://github.com/karanlyons/murmurHash3.js)
Source: chromecache_70.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_70.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.32.2/LICENSE
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/de/articles/201362023-System-Requirements
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Support
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Supportopens
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/es/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/fr/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/pt-br/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/ru/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/zh-cn/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/zh-tw/articles/201362023-System-Requirements
Source: chromecache_73.2.dr	String found in binary or memory: https://us01ccistatic.zoom.us/us01cci/web-sdk/chat-client.js
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoom.com.cn/
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoom.com/
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoom.us/
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoom.us/https://zoom.com/https://zoom.com.cn/https://zoomgov.com/://https:///
Source: chromecache_70.2.dr	String found in binary or memory: https://zoom.us/phonesystem
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoomgov.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49748 version: TLS 1.2

PE file does not import any functions

Source: c17db04b-41e5-4482-9e1e-b32172a069b7.tmp.0.dr	Static PE information: No import functions for PE file found
Source: 425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp.0.dr	Static PE information: No import functions for PE file found

PE file overlay found

Source: c17db04b-41e5-4482-9e1e-b32172a069b7.tmp.0.dr	Static PE information: Data appended to the last section found
Source: 425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp.0.dr	Static PE information: Data appended to the last section found

Source: classification engine

Classification label: clean3.win@22/35@26/15

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5600 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5600 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: agree

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr
Source:	Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb~~ source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr

PE file contains an invalid checksum

Source: c17db04b-41e5-4482-9e1e-b32172a069b7.tmp.0.dr	Static PE information: real checksum: 0x2f825 should be: 0xdbf8
Source: 425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp.0.dr	Static PE information: real checksum: 0x2f825 should be: 0xee2e

PE file contains sections with non-standard names

Source: 425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp.0.dr	Static PE information: section name: .didat
Source: Unconfirmed 397996.crdownload.0.dr	Static PE information: section name: .didat
Source: c17db04b-41e5-4482-9e1e-b32172a069b7.tmp.0.dr	Static PE information: section name: .didat
Source: Unconfirmed 778273.crdownload.0.dr	Static PE information: section name: .didat
Source: chromecache_75.2.dr	Static PE information: section name: .didat

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 75	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 778273.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 397996.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\c17db04b-41e5-4482-9e1e-b32172a069b7.tmp	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 75
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 75			Jump to dropped file

Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr

Binary or memory string: {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}{9BE518E6-ECC6-35A9-88E4-87755C07200F}{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}{9A25302D-30C0-39D9-BD6F-21E6EC160475}{A09D5493-0D9F-3211-B3BF-DD7ABBB318C1}{F2E0402D-AA60-32E3-8480-39AD5CE79DF2}{CC1DB186-550F-3CFE-A2A9-EBA5E5A34BC1}{09298F26-A95C-31E2-9D95-2C60F586F075}{31B44A9A-7CFE-3039-AEAE-A664F3C5F7BD}{E3F7F270-4ADD-3DA6-8B35-A924C134D49F}{9B775AA1-7B10-379A-9B16-7E373790568C}{DCB46B42-723F-350E-B18A-449BC6C21636}{09C0A8D5-EEC1-369D-8C7A-2E2DD17DCA5E}{86CE1746-9EFF-3C9C-8755-81EA8903AC34}{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}{820B6609-4C97-3A2B-B644-573B06A0F0CC}{6AFCA4E1-9B78-3640-8F72-A7BF33448200}{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}{402ED4A1-8F5B-387A-8688-997ABF58B8F2}{887868A2-D6DE-3255-AA92-AA0B5A59B874}{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}{57660847-B1F7-35BD-9118-F62EB863A598}SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\winsxs\x86_microsoft.vc90.crt_*Software\Microsoft\Windows\CurrentVersion\Internet SettingsSecureProtocols0x-Zoom_Opener_WndPropThis0%% (Error Code: )MESSAGEWNDOBJChangeWindowMessageFilteruser32.dllGrabFocusWindowZoom_Opener_WndPropHandlerZoom_Opener_WndPropHandlerOwnerSTATICSegoe UIArialbuttonWininet.dllInternetCloseHandleInternetCrackUrlAInternetOpenAInternetConnectAInternetSetOptionAInternetQueryOptionAHttpOpenRequestAHttpAddRequestHeadersAHttpSendRequestAInternetErrorDlgHttpQueryInfoAInternetReadFileInternetTimeToSystemTimeADownload-rootCurrent-versionInstaller-namePackage-namePackage-urlInstaller.exeZoom.msivcredist_x86.exe/winhttp.dllwinhttp.dllfile://Zoom.Opener.Win 1.0InternetOpen API failed, error code: InternetConnect API failed, error code: CreateFile API failed, error code: GETPOSTHTTP/1.1HttpOpenRequest API failed, error code: %dHttpSendRequest API failed1, error code: HttpSendRequest API failed, error code: [req_state_read_status_code] zHttpQueryInfo complete, status:[read_response_file] Status Code:, content length: , total read: , error code: [read_response_content] API call zHttpQueryInfo failed, error: [log_response_content] cannot alloc buff, content leng: , Status code: [log_response_content] Content length (1048576 as unknown): , Total read: , Error No: [log_response_content] header:[process_requst] start, url:[process_requst] End for url:, return code:, Error:, Response content size:debug.logGlobal\.\debug.log[:] ***NULL-POINTER-PLACEHOLDER*** Fatal Error, __PrepareLogContent failed, log size:Zoom Video Communications, Inc.Entrust Root Certification AuthorityDigiCerthttp:https:mailto:Shell_TrayWndADVAPI32.dllCreateProcessWithTokenWopenProcessIdToSessionIdKernel32.dllexplorer.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.19.177.52	cdn.cookielaw.org	United States	13335	CLOUDFLARENETUS	false
104.19.178.52	unknown	United States	13335	CLOUDFLARENETUS	false
134.224.0.54	edge-log-gateway-web-158ad3d115123922.elb.us-east-2.amazonaws.com	United States	3479	PEACHNET-AS1US	false
170.114.65.137	edge-log-gateway-web-2f8111e8e5387748.elb.us-east-1.amazonaws.com	United States	22347	DORSEY-WHITNEYUS	false
172.64.155.119	geolocation.onetrust.com	United States	13335	CLOUDFLARENETUS	false
0.0.0.0	unknown	unknown	unknown	unknown	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.84.151.45	us06st3.zoom.us	United States	16509	AMAZON-02US	false
104.18.32.137	zoom-privacy.my.onetrust.com	United States	13335	CLOUDFLARENETUS	false
52.84.151.43	st1.zoom.us	United States	16509	AMAZON-02US	false
34.98.108.207	cdn.solvvy.com	United States	15169	GOOGLEUS	false
170.114.52.3	us02web.zoom.us	United States	22347	DORSEY-WHITNEYUS	false
172.253.62.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.4

Contacted Domains

Name	IP	Active
us02web.zoom.us	170.114.52.3	true
edge-log-gateway-web-2f8111e8e5387748.elb.us-east-1.amazonaws.com	170.114.65.137	true
us06st3.zoom.us	52.84.151.45	true
st1.zoom.us	52.84.151.43	true
cdn.solvvy.com	34.98.108.207	true
www.google.com	172.253.62.103	true
edge-log-gateway-web-158ad3d115123922.elb.us-east-2.amazonaws.com	134.224.0.54	true
zoom-privacy.my.onetrust.com	104.18.32.137	true
cdn.cookielaw.org	104.19.177.52	true
geolocation.onetrust.com	172.64.155.119	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
log-gateway.zoom.us	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/v2/otPcCenter.json	false		high
https://st1.zoom.us/fe-static/launch-meeting/meeting.fd53f2d51cff9b53de20.js	false		high
https://cdn.cookielaw.org/scripttemplates/6.21.0/otBannerSdk.js	false		high
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	false		high
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/otCommonStyles.css	false		high
https://cdn.solvvy.com/deflect/customization/zoom/lazy-solvvy.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
about:blank	false	Avira URL Cloud: safe	low
https://zoom-privacy.my.onetrust.com/request/v1/consentreceipts	false		high
https://cdn.cookielaw.org/scripttemplates/6.21.0/assets/otFloatingFlat.json	false		high
https://us06st3.zoom.us/static/6.3.20485/js/lib/fingerprintjs-3.3.3.min.js	false		high
https://cdn.cookielaw.org/consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/03b083f6-168d-47aa-95ab-f1c0fbc62fe1/en.json	false		high
https://log-gateway.zoom.us/nws/join/logger/wjmf	false		high
https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09	false		high
https://us02web.zoom.us/launch/download/WTfSO2hLE2Rb7JgFRotOY-Np5LXjrYCNUqYMiEAvOOoum-ihsLxDfYBZW10hGYgnj5IOqHkgzKAQ7R34ymJoCjCCU0DdPU-I14ZTM1lGMJdq9ENCzlXsyrl4juT1OBcL6ERaJMJI86o7N6ODHdFGv6ITCN0NLtr-ZROl2yOuerd7ZdyTNiU5uT0M89n2kWJaSp9199gm1yKkS-MErnWhWm-IOOcxstfHnCMZLIwpr8db2ktQmEgGjCvFnmgy9Ul5U1GVczGsJabAGDipyQ2J1K3DlGanVbaPJvQCEjI8CZIsYsMQLzNb_56wbAFrZZbTV6nCno7ecy6zROwHOjC_qYJmzeyI_KHZVIqFu1hCrpv_rebooYdSL_hB4CV9BzDLphx-TcgAdLE3SPyrMGFGR18LWyqa_bxYvgtGUJf73ebyK-nV-1wdrZtxe3r9x3Rb_1WdJXag.ep4e2FVO2n705Dhu/meeting/71Ex5G83-aCBhG4C7jbxh9sSGyo8ip92-vPG.OCmSDwYjwM3oS5gK/Zoom_launcher.exe	false		high
https://cdn.cookielaw.org/consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json	false		high
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Downloads\425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	291B05BE9F078F4FEEF2E04DC6C8341B	6823A4DD03E5CFBA49A1616E31900318E1446E74	F8876F0E5F2E4B96BC57E41C2FCB15769CE209BFFF6500F85CE5E9B4789A1D29
C:\Users\user\Downloads\Unconfirmed 397996.crdownload	PE32 executable (GUI) Intel 80386, for MS Windows	0E525F27BA5A4C4D0EBCA64A61174DA0	C98CB1A9B04C685DAFD486C2F51023653F4E763C	D7A06EF8FDAAAFEDEA3B522B7411BEDE856BB1D0F18D8B7216C20255947EE517
C:\Users\user\Downloads\Unconfirmed 778273.crdownload	PE32 executable (GUI) Intel 80386, for MS Windows	0E525F27BA5A4C4D0EBCA64A61174DA0	C98CB1A9B04C685DAFD486C2F51023653F4E763C	D7A06EF8FDAAAFEDEA3B522B7411BEDE856BB1D0F18D8B7216C20255947EE517
C:\Users\user\Downloads\c17db04b-41e5-4482-9e1e-b32172a069b7.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	DB21478F2F847B737BC6F2B644DD4AED	CA39E26D9625B9FE06B6E0D87BC7A0FA1A2E408D	4587C941CB45E08612C743BF3AF8C5C8FD0E9811FEB85CB76E7B6F770C4E523D
Chrome Cache Entry: 60	ASCII text, with very long lines (65455)	F115C8FCA9B441635FC753620CC683E7	3DB889C399F6A60807BA77F74FC0380E503DBAF2	0068B328DC886133E94DE712C57B93368F820F34C3DC9562792B36BACE8599C0
Chrome Cache Entry: 61	JSON data	3669C517CA1D929C3E09A105E6F2FAA2	8936B25A8F4D2B444C2CD4BDED945DBDEAA06B37	07140B5DE6F259878D2B40C5DEA0CFC74937E27C6F8FD10B979F0E427813F0E8
Chrome Cache Entry: 62	JSON data	24AA23F9E7A252818A64E7A50E7E8E4D	16E43A853FE019F5AAE249E0CC7F5A8DA3F084A5	584F895BB024B067B440328E4D92BB57ED91C91FCCFDD464D20B078D5E6E2F7C
Chrome Cache Entry: 63	JSON data	5AB6D4EF7207325687F427AEF8504E38	511316E2A7BC063A77CEDFBD7CFB906AB78C1FB2	432D55B2BB99D6C152CE13DFEDA39F61570071A091BC3462FE7400583D27E09C
Chrome Cache Entry: 64	ASCII text, with no line terminators	4A7E157A6DF07A8F848E13647A1F50BD	95E2715124461E84FB01E75A2157917697670D6D	E45C44615E141491E0540FEC7B7A8BE281D4E63E22D71E9F28F8295497C7FB51
Chrome Cache Entry: 65	ASCII text, with very long lines (11123)	17F16CE78FB1F5B40AFD42E4351A787C	02E77F9C5B5C4C6BD13D0E0887A720AF03FE8E32	6BE3EFEB998248DB9CC1083AEF162EE483CBDE10B893057E4B5AE1A612C0AE3A
Chrome Cache Entry: 66	JSON data	24AA23F9E7A252818A64E7A50E7E8E4D	16E43A853FE019F5AAE249E0CC7F5A8DA3F084A5	584F895BB024B067B440328E4D92BB57ED91C91FCCFDD464D20B078D5E6E2F7C
Chrome Cache Entry: 67	JSON data	15EB9B5517E43372A1B2AA7DE7516D59	D76000CF1458D2D46EB9090CF19E1DE9C8D19A41	3592264026D24B135F25C80556D6C8B4B02243C396C7578BB0B45B951E6DB778
Chrome Cache Entry: 68	JSON data	990FF8ED62A80EB7A80590B866F8D5E6	5FF89EA7B63348360764A10B02AAE576E083F995	29A93D731434E92CD8081BB2AF123C2CEA435D7893245A04134D7FBF713518F9
Chrome Cache Entry: 69	JSON data	0B2D0B607158F167828695BEC810D394	F622CA886FA03C6526BDF75CBCB3A5EC8D0A0A8F	F1DC0FBE7D5B7BCA15A47AE6C59BB3F3DC58D88D32963A9739D91E5770A3B2B7
Chrome Cache Entry: 70	Unicode text, UTF-8 text, with very long lines (35523), with LF, NEL line terminators	EA5B4F5BDA39BE90B09643E335CB3D1F	9B1A11F9686B35EA4D62B0476A20E1EEAAA0C4E4	64511A64CB174A48C2673EA499D707A6489C2C82275544EFA0DBEE714B7C444E
Chrome Cache Entry: 71	ASCII text, with very long lines (21099)	371FE1FDE25DC853ADD509F5D9FE57AC	B6219C34246FA4A3F1F35C64BBD708DC04C463CA	92E4588C227A58321A728574129E52EC244DF30B90FC9A64A30EE65410104C41
Chrome Cache Entry: 72	JSON data	3669C517CA1D929C3E09A105E6F2FAA2	8936B25A8F4D2B444C2CD4BDED945DBDEAA06B37	07140B5DE6F259878D2B40C5DEA0CFC74937E27C6F8FD10B979F0E427813F0E8
Chrome Cache Entry: 73	ASCII text, with very long lines (894)	69E8703B732EDC94FF429DC71CA1F9EC	10F939D19EE69AC91A59C4DBF74CF76411F9BBA8	4C1A0938733F72097A14BC09DCE2B036828A6A899B2630CD68F9E52F3EFDB841
Chrome Cache Entry: 74	ASCII text, with very long lines (11123)	17F16CE78FB1F5B40AFD42E4351A787C	02E77F9C5B5C4C6BD13D0E0887A720AF03FE8E32	6BE3EFEB998248DB9CC1083AEF162EE483CBDE10B893057E4B5AE1A612C0AE3A
Chrome Cache Entry: 75	PE32 executable (GUI) Intel 80386, for MS Windows	0E525F27BA5A4C4D0EBCA64A61174DA0	C98CB1A9B04C685DAFD486C2F51023653F4E763C	D7A06EF8FDAAAFEDEA3B522B7411BEDE856BB1D0F18D8B7216C20255947EE517
Chrome Cache Entry: 76	Unicode text, UTF-8 text, with very long lines (31575)	EE6E48B4073D72AE88A31205FBBC3CA7	ADE6A96848805A36D898D53E90804E75D86CC8BE	781331C091B62243CA57852A71DB442D0B37E50BB41114407C01E5A535516C50
Chrome Cache Entry: 77	JSON data	990FF8ED62A80EB7A80590B866F8D5E6	5FF89EA7B63348360764A10B02AAE576E083F995	29A93D731434E92CD8081BB2AF123C2CEA435D7893245A04134D7FBF713518F9
Chrome Cache Entry: 78	JSON data	15EB9B5517E43372A1B2AA7DE7516D59	D76000CF1458D2D46EB9090CF19E1DE9C8D19A41	3592264026D24B135F25C80556D6C8B4B02243C396C7578BB0B45B951E6DB778

Source: Unconfirmed 778273.crdownload.0.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_79edbeca-2

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49748 version: TLS 1.2

Source:	Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr
Source:	Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb~~ source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09 HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-static/launch-meeting/meeting.fd53f2d51cff9b53de20.js HTTP/1.1Host: st1.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0
Source: global traffic	HTTP traffic detected: GET /deflect/customization/zoom/lazy-solvvy.js HTTP/1.1Host: cdn.solvvy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/6.3.20485/js/lib/fingerprintjs-3.3.3.min.js HTTP/1.1Host: us06st3.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /launch/download/WTfSO2hLE2Rb7JgFRotOY-Np5LXjrYCNUqYMiEAvOOoum-ihsLxDfYBZW10hGYgnj5IOqHkgzKAQ7R34ymJoCjCCU0DdPU-I14ZTM1lGMJdq9ENCzlXsyrl4juT1OBcL6ERaJMJI86o7N6ODHdFGv6ITCN0NLtr-ZROl2yOuerd7ZdyTNiU5uT0M89n2kWJaSp9199gm1yKkS-MErnWhWm-IOOcxstfHnCMZLIwpr8db2ktQmEgGjCvFnmgy9Ul5U1GVczGsJabAGDipyQ2J1K3DlGanVbaPJvQCEjI8CZIsYsMQLzNb_56wbAFrZZbTV6nCno7ecy6zROwHOjC_qYJmzeyI_KHZVIqFu1hCrpv_rebooYdSL_hB4CV9BzDLphx-TcgAdLE3SPyrMGFGR18LWyqa_bxYvgtGUJf73ebyK-nV-1wdrZtxe3r9x3Rb_1WdJXag.ep4e2FVO2n705Dhu/meeting/71Ex5G83-aCBhG4C7jbxh9sSGyo8ip92-vPG.OCmSDwYjwM3oS5gK/Zoom_launcher.exe HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; cred=398EE63CDA3C0A4B7080D96DB29A3D92; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0; __cf_bm=JWQgtH2hmzgL01sVCAiBKUZJv5BfY8hLVyjNsKkF0_Y-1711639116-1.0.1.1-y.e6Qf2.m.AfkGyZsurzKNjjJfXoPgJYbcU2b9svv5pJE1yGvzFBpwA0UYs1cI.gI2DE69s2XhlOYYKMomPDSA
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/b0bfa2ae-4058-4aef-8632-a5281ce4464a.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0; _zm_fingerprint=4b396ab381331c351e5c92fe03fb44f0
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/03b083f6-168d-47aa-95ab-f1c0fbc62fe1/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otFloatingFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /consent/b0bfa2ae-4058-4aef-8632-a5281ce4464a/03b083f6-168d-47aa-95ab-f1c0fbc62fe1/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://us02web.zoom.usSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://us02web.zoom.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otFloatingFlat.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /request/v1/consentreceipts HTTP/1.1Host: zoom-privacy.my.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /launch/download/WTfSO2hLE2Rb7JgFRotOY-Np5LXjrYCNUqYMiEAvOOoum-ihsLxDfYBZW10hGYgnj5IOqHkgzKAQ7R34ymJoCjCCU0DdPU-I14ZTM1lGMJdq9ENCzlXsyrl4juT1OBcL6ERaJMJI86o7N6ODHdFGv6ITCN0NLtr-ZROl2yOuerd7ZdyTNiU5uT0M89n2kWJaSp9199gm1yKkS-MErnWhWm-IOOcxstfHnCMZLIwpr8db2ktQmEgGjCvFnmgy9Ul5U1GVczGsJabAGDipyQ2J1K3DlGanVbaPJvQCEjI8CZIsYsMQLzNb_56wbAFrZZbTV6nCno7ecy6zROwHOjC_qYJmzeyI_KHZVIqFu1hCrpv_rebooYdSL_hB4CV9BzDLphx-TcgAdLE3SPyrMGFGR18LWyqa_bxYvgtGUJf73ebyK-nV-1wdrZtxe3r9x3Rb_1WdJXag.ep4e2FVO2n705Dhu/meeting/71Ex5G83-aCBhG4C7jbxh9sSGyo8ip92-vPG.OCmSDwYjwM3oS5gK/Zoom_launcher.exe HTTP/1.1Host: us02web.zoom.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0; __cf_bm=JWQgtH2hmzgL01sVCAiBKUZJv5BfY8hLVyjNsKkF0_Y-1711639116-1.0.1.1-y.e6Qf2.m.AfkGyZsurzKNjjJfXoPgJYbcU2b9svv5pJE1yGvzFBpwA0UYs1cI.gI2DE69s2XhlOYYKMomPDSA; _zm_fingerprint=4b396ab381331c351e5c92fe03fb44f0; cred=63282F292A24A6A5F69FD631C3C71438; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2024-03-28T15:18:53.098Z; OptanonConsent=isGpcEnabled=0&datestamp=Thu+Mar+28+2024+16%3A18%3A53+GMT%2B0100+(Central+European+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=f116c827-9119-4530-998b-edc9ff7bef81&interactionCount=1&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1
Source: global traffic	HTTP traffic detected: GET /nws/join/logger/wjmf HTTP/1.1Host: log-gateway.zoom.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _zm_ssid=us06_c_Oz2WvZJXRiCgfmRTQtepfg; _zm_ctaid=UkeELPuHR7GVBCDWiu05jw.1711639116284.cfbc4ad29da105a439c1e5d9005f1031; _zm_chtaid=877; _zm_mtk_guid=717fa997ed52403a85e33b49db7c9da0; _zm_join_utid=UTID_7c65680d1e374028be9a1c13646dbe1e; _zm_csp_script_nonce=FlEzoIORQquoZdq01SchsA; _zm_currency=USD; _zm_visitor_guid=717fa997ed52403a85e33b49db7c9da0; _zm_fingerprint=4b396ab381331c351e5c92fe03fb44f0; OnetrustActiveGroups=C0004C0003C0002C0001; OptanonAlertBoxClosed=2024-03-28T15:18:53.098Z; OptanonConsent=isGpcEnabled=0&datestamp=Thu+Mar+28+2024+16%3A18%3A53+GMT%2B0100+(Central+European+Standard+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=f116c827-9119-4530-998b-edc9ff7bef81&interactionCount=1&landingPath=NotLandingPage&groups=C0004%3A1%2CC0003%3A1%2CC0002%3A1%2CC0001%3A1

Source: unknown

DNS traffic detected: queries for: us02web.zoom.us

Source: unknown

Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0I
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chromecache_76.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_61.2.dr	String found in binary or memory: https://explore.zoom.us/en/cookie-policy/
Source: chromecache_72.2.dr, chromecache_61.2.dr	String found in binary or memory: https://explore.zoom.us/en/privacy/
Source: chromecache_76.2.dr	String found in binary or memory: https://fingerprintjs.com)
Source: chromecache_76.2.dr	String found in binary or memory: https://github.com/karanlyons/murmurHash3.js)
Source: chromecache_70.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_70.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.32.2/LICENSE
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/de/articles/201362023-System-Requirements
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Support
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Supportopens
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/es/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/fr/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/pt-br/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/ru/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/zh-cn/articles/201362023-System-Requirements
Source: chromecache_70.2.dr	String found in binary or memory: https://support.zoom.us/hc/zh-tw/articles/201362023-System-Requirements
Source: chromecache_73.2.dr	String found in binary or memory: https://us01ccistatic.zoom.us/us01cci/web-sdk/chat-client.js
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoom.com.cn/
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoom.com/
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoom.us/
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoom.us/https://zoom.com/https://zoom.com.cn/https://zoomgov.com/://https:///
Source: chromecache_70.2.dr	String found in binary or memory: https://zoom.us/phonesystem
Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr	String found in binary or memory: https://zoomgov.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.4:49748 version: TLS 1.2

PE file does not import any functions

Source: c17db04b-41e5-4482-9e1e-b32172a069b7.tmp.0.dr	Static PE information: No import functions for PE file found
Source: 425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp.0.dr	Static PE information: No import functions for PE file found

PE file overlay found

Source: c17db04b-41e5-4482-9e1e-b32172a069b7.tmp.0.dr	Static PE information: Data appended to the last section found
Source: 425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp.0.dr	Static PE information: Data appended to the last section found

Source: classification engine

Classification label: clean3.win@22/35@26/15

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5600 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5600 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1888,i,15907643151583486106,13547267940061697564,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: agree

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr
Source:	Binary string: c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb~~ source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr

PE file contains an invalid checksum

Source: c17db04b-41e5-4482-9e1e-b32172a069b7.tmp.0.dr	Static PE information: real checksum: 0x2f825 should be: 0xdbf8
Source: 425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp.0.dr	Static PE information: real checksum: 0x2f825 should be: 0xee2e

PE file contains sections with non-standard names

Source: 425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp.0.dr	Static PE information: section name: .didat
Source: Unconfirmed 397996.crdownload.0.dr	Static PE information: section name: .didat
Source: c17db04b-41e5-4482-9e1e-b32172a069b7.tmp.0.dr	Static PE information: section name: .didat
Source: Unconfirmed 778273.crdownload.0.dr	Static PE information: section name: .didat
Source: chromecache_75.2.dr	Static PE information: section name: .didat

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 75	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 778273.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\425c4ce8-4540-4ab6-9091-db0ae2478c6f.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 397996.crdownload	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\c17db04b-41e5-4482-9e1e-b32172a069b7.tmp	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 75
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 75			Jump to dropped file

Source: Unconfirmed 778273.crdownload.0.dr, chromecache_75.2.dr, Unconfirmed 397996.crdownload.0.dr

ID:	1417117
Product:	CloudBasic
Start time:	16:17:35
Start date:	28.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://us02web.zoom.us/j/88257733758?pwd=UkFtUjRWaGtlTTNTb3NZMHdmbmRNdz09