chip-secur ed-downloa d.deConnec tion: Keep -Alive HTTP traffic detected: GET /gfx/p agead/AVAS T/avast-bu ttons-v1-f eb18.gif H TTP/1.1Use r-Agent: M ozilla/5.0 (Windows NT 6.1 WO W64 rv:23. HTTP traffic detected: GET /dotne t/com HTTP /1.1User-A gent: Mozi lla/5.0 (W indows NT 6.1 WOW64 rv:23.0 DSde) Gec ko/2010010 1 Firefox/ 23.0Host: api2.chip- secured-do
0Host: ap i2.chip-se cured-down Con nection: K eep-Alive 1User-Age nt: Mozill a/5.0 (Win dows NT 6. Uses a known web browser user agent for HTTP communication
JA3 SSL client fingerprint seen in connection with other malware IP address seen in connection with other malware Source: C:\Users\u ser\AppDat a\Local\Te mp\DMR\dmr _72.exeįile opened: C:\Users\u ser\AppDat a\Local\Mi crosoft\Wi ndowsįile opened: C:\Users\u ser\AppDat a\Localįile opened: C:\Users\u ser\AppDat a\Local\Mi crosoftįile opened: C:\Users\u ser\AppDat a\Local\Mi crosoft\Wi ndows\Hist ory\deskto p.ini Source: C:\Users\u ser\Deskto p\CCleaner - CHIP-In staller.ex eĬode function: 0_2_01096C A9 GetFile Attributes W,FindFirs tFileW,Fin dClose,
Standard Non-Application Layer Protocol 2Įxfiltration Over Command and Control ChannelĬontains functionality to enumerate / list files inside a directory Remotely Track Device Without Authorization Eavesdrop on Insecure Network Communication
0 kommentar(er)
