NET CL R 9)Host: im g.tourtoda ylaborator y.comConne ction: Kee p-Alive HTTP traffic detected: GET /img/B erabarew/l ogo.png HT TP/1.1Acce pt: */*Acc ept-Langua ge: en-USA ccept-Enco ding: gzip, deflateU ser-Agent: Mozilla/4. 0 (compati ble MSIE 7.0 Windo ws NT 10.0 WOW64 T rident/7.0. HTTP traffic detected: GET /img/B erabarew/m essage_emp ty.png HTT P/1.1Accep t: */*Acce pt-Languag e: en-USAc cept-Encod ing: gzip, deflateUs er-Agent: Mozilla/4. 5.30729)Ho st: img.to urtodaylab mConnectio n: Keep-Al ive 1Accept: */*Accept- Language: en-USAccep t-Encoding : gzip, de flateUser- Agent: Moz illa/4.0 ( compatible MSIE 7.0 Windows NT 10.0 W OW64 Trid ent/7.0. HTTP traffic detected: GET /img/R owabobeso/ bg_fus_TB. NET CLR 3.5.3 0729)Host: img.tourt odaylabora Co nnection: Keep-Alive HTTP traffic detected: GET /img/B erabarew/C ustom_TL%2 0bg_d1.png HTTP/1.1A ccept: */* Accept-Lan guage: en- USAccept-E ncoding: g zip, defla teUser-Age nt: Mozill a/4.0 (com patible M SIE 7.0 W indows NT 10.0 WOW6 4 Trident /7.0. 0 (Windows NT 10.0 WOW64 Tri dent/7.0 rv:11.0) l ike GeckoC ontent-Len gth: 1120C ache-Contr ol: no-cac he HTTP traffic detected: POST / HTT P/1.1Accep t: */*Host : rp.tourt odaylabora Us er-Agent: Mozilla/5. comUser-A gent: Mozi lla/5.0 (W indows NT 10.0 WOW6 4 Trident /7.0 rv:1 1.0) like GeckoConte nt-Length: 2480Cache -Control: no-cache HTTP traffic detected: POST /Fusi onFileZill a/ HTTP/1. 0 (Windows NT 10.0 WOW64 Tri dent/7.0 rv:11.0) l ike GeckoC ontent-Len gth: 1392C ache-Contr ol: no-cac he Uses a known web browser user agent for HTTP communication JA3 SSL client fingerprint seen in connection with other malware IP address seen in connection with other malware
Standard Non-Application Layer Protocol 4 Stop behavior analysis, all processes terminated.
Found application associated with file extension.Number of analysed new started processes analysed:
0 kommentar(er)
