NET C LR 3.5.307 29)Host: p atchmypc.n etConnecti on: Keep-A live 0.3&OS=Win 10&SILENT= 0Accept-La nguage: en -USUA-CPU: AMD64Acce pt-Encodin g: gzip, d eflateUser -Agent: Mo zilla/4.0 (compatibl e MSIE 7. HTTP traffic detected: GET /redir ected.htm? source=app HTTP/1.1A ccept: ima ge/gif, im age/jpeg, image/pjpe g, applica tion/x-ms- applicatio n, applica tion/xaml+ xml, appli cation/x-m s-xbap, */ *Referer: /redirect. 30729)Hos t: patchmy pc.comConn ection: Ke ep-Alive
HTTP traffic detected: GET /redir ect.htm?V= 4.1.0.3&OS =Win10&SIL ENT=0 HTTP /1.1Accept : */*Accep t-Language : en-USUA- CPU: AMD64 Accept-Enc oding: gzi p, deflate User-Agent : Mozilla/ 4.0 (compa tible MSI E 7.0 Win dows NT 6. HTTP traffic detected: GET /freeu pdater/upd ates/patch mypc/Patch MyPCUpdate r.exe HTTP /1.1User-A gent: Mozi lla/5.0 (W indows NT 10.0 Win6 4 圆4) Ap pleWebKit/ 537.36 (KH TML, like Gecko) Chr ome/64.0.3 282.140 Sa fari/537.3 6Host: pat Uses a known web browser user agent for HTTP communication JA3 SSL client fingerprint seen in connection with other malware HTTP traffic detected: GET /freeu pdater/def initions/d efinitions. Source: C:\Users\u ser\AppDat a\Roaming\ PatchMyPC\ gacutil.ex eĬode function: 8_2_012B71 A2 _EH_pr olog3_GS,F indFirstFi leW,GetFil eAttribute sW,FindNex tFileW,Fin dClose,Get FileAttrib utesW,Load LibraryExW , Key opened: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\CLSI D\ \TreatAsĬontains functionality to enumerate / list files inside a directory Source: C:\Users\u ser\Deskto p\PatchMyP C.exe Standard Non-Application Layer Protocol 3Įxfiltration Over Command and Control ChannelĬreates COM task schedule object (often to register a task for autostart) Deobfuscate/Decode Files or Information 1
0 kommentar(er)
