![]() Uses a known web browser user agent for HTTP communication JA3 SSL client fingerprint seen in connection with other malware ![]() HTTP traffic detected: GET /freeu pdater/def initions/d efinitions. Source: C:\Users\u ser\AppDat a\Roaming\ PatchMyPC\ gacutil.ex eĬode function: 8_2_012B71 A2 _EH_pr olog3_GS,F indFirstFi leW,GetFil eAttribute sW,FindNex tFileW,Fin dClose,Get FileAttrib utesW,Load LibraryExW , Key opened: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\CLSI D\ \TreatAsĬontains functionality to enumerate / list files inside a directory Source: C:\Users\u ser\Deskto p\PatchMyP C.exe Standard Non-Application Layer Protocol 3Įxfiltration Over Command and Control ChannelĬreates COM task schedule object (often to register a task for autostart) Deobfuscate/Decode Files or Information 1
0 Comments
Leave a Reply. |