analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Ableton live 11.rar

Full analysis: https://app.any.run/tasks/2e52b295-5b50-4a38-88f6-ece42ff84543
Verdict: Malicious activity
Threats:

Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links.

Analysis date: March 31, 2023, 22:40:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
rat
redline
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

30F18867E9A1C69C099F7590337BD4F7

SHA1:

260AED49A6C8F052C48C69CD3F6BC3C6B08BFA96

SHA256:

8DC37A2458CF8504A9021E1B76B8894B5AED28CCE7517E80BAEB56E7BA42BCE2

SSDEEP:

196608:N2emSW7JNmUEJs9LWqh1Or75mEAlNzgHpUmNdykow5wbsb:N2sW73wspWqOr7QT01w65h

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Engine.exe (PID: 3712)
      • jsc.exe (PID: 3756)
    • REDLINE was detected

      • jsc.exe (PID: 3756)
    • REDLINE detected by memory dumps

      • jsc.exe (PID: 3756)
    • Connects to the CnC server

      • jsc.exe (PID: 3756)
    • Steals credentials from Web Browsers

      • jsc.exe (PID: 3756)
    • Actions looks like stealing of personal data

      • jsc.exe (PID: 3756)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • installer.exe (PID: 3372)
      • Possess.exe.pif (PID: 1656)
    • Starts CMD.EXE for commands execution

      • Engine.exe (PID: 3712)
      • cmd.exe (PID: 3868)
    • Application launched itself

      • cmd.exe (PID: 3868)
    • Get information on the list of running processes

      • cmd.exe (PID: 2328)
    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 2328)
    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 2328)
    • Starts application with an unusual extension

      • cmd.exe (PID: 2328)
    • Runs PING.EXE to delay simulation

      • cmd.exe (PID: 2328)
    • Reads the Windows owner or organization settings

      • Engine.exe (PID: 3712)
    • Searches for installed software

      • jsc.exe (PID: 3756)
    • Reads browser cookies

      • jsc.exe (PID: 3756)
  • INFO

    • Checks supported languages

      • installer.exe (PID: 3372)
      • Engine.exe (PID: 3712)
      • Possess.exe.pif (PID: 1656)
      • jsc.exe (PID: 3756)
      • wmpnscfg.exe (PID: 2488)
    • Create files in a temporary directory

      • installer.exe (PID: 3372)
      • powershell.exe (PID: 624)
      • cmd.exe (PID: 2328)
      • powershell.exe (PID: 2880)
      • Possess.exe.pif (PID: 1656)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2712)
    • Reads the computer name

      • Engine.exe (PID: 3712)
      • Possess.exe.pif (PID: 1656)
      • jsc.exe (PID: 3756)
      • wmpnscfg.exe (PID: 2488)
    • The process checks LSA protection

      • powershell.exe (PID: 2880)
      • powershell.exe (PID: 624)
      • jsc.exe (PID: 3756)
      • wmpnscfg.exe (PID: 2488)
    • Reads security settings of Internet Explorer

      • powershell.exe (PID: 2880)
      • powershell.exe (PID: 624)
    • Reads mouse settings

      • Possess.exe.pif (PID: 1656)
    • Reads the machine GUID from the registry

      • jsc.exe (PID: 3756)
      • wmpnscfg.exe (PID: 2488)
    • Manual execution by a user

      • wmpnscfg.exe (PID: 2488)
    • Reads product name

      • jsc.exe (PID: 3756)
    • Reads Environment values

      • jsc.exe (PID: 3756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

RedLine

(PID) Process(3756) jsc.exe
US (153)
LEnvironmentogiEnvironmentn DatEnvironmenta
Environment
WSystem.Texteb DatSystem.Texta
System.Text
CoCryptographyokieCryptographys
Cryptography
ExtGenericension CooGenerickies
Generic
OFileInfopeFileInfora GFileInfoX StabFileInfole
FileInfo
OpLinqera GLinqX
Linq
ApGenericpDaGenericta\RGenericoamiGenericng\
Network
Extension
UNKNOWN
cFileStreamredFileStreamit_cFileStreamardFileStreams
FileStream
\
Host
Port
:
User
Pass
cookies.sqlite
GetDirectories
Entity12
EnumerateDirectories
String.Replace
String.Remove
bcrFileStream.IOypt.dFileStream.IOll
FileStream.IO
BCrstring.EmptyyptOpestring.EmptynAlgorithmProvistring.Emptyder
string.Empty
BCruintyptCloseAlgorituinthmProvuintider
uint
BCrUnmanagedTypeyptDecrUnmanagedTypeypt
UnmanagedType
BCrhKeyyptDeshKeytroyKhKeyey
hKey
BCpszPropertyryptGepszPropertytPropepszPropertyrty
pszProperty
BCEncodingryptSEncodingetPrEncodingoperEncodingty
Encoding
BCrbMasterKeyyptImbMasterKeyportKbMasterKeyey
bMasterKey
windows-1251
AES
Microsoft Primitive Provider
ChainingModeGCM
AuthTagLength
ChainingMode
ObjectLength
KeyDataBlob
-
{0}
net.tcp://
/
localhost
ed8e10f66ddbd565f24efb9e98faa630
Authorization
ns1
HygiAygYPGMgBTMdPhMZWCAcKAU2FCVc
ASs1AAYcLyQ1OEJY
Plovery
Yandex\YaAddon
asf
*wallet*
ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtu...
_
T
e
l
gr
am
.
ex
\TeEnvironmentlegraEnvironmentm DEnvironmentesktoEnvironmentp\tdEnvironmentata
1
string.Replace
%USERPFile.WriteROFILE%\AppFile.WriteData\RoamiFile.Writeng
File.Write
Handler
npvo*
%USERPserviceInterface.ExtensionROFILE%\ApserviceInterface.ExtensionpData\LocaserviceInterface.Extensionl
serviceInterface.Extension
ProldCharotonVoldCharPN
oldChar
nSystem.CollectionspvoSystem.Collections*
System.Collections
(
UNIQUE
"
Armenia
Azerbaijan
Belarus
Kazakhstan
Kyrgyzstan
Moldova
Tajikistan
Uzbekistan
Ukraine
Russia
|
https://api.ip.sb/ip
SELSystem.Windows.FormsECT * FRSystem.Windows.FormsOM WinSystem.Windows.Forms32_ProcSystem.Windows.Formsessor
System.Windows.Forms
roSystem.Linqot\CISystem.LinqMV2
System.Linq
SELSystem.LinqECT * FRSystem.LinqOM WinSystem.Linq32_VideoCoSystem.Linqntroller
AdapterRAM
Name
SOFTWARE\WOW6432Node\Clients\StartMenuInternet
SOFTWARE\Clients\StartMenuInternet
shell\open\command
Unknown Version
SELESystem.ManagementCT * FRSystem.ManagementOM WiSystem.Managementn32_DisSystem.ManagementkDrivSystem.Managemente
System.Management
SerialNumber
SELSystem.Text.RegularExpressionsECT * FRSystem.Text.RegularExpressionsOM Win32_PSystem.Text.RegularExpressionsrocess WSystem.Text.RegularExpressionshere SessSystem.Text.RegularExpressionsionId='
System.Text.RegularExpressions
'
FileSystem
SSystem.ELECT * FRSystem.OM WiSystem.n32_ProcSystem.ess WherSystem.e SessiSystem.onId='
System.
ExecutablePath
[
]
Concat0 MConcatb oConcatr Concat0
Concat
SELEMemoryCT * FMemoryROM WiMemoryn32_OperMemoryatingSMemoryystem
Memory
{0}{1}{2}
x32
x64
x86
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
CSDVersion
Unknown
_[
Network\
String
Replace
80
81
0.0.0.0
Auth_valueed8e10f66ddbd565f24efb9e98faa630
Err_msg
Botnet@foruman
C2 (1)83.217.11.28:30827
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
12
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start winrar.exe installer.exe engine.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe no specs powershell.exe no specs findstr.exe no specs possess.exe.pif ping.exe no specs #REDLINE jsc.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2712"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ableton live 11.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
3372"C:\Users\admin\AppData\Local\Temp\Rar$EXb2712.39677\Ableton live 11\installer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb2712.39677\Ableton live 11\installer.exe
WinRAR.exe
User:
admin
Company:
Cod Forwarding Macro Hof.
Integrity Level:
MEDIUM
Description:
Learn
Exit code:
0
Version:
2.3.9.8
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb2712.39677\ableton live 11\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
3712C:\Users\admin\AppData\Local\Temp\SETUP_18999\Engine.exe /TH_ID=_3532 /OriginExe="C:\Users\admin\AppData\Local\Temp\Rar$EXb2712.39677\Ableton live 11\installer.exe"C:\Users\admin\AppData\Local\Temp\SETUP_18999\Engine.exeinstaller.exe
User:
admin
Company:
Pantaray Research Ltd.
Integrity Level:
MEDIUM
Description:
Setup/UnInstall Engine
Exit code:
0
Version:
9.1.0.6
Modules
Images
c:\users\admin\appdata\local\temp\setup_18999\engine.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cabinet.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
3868C:\Windows\system32\cMD.exe /c cmd < SuccessfulC:\Windows\System32\cmd.exeEngine.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2328cmd C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
624powershell get-process avastui C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2880powershell get-process avgui C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
3164findstr /V /R "^smithadministrationgroupsviolencechroniclef7f81a39-5f63-5b42-9efd-1f13b5431005quot; Slide C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
165628048\\Possess.exe.pif 28048\\t C:\Users\admin\AppData\Local\Temp\gdrwvx05.h4n\28048\Possess.exe.pif
cmd.exe
User:
admin
Company:
AutoIt Team
Integrity Level:
MEDIUM
Description:
AutoIt v3 Script
Exit code:
0
Version:
3, 3, 16, 1
Modules
Images
c:\users\admin\appdata\local\temp\gdrwvx05.h4n\28048\possess.exe.pif
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
3148ping localhost -n 8C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
Total events
8 630
Read events
8 590
Write events
34
Delete events
6

Modification events

(PID) Process:(2712) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2712) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
10
Suspicious files
46
Text files
22
Unknown types
2

Dropped files

PID
Process
Filename
Type
2712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2712.39677\Ableton live 11\config\resources.pak
MD5:
SHA256:
2712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2712.39677\Ableton live 11\installer.exe
MD5:
SHA256:
3372installer.exeC:\Users\admin\AppData\Local\Temp\SETUP_18999\Cameron.qspini
MD5:B819B6263CCBAE3B61DE7AB091B5543E
SHA256:5BC3ED72A93168302CC1CCDD561246DDC5683777DCBD7148B807316AAAFD056F
3372installer.exeC:\Users\admin\AppData\Local\Temp\SETUP_18999\Setup.txttext
MD5:7E2753C58378C7E65C8AF4F273EF6F12
SHA256:D404E865791284ADD1B396E378F59D4952F0E2D85A2371F57D7BD3DE64230BF4
2712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2712.39677\Ableton live 11\Colorful.Menu.dllexecutable
MD5:319226C18DBC02D2AC4C0DD9DC116D53
SHA256:EB9B84A3DF6AE51759544BA04224A4F91454B8A81D54B37C846A4216BC72C15E
3372installer.exeC:\Users\admin\AppData\Local\Temp\SETUP_18999\Engine.exeexecutable
MD5:EC05B805147933735AC6C7C1EBC67F74
SHA256:A722660D754563C8157C41A050C447F30BCFF87E64836A3D72C3DAABDB92797E
3372installer.exeC:\Users\admin\AppData\Local\Temp\SETUP_18999\00003#Miabinary
MD5:F972EDF0122352A88D362CC3CF7D6270
SHA256:BD54FF52D73149DE9A0959D492927AE4DA6463CD96EF3D36183C25D488797969
3372installer.exeC:\Users\admin\AppData\Local\Temp\SETUP_18999\00004#Movebinary
MD5:FCAD0D494EC6A87597C2D5E7ABB33B6C
SHA256:93E91EC3785683FC1AD67E23D2A51963D5AAB168B7F6B003AD95A300FD93D77B
2712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2712.39677\Ableton live 11\README.txttext
MD5:7B12BCBF007A3A2CB6F0A2EFB3AB2DB2
SHA256:E6FBB94332095995B6C7DB57AD0DAF81305BD3B9E9ABC7F64121BE85A6D9CB75
3372installer.exeC:\Users\admin\AppData\Local\Temp\SETUP_18999\00001#Helpingbinary
MD5:B8BFD29EC06CC0C304F12B09FD9C4288
SHA256:D42AAB41630848881F83C05CDE64921AAF5871CDA4AB14A930F9A35F5D605831
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
83.217.11.28:30827
Okay-Telecom Ltd.
RU
malicious

DNS requests

Domain
IP
Reputation
FBpYoIGZrSsNrRJ.FBpYoIGZrSsNrRJ
unknown

Threats

PID
Process
Class
Message
3756
jsc.exe
A Network Trojan was detected
ET MALWARE RedLine Stealer TCP CnC net.tcp Init
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC Activity
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC - Id1Response
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC Activity
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC Activity
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC Activity
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC Activity
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC Activity
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC Activity
3756
jsc.exe
A Network Trojan was detected
ET MALWARE Redline Stealer TCP CnC Activity
No debug info