| File name: | Ableton live 11.rar |
| Full analysis: | https://app.any.run/tasks/103ece8c-085a-4915-b24b-b19c1fea7f89 |
| Verdict: | Malicious activity |
| Threats: | Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links. |
| Analysis date: | April 01, 2023, 12:30:40 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-rar |
| File info: | RAR archive data, v5 |
| MD5: | 30F18867E9A1C69C099F7590337BD4F7 |
| SHA1: | 260AED49A6C8F052C48C69CD3F6BC3C6B08BFA96 |
| SHA256: | 8DC37A2458CF8504A9021E1B76B8894B5AED28CCE7517E80BAEB56E7BA42BCE2 |
| SSDEEP: | 196608:N2emSW7JNmUEJs9LWqh1Or75mEAlNzgHpUmNdykow5wbsb:N2sW73wspWqOr7QT01w65h |
MALICIOUS
Application was dropped or rewritten from another process
- Engine.exe (PID: 3836)
- jsc.exe (PID: 2840)
REDLINE was detected
- jsc.exe (PID: 2840)
Connects to the CnC server
- jsc.exe (PID: 2840)
Steals credentials from Web Browsers
- jsc.exe (PID: 2840)
REDLINE detected by memory dumps
- jsc.exe (PID: 2840)
Actions looks like stealing of personal data
- jsc.exe (PID: 2840)
SUSPICIOUS
Executable content was dropped or overwritten
- installer.exe (PID: 3896)
- Possess.exe.pif (PID: 2992)
Application launched itself
- cmd.exe (PID: 1620)
Starts application with an unusual extension
- cmd.exe (PID: 116)
Runs PING.EXE to delay simulation
- cmd.exe (PID: 116)
Starts CMD.EXE for commands execution
- Engine.exe (PID: 3836)
- cmd.exe (PID: 1620)
Starts POWERSHELL.EXE for commands execution
- cmd.exe (PID: 116)
Get information on the list of running processes
- cmd.exe (PID: 116)
Using 'findstr.exe' to search for text patterns in files and output
- cmd.exe (PID: 116)
Connects to unusual port
- jsc.exe (PID: 2840)
Reads the Windows owner or organization settings
- Engine.exe (PID: 3836)
Reads browser cookies
- jsc.exe (PID: 2840)
Searches for installed software
- jsc.exe (PID: 2840)
INFO
Checks supported languages
- installer.exe (PID: 3896)
- Engine.exe (PID: 3836)
- Possess.exe.pif (PID: 2992)
- jsc.exe (PID: 2840)
- wmpnscfg.exe (PID: 3320)
Reads the computer name
- Engine.exe (PID: 3836)
- jsc.exe (PID: 2840)
- wmpnscfg.exe (PID: 3320)
- Possess.exe.pif (PID: 2992)
Executable content was dropped or overwritten
- WinRAR.exe (PID: 2644)
Create files in a temporary directory
- installer.exe (PID: 3896)
- cmd.exe (PID: 116)
- powershell.exe (PID: 2820)
- powershell.exe (PID: 2452)
- Possess.exe.pif (PID: 2992)
Reads mouse settings
- Possess.exe.pif (PID: 2992)
The process checks LSA protection
- powershell.exe (PID: 2820)
- powershell.exe (PID: 2452)
- jsc.exe (PID: 2840)
- wmpnscfg.exe (PID: 3320)
Reads security settings of Internet Explorer
- powershell.exe (PID: 2820)
- powershell.exe (PID: 2452)
Reads the machine GUID from the registry
- jsc.exe (PID: 2840)
- wmpnscfg.exe (PID: 3320)
Manual execution by a user
- wmpnscfg.exe (PID: 3320)
Reads Environment values
- jsc.exe (PID: 2840)
Reads product name
- jsc.exe (PID: 2840)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
RedLine
(PID) Process(2840) jsc.exe
C2 (1)83.217.11.28:30827
Botnet@foruman
Err_msg
Auth_valueed8e10f66ddbd565f24efb9e98faa630
US (153)
LEnvironmentogiEnvironmentn DatEnvironmenta
Environment
WSystem.Texteb DatSystem.Texta
System.Text
CoCryptographyokieCryptographys
Cryptography
ExtGenericension CooGenerickies
Generic
OFileInfopeFileInfora GFileInfoX StabFileInfole
FileInfo
OpLinqera GLinqX
Linq
ApGenericpDaGenericta\RGenericoamiGenericng\
Network
Extension
UNKNOWN
cFileStreamredFileStreamit_cFileStreamardFileStreams
FileStream
\
Host
Port
:
User
Pass
cookies.sqlite
GetDirectories
Entity12
EnumerateDirectories
String.Replace
String.Remove
bcrFileStream.IOypt.dFileStream.IOll
FileStream.IO
BCrstring.EmptyyptOpestring.EmptynAlgorithmProvistring.Emptyder
string.Empty
BCruintyptCloseAlgorituinthmProvuintider
uint
BCrUnmanagedTypeyptDecrUnmanagedTypeypt
UnmanagedType
BCrhKeyyptDeshKeytroyKhKeyey
hKey
BCpszPropertyryptGepszPropertytPropepszPropertyrty
pszProperty
BCEncodingryptSEncodingetPrEncodingoperEncodingty
Encoding
BCrbMasterKeyyptImbMasterKeyportKbMasterKeyey
bMasterKey
windows-1251
AES
Microsoft Primitive Provider
ChainingModeGCM
AuthTagLength
ChainingMode
ObjectLength
KeyDataBlob
-
{0}
net.tcp://
/
localhost
ed8e10f66ddbd565f24efb9e98faa630
Authorization
ns1
HygiAygYPGMgBTMdPhMZWCAcKAU2FCVc
ASs1AAYcLyQ1OEJY
Plovery
Yandex\YaAddon
asf
*wallet*
ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtu...
_
T
e
l
gr
am
.
ex
\TeEnvironmentlegraEnvironmentm DEnvironmentesktoEnvironmentp\tdEnvironmentata
1
string.Replace
%USERPFile.WriteROFILE%\AppFile.WriteData\RoamiFile.Writeng
File.Write
Handler
npvo*
%USERPserviceInterface.ExtensionROFILE%\ApserviceInterface.ExtensionpData\LocaserviceInterface.Extensionl
serviceInterface.Extension
ProldCharotonVoldCharPN
oldChar
nSystem.CollectionspvoSystem.Collections*
System.Collections
(
UNIQUE
"
Armenia
Azerbaijan
Belarus
Kazakhstan
Kyrgyzstan
Moldova
Tajikistan
Uzbekistan
Ukraine
Russia
|
https://api.ip.sb/ip
SELSystem.Windows.FormsECT * FRSystem.Windows.FormsOM WinSystem.Windows.Forms32_ProcSystem.Windows.Formsessor
System.Windows.Forms
roSystem.Linqot\CISystem.LinqMV2
System.Linq
SELSystem.LinqECT * FRSystem.LinqOM WinSystem.Linq32_VideoCoSystem.Linqntroller
AdapterRAM
Name
SOFTWARE\WOW6432Node\Clients\StartMenuInternet
SOFTWARE\Clients\StartMenuInternet
shell\open\command
Unknown Version
SELESystem.ManagementCT * FRSystem.ManagementOM WiSystem.Managementn32_DisSystem.ManagementkDrivSystem.Managemente
System.Management
SerialNumber
SELSystem.Text.RegularExpressionsECT * FRSystem.Text.RegularExpressionsOM Win32_PSystem.Text.RegularExpressionsrocess WSystem.Text.RegularExpressionshere SessSystem.Text.RegularExpressionsionId='
System.Text.RegularExpressions
'
FileSystem
SSystem.ELECT * FRSystem.OM WiSystem.n32_ProcSystem.ess WherSystem.e SessiSystem.onId='
System.
ExecutablePath
[
]
Concat0 MConcatb oConcatr Concat0
Concat
SELEMemoryCT * FMemoryROM WiMemoryn32_OperMemoryatingSMemoryystem
Memory
{0}{1}{2}
x32
x64
x86
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
CSDVersion
Unknown
_[
Network\
String
Replace
80
81
0.0.0.0
TRiD
| .rar | | | RAR compressed archive (v5.0) (61.5) |
|---|---|---|
| .rar | | | RAR compressed archive (gen) (38.4) |
Total processes
57
Monitored processes
12
Malicious processes
7
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 116 | cmd | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 1620 | C:\Windows\system32\cMD.exe /c cmd < Successful | C:\Windows\System32\cmd.exe | — | Engine.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 2452 | powershell get-process avgui | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 1 Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) Modules
| |||||||||||||||
| 2644 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ableton live 11.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
| 2820 | powershell get-process avastui | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 1 Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) Modules
| |||||||||||||||
| 2840 | C:\Users\admin\AppData\Local\Temp\gdrwvx05.h4n\27066\jsc.exe live 11\installer.exe" | C:\Users\admin\AppData\Local\Temp\gdrwvx05.h4n\27066\jsc.exe | Possess.exe.pif | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: jsc.exe Exit code: 0 Version: 12.0.51209.34209 built by: FX452RTMGDR Modules
RedLine(PID) Process(2840) jsc.exe C2 (1)83.217.11.28:30827 Botnet@foruman Err_msg Auth_valueed8e10f66ddbd565f24efb9e98faa630 US (153) LEnvironmentogiEnvironmentn DatEnvironmenta Environment WSystem.Texteb DatSystem.Texta System.Text CoCryptographyokieCryptographys Cryptography ExtGenericension CooGenerickies Generic OFileInfopeFileInfora GFileInfoX StabFileInfole FileInfo OpLinqera GLinqX Linq ApGenericpDaGenericta\RGenericoamiGenericng\ Network Extension UNKNOWN cFileStreamredFileStreamit_cFileStreamardFileStreams FileStream \ Host Port : User Pass cookies.sqlite GetDirectories Entity12 EnumerateDirectories String.Replace String.Remove bcrFileStream.IOypt.dFileStream.IOll FileStream.IO BCrstring.EmptyyptOpestring.EmptynAlgorithmProvistring.Emptyder string.Empty BCruintyptCloseAlgorituinthmProvuintider uint BCrUnmanagedTypeyptDecrUnmanagedTypeypt UnmanagedType BCrhKeyyptDeshKeytroyKhKeyey hKey BCpszPropertyryptGepszPropertytPropepszPropertyrty pszProperty BCEncodingryptSEncodingetPrEncodingoperEncodingty Encoding BCrbMasterKeyyptImbMasterKeyportKbMasterKeyey bMasterKey windows-1251 AES Microsoft Primitive Provider ChainingModeGCM AuthTagLength ChainingMode ObjectLength KeyDataBlob - {0} net.tcp:// / localhost ed8e10f66ddbd565f24efb9e98faa630 Authorization ns1 HygiAygYPGMgBTMdPhMZWCAcKAU2FCVc ASs1AAYcLyQ1OEJY Plovery Yandex\YaAddon asf *wallet* ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtu... _ T e l gr am . ex \TeEnvironmentlegraEnvironmentm DEnvironmentesktoEnvironmentp\tdEnvironmentata 1 string.Replace %USERPFile.WriteROFILE%\AppFile.WriteData\RoamiFile.Writeng File.Write Handler npvo* %USERPserviceInterface.ExtensionROFILE%\ApserviceInterface.ExtensionpData\LocaserviceInterface.Extensionl serviceInterface.Extension ProldCharotonVoldCharPN oldChar nSystem.CollectionspvoSystem.Collections* System.Collections ( UNIQUE " Armenia Azerbaijan Belarus Kazakhstan Kyrgyzstan Moldova Tajikistan Uzbekistan Ukraine Russia | https://api.ip.sb/ip SELSystem.Windows.FormsECT * FRSystem.Windows.FormsOM WinSystem.Windows.Forms32_ProcSystem.Windows.Formsessor System.Windows.Forms roSystem.Linqot\CISystem.LinqMV2 System.Linq SELSystem.LinqECT * FRSystem.LinqOM WinSystem.Linq32_VideoCoSystem.Linqntroller AdapterRAM Name SOFTWARE\WOW6432Node\Clients\StartMenuInternet SOFTWARE\Clients\StartMenuInternet shell\open\command Unknown Version SELESystem.ManagementCT * FRSystem.ManagementOM WiSystem.Managementn32_DisSystem.ManagementkDrivSystem.Managemente System.Management SerialNumber SELSystem.Text.RegularExpressionsECT * FRSystem.Text.RegularExpressionsOM Win32_PSystem.Text.RegularExpressionsrocess WSystem.Text.RegularExpressionshere SessSystem.Text.RegularExpressionsionId=' System.Text.RegularExpressions ' FileSystem SSystem.ELECT * FRSystem.OM WiSystem.n32_ProcSystem.ess WherSystem.e SessiSystem.onId=' System. ExecutablePath [ ] Concat0 MConcatb oConcatr Concat0 Concat SELEMemoryCT * FMemoryROM WiMemoryn32_OperMemoryatingSMemoryystem Memory {0}{1}{2} x32 x64 x86 SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductName CSDVersion Unknown _[ Network\ String Replace 80 81 0.0.0.0 | |||||||||||||||
| 2936 | ping localhost -n 8 | C:\Windows\System32\PING.EXE | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 2992 | 27066\\Possess.exe.pif 27066\\t | C:\Users\admin\AppData\Local\Temp\gdrwvx05.h4n\27066\Possess.exe.pif | cmd.exe | ||||||||||||
User: admin Company: AutoIt Team Integrity Level: MEDIUM Description: AutoIt v3 Script Exit code: 0 Version: 3, 3, 16, 1 Modules
| |||||||||||||||
| 3320 | "C:\Program Files\Windows Media Player\wmpnscfg.exe" | C:\Program Files\Windows Media Player\wmpnscfg.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Network Sharing Service Configuration Application Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 3340 | findstr /V /R "^smithadministrationgroupsviolencechroniclef7f81a39-5f63-5b42-9efd-1f13b5431005quot; Slide | C:\Windows\System32\findstr.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
8 662
Read events
8 622
Write events
34
Delete events
6
Modification events
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
| (PID) Process: | (2644) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | IntranetName |
Value: 1 | |||
Executable files
10
Suspicious files
46
Text files
22
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2644 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2644.26747\Ableton live 11\config\resources.pak | — | |
MD5:— | SHA256:— | |||
| 2644 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2644.26747\Ableton live 11\installer.exe | — | |
MD5:— | SHA256:— | |||
| 3896 | installer.exe | C:\Users\admin\AppData\Local\Temp\SETUP_18999\Cameron.qsp | ini | |
MD5:— | SHA256:— | |||
| 3896 | installer.exe | C:\Users\admin\AppData\Local\Temp\SETUP_18999\Setup.txt | text | |
MD5:— | SHA256:— | |||
| 3896 | installer.exe | C:\Users\admin\AppData\Local\Temp\SETUP_18999\00000#Arizona | binary | |
MD5:— | SHA256:— | |||
| 3896 | installer.exe | C:\Users\admin\AppData\Local\Temp\SETUP_18999\00001#Helping | binary | |
MD5:— | SHA256:— | |||
| 3896 | installer.exe | C:\Users\admin\AppData\Local\Temp\SETUP_18999\00004#Move | binary | |
MD5:— | SHA256:— | |||
| 3896 | installer.exe | C:\Users\admin\AppData\Local\Temp\SETUP_18999\00002#Lots | text | |
MD5:— | SHA256:— | |||
| 2644 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2644.26747\Ableton live 11\Default settings | executable | |
MD5:916D32B899F1BC23B209648D007B99FD | SHA256:72CF291D4BAB0EDD08A9B07C6173E1E7AD1ABB7AB727FD7044BF6305D7515661 | |||
| 2644 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2644.26747\Ableton live 11\README.txt | text | |
MD5:7B12BCBF007A3A2CB6F0A2EFB3AB2DB2 | SHA256:E6FBB94332095995B6C7DB57AD0DAF81305BD3B9E9ABC7F64121BE85A6D9CB75 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
25
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2840 | jsc.exe | 83.217.11.28:30827 | — | Okay-Telecom Ltd. | RU | malicious |
DNS requests
Domain | IP | Reputation |
|---|---|---|
FBpYoIGZrSsNrRJ.FBpYoIGZrSsNrRJ |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE RedLine Stealer TCP CnC net.tcp Init |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC Activity |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC - Id1Response |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC Activity |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC Activity |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC Activity |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC Activity |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC Activity |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC Activity |
2840 | jsc.exe | A Network Trojan was detected | ET MALWARE Redline Stealer TCP CnC Activity |