![]() HTTP traffic detected: GET /freeu pdater/upd ates/patch mypc/Patch MyPCUpdate r.exe HTTP /1.1User-A gent: Mozi lla/5.0 (W indows NT 10.0 Win6 4 圆4) Ap pleWebKit/ 537.36 (KH TML, like Gecko) Chr ome/64.0.3 282.140 Sa fari/537.3 6Host: pat Uses a known web browser user agent for HTTP communication JA3 SSL client fingerprint seen in connection with other malware HTTP traffic detected: GET /freeu pdater/def initions/d efinitions. Source: C:\Users\u ser\AppDat a\Roaming\ PatchMyPC\ gacutil.ex eĬode function: 8_2_012B71 A2 _EH_pr olog3_GS,F indFirstFi leW,GetFil eAttribute sW,FindNex tFileW,Fin dClose,Get FileAttrib utesW,Load LibraryExW , Key opened: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\CLSI D\ \TreatAsĬontains functionality to enumerate / list files inside a directory Source: C:\Users\u ser\Deskto p\PatchMyP C.exe ![]() Standard Non-Application Layer Protocol 3Įxfiltration Over Command and Control ChannelĬreates COM task schedule object (often to register a task for autostart) ![]() Deobfuscate/Decode Files or Information 1 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |