Edit tour

Windows Analysis Report
https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=

Overview

General Information

Sample URL:	https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=
Analysis ID:	1517477
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1952,i,7816310681642784807,11229644510182849391,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 00:57:03 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 127Connection: closeAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: *X-GUploader-UploadID: AD-8ljtEoLGfbgWNTX6sAzzl3CTkiwcwJmAXjoJnZdPXGUHpztK5Ty992aY9bd83vpXVc74wdc0Expires: Wed, 25 Sep 2024 01:27:03 GMTCache-Control: public, max-age=1800CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 8c870ed2792a17a9-EWR

Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 13.95.65.251
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /micro/website-tracker/tracker.iife.js?nocache= HTTP/1.1Host: assets.apollo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: assets.apollo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=izYkMC2lIeTSenWEJOBQ3Qdi.oYdwgdIAVkjwlL0K30-1727225822-1.0.1.1-5shB4MBpwSKoxuxL.kkTN2t7jILfYrJpbcLuBcB8Fdrve8muq_pZ9J81Miv7AyT9TB6R54qJ8EXMyrfQ9UAjuA

Source: global traffic	DNS traffic detected: DNS query: assets.apollo.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_41.4.dr	String found in binary or memory: https://aplo-evnt.com/api/v1/intent_pixel/track_request
Source: chromecache_41.4.dr	String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1952,i,7816310681642784807,11229644510182849391,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1952,i,7816310681642784807,11229644510182849391,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=	0%	Avira URL Cloud	safe
https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://assets.apollo.io/favicon.ico	0%	Avira URL Cloud	safe
https://aplo-evnt.com/api/v1/intent_pixel/track_request	0%	Avira URL Cloud	safe
https://github.com/uuidjs/uuid#getrandomvalues-not-supported	0%	Avira URL Cloud	safe
https://aplo-evnt.com/api/v1/intent_pixel/track_request	0%	Virustotal		Browse
https://github.com/uuidjs/uuid#getrandomvalues-not-supported	0%	Virustotal		Browse

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
assets.apollo.io	104.20.40.213	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.20.40.213	assets.apollo.io	United States	13335	CLOUDFLARENETUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1517477
Start date and time:	2024-09-25 02:55:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/4@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2571)
Category:	downloaded
Size (bytes):	2572
Entropy (8bit):	5.3402160827809215
Encrypted:	false
SSDEEP:	48:cMbfuNM+9riN4xRFJdXkrTsBH5uNGInUBjh4Iq7J5xeaCQfGIevyIZU:cuQVJmuavtbWhvi
MD5:	7E73B6AEBCE0335285A3D06E80CB6678
SHA1:	63CBD1357B612D4B53C0218BD9A975313C6E06E0
SHA-256:	2039D204F18247DF88A0F132F35FE67F9E52EE7268515EAD1647C611F737BA07
SHA-512:	CED849434942C32E07E8E0AD36AFF4093CD400D1D6EE28A2E0EA1B1198765B6CBAE7A5047EBF5C597DD833EDADFC72AEB6FA46A449138192BCD646F1D3571894
Malicious:	false
Reputation:	low
URL:	https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=
Preview:	var u=(l,h,s)=>new Promise((e,r)=>{var g=a=>{try{d(s.next(a))}catch(n){r(n)}},p=a=>{try{d(s.throw(a))}catch(n){r(n)}},d=a=>a.done?e(a.value):Promise.resolve(a.value).then(g,p);d((s=s.apply(l,h)).next())});(function(){"use strict";let l;const h=new Uint8Array(16);function s(){if(!l&&(l=typeof crypto!="undefined"&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!l))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return l(h)}const e=[];for(let n=0;n<256;++n)e.push((n+256).toString(16).slice(1));function r(n,t=0){return e[n[t+0]]+e[n[t+1]]+e[n[t+2]]+e[n[t+3]]+"-"+e[n[t+4]]+e[n[t+5]]+"-"+e[n[t+6]]+e[n[t+7]]+"-"+e[n[t+8]]+e[n[t+9]]+"-"+e[n[t+10]]+e[n[t+11]]+e[n[t+12]]+e[n[t+13]]+e[n[t+14]]+e[n[t+15]]}const p={randomUUID:typeof crypto!="undefined"&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};function d(n,t,i){if(p.randomUUID&&!t&&!n)return p.randomUUID();n=n\|\|{};const o=n.random\|\|(n.rng\|\|s)();if(o[6

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	127
Entropy (8bit):	4.8845699999998375
Encrypted:	false
SSDEEP:	3:vFWWMNCmXyKgCC6beXqZj++auHcAbWWUAVMAB5TQBWRaWWU9KgqLn:TM3i0b9Zj7lHcLWtpTQgRdWBg6n
MD5:	6A9927369A243C4B4361B4C488649F02
SHA1:	6CF22A7F474695A7B02C4F8E6BBE35B2441C8EB2
SHA-256:	BDE9C2949E64D059C18D8F93566A64DAFC6D2E8E259A70322FB804831DFD0B5B
SHA-512:	0C73ECD0294C6ABDAD930DE5EF3F3595C8857E9D1FD3579A79B9C79BF0E7A75CB67EA54D22B7263163D48565BD4093915E97FD473E8357AA4F936C63BFEBAD0D
Malicious:	false
Reputation:	low
URL:	https://assets.apollo.io/favicon.ico
Preview:	<?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message></Error>

Name	Source	Malicious	Antivirus Detection	Reputation
https://aplo-evnt.com/api/v1/intent_pixel/track_request	chromecache_41.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/uuidjs/uuid#getrandomvalues-not-supported	chromecache_41.4.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2024 02:56:48.005028009 CEST	49675	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:56:48.005563021 CEST	49674	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:56:48.176908016 CEST	49672	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:56:48.864384890 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 25, 2024 02:56:53.617630005 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 25, 2024 02:56:53.677093029 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 25, 2024 02:56:53.989391088 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 25, 2024 02:56:54.739428043 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 25, 2024 02:56:56.286318064 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 25, 2024 02:56:57.611402988 CEST	49674	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:56:57.611412048 CEST	49675	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:56:57.907552958 CEST	49672	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:56:59.286305904 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 25, 2024 02:57:00.222860098 CEST	443	49698	104.98.116.138	192.168.2.7
Sep 25, 2024 02:57:00.222978115 CEST	49698	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:57:02.351403952 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.351448059 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.351578951 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.354924917 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.355025053 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.355102062 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.355746984 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.355767012 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.356618881 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.356653929 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.580744982 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:02.580790043 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:02.580921888 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:02.581437111 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:02.581449032 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:02.814251900 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.814682007 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.814697027 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.815704107 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.815762043 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.818406105 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.818463087 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.818551064 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.829128027 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.829438925 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.829466105 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.830450058 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.830517054 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.831072092 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.831130028 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.859399080 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.897650957 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.897663116 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.897701025 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.897799969 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.944911957 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.944947004 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.945024967 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:02.945084095 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.945084095 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.946788073 CEST	49706	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:02.946805954 CEST	443	49706	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:03.061136961 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:03.103404999 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:03.213618040 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:03.213964939 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:03.213989019 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:03.214865923 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:03.214955091 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:03.217056036 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:03.217122078 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:03.221132040 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:03.221190929 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:03.221772909 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:03.223352909 CEST	49707	443	192.168.2.7	104.20.40.213
Sep 25, 2024 02:57:03.223381996 CEST	443	49707	104.20.40.213	192.168.2.7
Sep 25, 2024 02:57:03.287477016 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:03.287491083 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:03.325685978 CEST	49671	443	192.168.2.7	204.79.197.203
Sep 25, 2024 02:57:03.395236015 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:05.301943064 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 25, 2024 02:57:08.649599075 CEST	49698	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:57:08.650069952 CEST	49712	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:57:08.650171041 CEST	443	49712	104.98.116.138	192.168.2.7
Sep 25, 2024 02:57:08.650316954 CEST	49712	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:57:08.650589943 CEST	49712	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:57:08.650624990 CEST	443	49712	104.98.116.138	192.168.2.7
Sep 25, 2024 02:57:08.654449940 CEST	443	49698	104.98.116.138	192.168.2.7
Sep 25, 2024 02:57:13.146948099 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:13.147022963 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:13.147114038 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:13.242532969 CEST	49708	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:57:13.242571115 CEST	443	49708	216.58.206.68	192.168.2.7
Sep 25, 2024 02:57:17.208164930 CEST	49677	443	192.168.2.7	20.50.201.200
Sep 25, 2024 02:57:51.394150019 CEST	443	49712	104.98.116.138	192.168.2.7
Sep 25, 2024 02:57:51.394234896 CEST	49712	443	192.168.2.7	104.98.116.138
Sep 25, 2024 02:58:02.619636059 CEST	49718	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:58:02.619695902 CEST	443	49718	216.58.206.68	192.168.2.7
Sep 25, 2024 02:58:02.619772911 CEST	49718	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:58:02.620162964 CEST	49718	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:58:02.620182991 CEST	443	49718	216.58.206.68	192.168.2.7
Sep 25, 2024 02:58:03.372260094 CEST	443	49718	216.58.206.68	192.168.2.7
Sep 25, 2024 02:58:03.373182058 CEST	49718	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:58:03.373217106 CEST	443	49718	216.58.206.68	192.168.2.7
Sep 25, 2024 02:58:03.373719931 CEST	443	49718	216.58.206.68	192.168.2.7
Sep 25, 2024 02:58:03.374492884 CEST	49718	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:58:03.374576092 CEST	443	49718	216.58.206.68	192.168.2.7
Sep 25, 2024 02:58:03.427686930 CEST	49718	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:58:13.189666986 CEST	443	49718	216.58.206.68	192.168.2.7
Sep 25, 2024 02:58:13.189738989 CEST	443	49718	216.58.206.68	192.168.2.7
Sep 25, 2024 02:58:13.189785957 CEST	49718	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:58:13.514761925 CEST	49718	443	192.168.2.7	216.58.206.68
Sep 25, 2024 02:58:13.514839888 CEST	443	49718	216.58.206.68	192.168.2.7

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2024 02:56:58.851783991 CEST	53	58897	1.1.1.1	192.168.2.7
Sep 25, 2024 02:56:58.974622011 CEST	53	51013	1.1.1.1	192.168.2.7
Sep 25, 2024 02:57:00.010436058 CEST	53	51688	1.1.1.1	192.168.2.7
Sep 25, 2024 02:57:00.418375969 CEST	123	123	192.168.2.7	13.95.65.251
Sep 25, 2024 02:57:00.600863934 CEST	123	123	13.95.65.251	192.168.2.7
Sep 25, 2024 02:57:02.314260960 CEST	54461	53	192.168.2.7	1.1.1.1
Sep 25, 2024 02:57:02.314502954 CEST	56855	53	192.168.2.7	1.1.1.1
Sep 25, 2024 02:57:02.321852922 CEST	53	54461	1.1.1.1	192.168.2.7
Sep 25, 2024 02:57:02.322283030 CEST	53	56855	1.1.1.1	192.168.2.7
Sep 25, 2024 02:57:02.571405888 CEST	52876	53	192.168.2.7	1.1.1.1
Sep 25, 2024 02:57:02.571984053 CEST	54432	53	192.168.2.7	1.1.1.1
Sep 25, 2024 02:57:02.578057051 CEST	53	52876	1.1.1.1	192.168.2.7
Sep 25, 2024 02:57:02.578897953 CEST	53	54432	1.1.1.1	192.168.2.7
Sep 25, 2024 02:57:17.231445074 CEST	53	65132	1.1.1.1	192.168.2.7
Sep 25, 2024 02:57:38.159538984 CEST	53	51893	1.1.1.1	192.168.2.7
Sep 25, 2024 02:57:53.376465082 CEST	138	138	192.168.2.7	192.168.2.255
Sep 25, 2024 02:57:58.812171936 CEST	53	60155	1.1.1.1	192.168.2.7
Sep 25, 2024 02:58:00.982378960 CEST	53	55718	1.1.1.1	192.168.2.7

Timestamp	Bytes transferred	Direction	Data
2024-09-25 00:57:02 UTC	705	OUT	GET /micro/website-tracker/tracker.iife.js?nocache= HTTP/1.1 Host: assets.apollo.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-25 00:57:02 UTC	1077	IN	HTTP/1.1 200 OK Date: Wed, 25 Sep 2024 00:57:02 GMT Content-Type: application/javascript Transfer-Encoding: chunked Connection: close x-goog-generation: 1707764714580510 x-goog-metageneration: 1 x-goog-stored-content-encoding: gzip x-goog-stored-content-length: 1168 x-goog-hash: crc32c=I3tUEw== x-goog-hash: md5=SC6zvnW2DshviOm8MzN+iA== x-goog-storage-class: MULTI_REGIONAL Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * X-GUploader-UploadID: ABPtcPoqNc-5kiFJ0Bzk3xmdQTnBM8SEy5Y8VcmR9uYnhO0h4hV7AzRJoD29hJhD546WUQYeark Expires: Wed, 24 Sep 2025 16:57:50 GMT Cache-Control: public, max-age=31507248 Age: 28165 Last-Modified: Mon, 12 Feb 2024 19:05:14 GMT ETag: W/"482eb3be75b60ec86f88e9bc33337e88" CF-Cache-Status: HIT Set-Cookie: __cf_bm=izYkMC2lIeTSenWEJOBQ3Qdi.oYdwgdIAVkjwlL0K30-1727225822-1.0.1.1-5shB4MBpwSKoxuxL.kkTN2t7jILfYrJpbcLuBcB8Fdrve8muq_pZ9J81Miv7AyT9TB6R54qJ8EXMyrfQ9UAjuA; path=/; expires=Wed, 25-Sep-24 01:27:02 GMT; domain=.apollo.io; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8c870ed10ca617f1-EWR
2024-09-25 00:57:02 UTC	292	IN	Data Raw: 61 30 63 0d 0a 76 61 72 20 75 3d 28 6c 2c 68 2c 73 29 3d 3e 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 65 2c 72 29 3d 3e 7b 76 61 72 20 67 3d 61 3d 3e 7b 74 72 79 7b 64 28 73 2e 6e 65 78 74 28 61 29 29 7d 63 61 74 63 68 28 6e 29 7b 72 28 6e 29 7d 7d 2c 70 3d 61 3d 3e 7b 74 72 79 7b 64 28 73 2e 74 68 72 6f 77 28 61 29 29 7d 63 61 74 63 68 28 6e 29 7b 72 28 6e 29 7d 7d 2c 64 3d 61 3d 3e 61 2e 64 6f 6e 65 3f 65 28 61 2e 76 61 6c 75 65 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 61 2e 76 61 6c 75 65 29 2e 74 68 65 6e 28 67 2c 70 29 3b 64 28 28 73 3d 73 2e 61 70 70 6c 79 28 6c 2c 68 29 29 2e 6e 65 78 74 28 29 29 7d 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6c 65 74 20 6c 3b 63 6f 6e 73 74 20 68 3d 6e 65 77 20 55 69 Data Ascii: a0cvar u=(l,h,s)=>new Promise((e,r)=>{var g=a=>{try{d(s.next(a))}catch(n){r(n)}},p=a=>{try{d(s.throw(a))}catch(n){r(n)}},d=a=>a.done?e(a.value):Promise.resolve(a.value).then(g,p);d((s=s.apply(l,h)).next())});(function(){"use strict";let l;const h=new Ui
2024-09-25 00:57:02 UTC	1369	IN	Data Raw: 79 70 65 6f 66 20 63 72 79 70 74 6f 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 63 72 79 70 74 6f 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 26 26 63 72 79 70 74 6f 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 2e 62 69 6e 64 28 63 72 79 70 74 6f 29 2c 21 6c 29 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 63 72 79 70 74 6f 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 28 29 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 2e 20 53 65 65 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 75 75 69 64 6a 73 2f 75 75 69 64 23 67 65 74 72 61 6e 64 6f 6d 76 61 6c 75 65 73 2d 6e 6f 74 2d 73 75 70 70 6f 72 74 65 64 22 29 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 63 6f 6e 73 74 20 65 3d 5b 5d 3b 66 6f 72 28 6c 65 74 20 6e 3d 30 3b 6e 3c 32 35 36 Data Ascii: ypeof crypto!="undefined"&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!l))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return l(h)}const e=[];for(let n=0;n<256
2024-09-25 00:57:02 UTC	918	IN	Data Raw: 73 69 74 45 76 65 6e 74 28 69 29 29 7d 29 7d 2c 21 30 29 7d 29 7d 2c 73 65 6e 64 50 61 67 65 56 69 73 69 74 45 76 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 75 28 74 68 69 73 2c 6e 75 6c 6c 2c 66 75 6e 63 74 69 6f 6e 2a 28 29 7b 63 6f 6e 73 74 20 74 3d 7b 61 70 6f 6c 6c 6f 5f 61 6e 6f 6e 5f 69 64 3a 74 68 69 73 2e 61 70 6f 6c 6c 6f 41 6e 6f 6e 49 64 2c 65 76 65 6e 74 5f 74 79 70 65 3a 22 70 61 67 65 5f 76 69 73 69 74 22 2c 70 61 67 65 3a 6e 7d 2c 69 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 65 76 65 6e 74 51 75 65 75 65 22 29 29 7c 7c 5b 5d 3b 69 2e 70 75 73 68 28 74 29 2c 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 22 65 76 65 6e 74 51 75 65 75 65 22 Data Ascii: sitEvent(i))})},!0)})},sendPageVisitEvent:function(n){return u(this,null,function*(){const t={apollo_anon_id:this.apolloAnonId,event_type:"page_visit",page:n},i=JSON.parse(localStorage.getItem("eventQueue"))\|\|[];i.push(t),localStorage.setItem("eventQueue"
2024-09-25 00:57:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-09-25 00:57:03 UTC	801	OUT	GET /favicon.ico HTTP/1.1 Host: assets.apollo.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=izYkMC2lIeTSenWEJOBQ3Qdi.oYdwgdIAVkjwlL0K30-1727225822-1.0.1.1-5shB4MBpwSKoxuxL.kkTN2t7jILfYrJpbcLuBcB8Fdrve8muq_pZ9J81Miv7AyT9TB6R54qJ8EXMyrfQ9UAjuA
2024-09-25 00:57:03 UTC	467	IN	HTTP/1.1 404 Not Found Date: Wed, 25 Sep 2024 00:57:03 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 127 Connection: close Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * X-GUploader-UploadID: AD-8ljtEoLGfbgWNTX6sAzzl3CTkiwcwJmAXjoJnZdPXGUHpztK5Ty992aY9bd83vpXVc74wdc0 Expires: Wed, 25 Sep 2024 01:27:03 GMT Cache-Control: public, max-age=1800 CF-Cache-Status: EXPIRED Server: cloudflare CF-RAY: 8c870ed2792a17a9-EWR
2024-09-25 00:57:03 UTC	127	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message></Error>

Target ID:	0
Start time:	20:56:50
Start date:	24/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	4
Start time:	20:56:56
Start date:	24/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1952,i,7816310681642784807,11229644510182849391,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	10
Start time:	20:57:00
Start date:	24/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache="
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6908, Parent PID: 3636

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Windows Analysis Report
https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre