quasar | 55e326edd8ef12202de73dbc00c036fc01b17e808b3553080279f49946800eb3

Analysis

max time kernel
170s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

teamredminer-v0.3.4-win/start_phi2.bat
Size

927B
MD5

2f5b96aaa09dae557f546301a20f9dfb
SHA1

8c230a96d946d347689b0edb255b24d7182c7cc7
SHA256

5b8b3795c0b2f91f0521de9f26588b0a2dc314e2a74ec73609ff8b8d14dfe6b8
SHA512

b608ffb452e93f621f1c4422a24909ffcf2ab0008377abd4873f13bbb567f4ffd652d2b2dec525c12473b61b54125bc232e4ca545d6bbcfa9c7c4126288ae7cd

Score

10^/10

quasar dendi miner spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

dendi

185.244.217.92:4782

Mutex

QSR_MUTEX_LTcjNqRb6NS57npmpd

Attributes

encryption_key
YaVqqMF3gVTZOI5Xevop
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar Payload 3 IoCs

Processes:

resource	yara_rule
behavioral3/memory/1948-258-0x0000000000400000-0x0000000000836000-memory.dmp	family_quasar
behavioral3/memory/1948-259-0x0000000000400000-0x0000000000836000-memory.dmp	family_quasar
behavioral3/memory/1948-261-0x0000000000400000-0x000000000082C000-memory.dmp	family_quasar

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Detected Stratum cryptominer command
Looks to be attempting to contact Stratum mining pool.
miner
Executes dropped EXE 3 IoCs

Processes:

cmd.exeschtasks.exesvchost.exe

pid process

1560 cmd.exe
1524 schtasks.exe
1948 svchost.exe
Loads dropped DLL 3 IoCs

Processes:

teamredminer.execmd.exe

pid process

1992 teamredminer.exe
1992 teamredminer.exe
1560 cmd.exe

pid	process
1560	cmd.exe
1524	schtasks.exe
1948	svchost.exe

pid	process
1992	teamredminer.exe
1992	teamredminer.exe
1560	cmd.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\modified\@SYSWOW64@\rat.exe	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

svchost.exe

pid process

1948 svchost.exe
1948 svchost.exe
1948 svchost.exe
1948 svchost.exe
1948 svchost.exe
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

Processes:

teamredminer.exe

pid process

1992 teamredminer.exe

pid	process
1948	svchost.exe
1948	svchost.exe
1948	svchost.exe
1948	svchost.exe
1948	svchost.exe

pid	process
1992	teamredminer.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes:

teamredminer.execmd.exeschtasks.exesvchost.exe

description	pid	process
Token: 33	1992	teamredminer.exe
Token: SeIncBasePriorityPrivilege	1992	teamredminer.exe
Token: 33	1560	cmd.exe
Token: SeIncBasePriorityPrivilege	1560	cmd.exe
Token: 33	1524	schtasks.exe
Token: SeIncBasePriorityPrivilege	1524	schtasks.exe
Token: 33	1948	svchost.exe
Token: SeIncBasePriorityPrivilege	1948	svchost.exe
Token: 33	1948	svchost.exe
Token: SeIncBasePriorityPrivilege	1948	svchost.exe
Token: SeDebugPrivilege	1948	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

svchost.exe

pid process

1948 svchost.exe
Suspicious use of UnmapMainImage 4 IoCs

Processes:

teamredminer.execmd.exeschtasks.exesvchost.exe

pid process

1992 teamredminer.exe
1560 cmd.exe
1524 schtasks.exe
1948 svchost.exe

pid	process
1948	svchost.exe

pid	process
1992	teamredminer.exe
1560	cmd.exe
1524	schtasks.exe
1948	svchost.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

cmd.exeteamredminer.execmd.exetaskeng.exe

description	pid	process	target process
PID 1668 wrote to memory of 1992	1668	cmd.exe	teamredminer.exe
PID 1668 wrote to memory of 1992	1668	cmd.exe	teamredminer.exe
PID 1668 wrote to memory of 1992	1668	cmd.exe	teamredminer.exe
PID 1668 wrote to memory of 1992	1668	cmd.exe	teamredminer.exe
PID 1992 wrote to memory of 1560	1992	teamredminer.exe	cmd.exe
PID 1992 wrote to memory of 1560	1992	teamredminer.exe	cmd.exe
PID 1992 wrote to memory of 1560	1992	teamredminer.exe	cmd.exe
PID 1992 wrote to memory of 1560	1992	teamredminer.exe	cmd.exe
PID 1992 wrote to memory of 1560	1992	teamredminer.exe	cmd.exe
PID 1992 wrote to memory of 1560	1992	teamredminer.exe	cmd.exe
PID 1992 wrote to memory of 1560	1992	teamredminer.exe	cmd.exe
PID 1560 wrote to memory of 1524	1560	cmd.exe	schtasks.exe
PID 1560 wrote to memory of 1524	1560	cmd.exe	schtasks.exe
PID 1560 wrote to memory of 1524	1560	cmd.exe	schtasks.exe
PID 1560 wrote to memory of 1524	1560	cmd.exe	schtasks.exe
PID 1560 wrote to memory of 1524	1560	cmd.exe	schtasks.exe
PID 1560 wrote to memory of 1524	1560	cmd.exe	schtasks.exe
PID 1560 wrote to memory of 1524	1560	cmd.exe	schtasks.exe
PID 1292 wrote to memory of 1948	1292	taskeng.exe	svchost.exe
PID 1292 wrote to memory of 1948	1292	taskeng.exe	svchost.exe
PID 1292 wrote to memory of 1948	1292	taskeng.exe	svchost.exe
PID 1292 wrote to memory of 1948	1292	taskeng.exe	svchost.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\teamredminer-v0.3.4-win\start_phi2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\teamredminer-v0.3.4-win\teamredminer.exe
teamredminer.exe -a phi2 -o stratum+tcp://lux.pickaxe.pro:8332 -u LhreQGewLdoGFiqq882Am6i644Qc1h28Wh
2⤵
- Loads dropped DLL
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1992

C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0x9C9723AAC2730F7F\cmd.exe
"C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0x9C9723AAC2730F7F\cmd.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1560

C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0xDE1A80E194AEAC9E\schtasks.exe
"C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0xDE1A80E194AEAC9E\schtasks.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
PID:1524

C:\Windows\system32\taskeng.exe
taskeng.exe {2DE0053D-E149-4B4C-A22F-869CF5B9955A} S-1-5-21-1083475884-596052423-1669053738-1000:WYZSGDWS\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1292

C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of UnmapMainImage
PID:1948

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0x9C9723AAC2730F7F\cmd.exe
Filesize
27KB

MD5
bb1b1f32ac085f55a363a55d8176595a

SHA1
87ef56d60592dfd59fa96d50080e7b3394b8deeb

SHA256
edebee8ac2202cc7f815bfb3aea2680542b21e32683461acb6187eba271f01ed

SHA512
4a9c685841f3dc9893b9fa5924ddca48dcdb6b05a6a64ab13e9e4fca3c55c66fff1df8464ce292aebb640052deec15679ffc39660b8a391404d392f67adf7d10

Download Submit
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0xDE1A80E194AEAC9E\schtasks.exe
Filesize
27KB

MD5
bb1b1f32ac085f55a363a55d8176595a

SHA1
87ef56d60592dfd59fa96d50080e7b3394b8deeb

SHA256
edebee8ac2202cc7f815bfb3aea2680542b21e32683461acb6187eba271f01ed

SHA512
4a9c685841f3dc9893b9fa5924ddca48dcdb6b05a6a64ab13e9e4fca3c55c66fff1df8464ce292aebb640052deec15679ffc39660b8a391404d392f67adf7d10

Download Submit
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0xDE1A80E194AEAC9E\schtasks.exe
Filesize
27KB

MD5
bb1b1f32ac085f55a363a55d8176595a

SHA1
87ef56d60592dfd59fa96d50080e7b3394b8deeb

SHA256
edebee8ac2202cc7f815bfb3aea2680542b21e32683461acb6187eba271f01ed

SHA512
4a9c685841f3dc9893b9fa5924ddca48dcdb6b05a6a64ab13e9e4fca3c55c66fff1df8464ce292aebb640052deec15679ffc39660b8a391404d392f67adf7d10

Download Submit
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0xDE1A80E194AEAC9E\schtasks.exe.manifest
Filesize
885B

MD5
879025f0a2539beda0c48c868f570d59

SHA1
aa4369784a9d1d6579aad5bdfff408bac0026da4

SHA256
a52240fa90711da530b5b896a557eaf50ff02d7ea86bb95799816cc713c8c1e4

SHA512
3378b2b35e248d8daf3fd0b6b0d17f613f02b4b925fc2e3f3b1885c21f0fae2a8bd577127c83abbbd6029d3b8e25d8d407887b9744c790e458ed960fbb7d39b0

Download Submit
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\xsandbox.bin
Filesize
16B

MD5
ec3d19e8e9b05d025cb56c2a98ead8e7

SHA1
748532edeb86496c8efe5e2327501d89ec1f13df

SHA256
edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

SHA512
175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
Filesize
4.2MB

MD5
d0d44a87f90f5794da09941f00aef6bb

SHA1
b683f5707b4c987c533e23c32961ae0b48d9c9b3

SHA256
4aff99a44b112f324fc5fa31d3d918811dda7e0548c50b42e9e4f7fa03000b2f

SHA512
01d85b73dea8b257fba3a711519df51846130528a1edebc5a10f36d9324b85de07a8e1f66367b979fc3cb0b167c959c5764033e85d1b77fe808f69a38805b6e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
Filesize
4.2MB

MD5
d0d44a87f90f5794da09941f00aef6bb

SHA1
b683f5707b4c987c533e23c32961ae0b48d9c9b3

SHA256
4aff99a44b112f324fc5fa31d3d918811dda7e0548c50b42e9e4f7fa03000b2f

SHA512
01d85b73dea8b257fba3a711519df51846130528a1edebc5a10f36d9324b85de07a8e1f66367b979fc3cb0b167c959c5764033e85d1b77fe808f69a38805b6e7

Download Submit
\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\modified\@SYSWOW64@\rat.exe
Filesize
4.9MB

MD5
0d46a5e73dc74ebc14753f25796be25d

SHA1
ce737d3ce162912f5a0d8b13db022595b36b889c

SHA256
1e1635f254c180f6c7205444a14251a8dfb299f872b70bd41c69db711c349c15

SHA512
e00e107d9f194eadaa2d383b634a3a580ba43400909643bcfa5c41e069ff21f8a4f0101c3a311e11485dc4bd132463dfc555dc45fc0917ab8fb9be8e6ec47e33

Download Submit
\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0x9C9723AAC2730F7F\cmd.exe
Filesize
27KB

MD5
bb1b1f32ac085f55a363a55d8176595a

SHA1
87ef56d60592dfd59fa96d50080e7b3394b8deeb

SHA256
edebee8ac2202cc7f815bfb3aea2680542b21e32683461acb6187eba271f01ed

SHA512
4a9c685841f3dc9893b9fa5924ddca48dcdb6b05a6a64ab13e9e4fca3c55c66fff1df8464ce292aebb640052deec15679ffc39660b8a391404d392f67adf7d10

Download Submit
\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\stubexe\0xDE1A80E194AEAC9E\schtasks.exe
Filesize
27KB

MD5
bb1b1f32ac085f55a363a55d8176595a

SHA1
87ef56d60592dfd59fa96d50080e7b3394b8deeb

SHA256
edebee8ac2202cc7f815bfb3aea2680542b21e32683461acb6187eba271f01ed

SHA512
4a9c685841f3dc9893b9fa5924ddca48dcdb6b05a6a64ab13e9e4fca3c55c66fff1df8464ce292aebb640052deec15679ffc39660b8a391404d392f67adf7d10

Download Submit
memory/1524-217-0x0000000074B00000-0x0000000074C10000-memory.dmp

Filesize
1.1MB

Download
memory/1524-178-0x0000000074B00000-0x0000000074C10000-memory.dmp

Filesize
1.1MB

Download
memory/1524-176-0x00000000019A0000-0x0000000001CEA000-memory.dmp

Filesize
3.3MB

Download
memory/1524-171-0x0000000000000000-mapping.dmp

Download
memory/1560-153-0x0000000001830000-0x0000000001B7A000-memory.dmp

Filesize
3.3MB

Download
memory/1560-148-0x0000000000000000-mapping.dmp

Download
memory/1560-170-0x0000000001830000-0x0000000001B7A000-memory.dmp

Filesize
3.3MB

Download
memory/1560-156-0x0000000001830000-0x0000000001B7A000-memory.dmp

Filesize
3.3MB

Download
memory/1560-172-0x0000000074B00000-0x0000000074C10000-memory.dmp

Filesize
1.1MB

Download
memory/1560-155-0x0000000001830000-0x0000000001B7A000-memory.dmp

Filesize
3.3MB

Download
memory/1560-174-0x0000000074B00000-0x0000000074C10000-memory.dmp

Filesize
1.1MB

Download
memory/1560-154-0x0000000001830000-0x0000000001B7A000-memory.dmp

Filesize
3.3MB

Download
memory/1948-226-0x0000000074B00000-0x0000000074C10000-memory.dmp

Filesize
1.1MB

Download
memory/1948-258-0x0000000000400000-0x0000000000836000-memory.dmp

Filesize
4.2MB

Download
memory/1948-257-0x0000000000400000-0x0000000000836000-memory.dmp

Filesize
4.2MB

Download
memory/1948-221-0x0000000000000000-mapping.dmp

Download
memory/1948-259-0x0000000000400000-0x0000000000836000-memory.dmp

Filesize
4.2MB

Download
memory/1948-225-0x0000000000CE0000-0x000000000102A000-memory.dmp

Filesize
3.3MB

Download
memory/1948-261-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download
memory/1992-87-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-100-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-92-0x0000000074250000-0x0000000074262000-memory.dmp

Filesize
72KB

Download
memory/1992-107-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-109-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-115-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-119-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-118-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-117-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-116-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-133-0x00000000764C0000-0x000000007653B000-memory.dmp

Filesize
492KB

Download
memory/1992-137-0x00000000764C0000-0x000000007653B000-memory.dmp

Filesize
492KB

Download
memory/1992-138-0x00000000764C0000-0x000000007653B000-memory.dmp

Filesize
492KB

Download
memory/1992-140-0x00000000764C0000-0x000000007653B000-memory.dmp

Filesize
492KB

Download
memory/1992-139-0x00000000764C0000-0x000000007653B000-memory.dmp

Filesize
492KB

Download
memory/1992-136-0x00000000764C0000-0x000000007653B000-memory.dmp

Filesize
492KB

Download
memory/1992-135-0x00000000764C0000-0x000000007653B000-memory.dmp

Filesize
492KB

Download
memory/1992-134-0x00000000764C0000-0x000000007653B000-memory.dmp

Filesize
492KB

Download
memory/1992-114-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-113-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-146-0x0000000074B00000-0x0000000074C10000-memory.dmp

Filesize
1.1MB

Download
memory/1992-112-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-111-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-110-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-108-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-106-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-104-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-103-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-105-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-102-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-101-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-93-0x0000000074250000-0x0000000074262000-memory.dmp

Filesize
72KB

Download
memory/1992-99-0x0000000074230000-0x0000000074247000-memory.dmp

Filesize
92KB

Download
memory/1992-94-0x0000000074250000-0x0000000074262000-memory.dmp

Filesize
72KB

Download
memory/1992-90-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-82-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-88-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-89-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-85-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-86-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-54-0x0000000000000000-mapping.dmp

Download
memory/1992-84-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-83-0x0000000074270000-0x000000007440E000-memory.dmp

Filesize
1.6MB

Download
memory/1992-76-0x0000000074510000-0x0000000074542000-memory.dmp

Filesize
200KB

Download
memory/1992-77-0x0000000074510000-0x0000000074542000-memory.dmp

Filesize
200KB

Download
memory/1992-80-0x0000000074510000-0x0000000074542000-memory.dmp

Filesize
200KB

Download
memory/1992-79-0x0000000074510000-0x0000000074542000-memory.dmp

Filesize
200KB

Download
memory/1992-78-0x0000000074510000-0x0000000074542000-memory.dmp

Filesize
200KB

Download
memory/1992-70-0x0000000000BA0000-0x0000000000EE5000-memory.dmp

Filesize
3.3MB

Download
memory/1992-69-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1992-68-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-65-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-66-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-64-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-63-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-61-0x0000000074B00000-0x0000000074C10000-memory.dmp

Filesize
1.1MB

Download
memory/1992-62-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-60-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-59-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-57-0x0000000000EF0000-0x000000000123A000-memory.dmp

Filesize
3.3MB

Download
memory/1992-56-0x0000000075371000-0x0000000075373000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads