fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586

General

Target

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Size

328KB
MD5

0ae1adb1839be974a4c9fe18e1688290
SHA1

d16776d64a11291d0c3b7fdd201c8cdc5252227f
SHA256

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586
SHA512

1d24a68b367c3e72071a1052d9c436571d4e8b1f768657720bef90cc40dc70c3d57b676e09fbf91e74631f014839046e7b64031109c92c074043913f87faad2d
SSDEEP

6144:LyWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:LCemx0vN3HKGi6sYjJLUGGtedud5tr7

Score

8^/10

adware discovery exploit persistence stealer

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

description ioc process

File created C:\Windows\SysWOW64\drivers\3be46236.sys fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Possible privilege escalation attempt 4 IoCs
exploit

Processes:

takeown.exeicacls.exetakeown.exeicacls.exe

pid process

368 takeown.exe
364 icacls.exe
852 takeown.exe
840 icacls.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\3be46236.sys	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

pid	process
368	takeown.exe
364	icacls.exe
852	takeown.exe
840	icacls.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\3be46236\ImagePath = "\\??\\C:\\Windows\\SysWOW64\\drivers\\3be46236.sys"	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1916 cmd.exe
Modifies file permissions 1 TTPs 4 IoCs
discovery

File Permissions Modification
T1222

Processes:

takeown.exeicacls.exetakeown.exeicacls.exe

pid process

368 takeown.exe
364 icacls.exe
852 takeown.exe
840 icacls.exe

pid	process
1916	cmd.exe

pid	process
368	takeown.exe
364	icacls.exe
852	takeown.exe
840	icacls.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

Maps connected drives based on registry 3 TTPs 3 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

Drops file in System32 directory 4 IoCs

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

description	ioc	process
File created	C:\Windows\SysWOW64\ws2tcpip.dll	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
File opened for modification	C:\Windows\SysWOW64\ws2tcpip.dll	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
File created	C:\Windows\SysWOW64\wshtcpip.dll	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
File created	C:\Windows\SysWOW64\midimap.dll	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

Modifies registry class 4 IoCs

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\HOOK_ID	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\HOOK_ID\name = "fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe"	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\SYS_DLL	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\SYS_DLL\name = "fuefgHthr.dll"	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

pid	process
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

pid process

464
1044 fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

pid	process
464
1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exetakeown.exetakeown.exe

description	pid	process
Token: SeDebugPrivilege	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
Token: SeTakeOwnershipPrivilege	368	takeown.exe
Token: SeTakeOwnershipPrivilege	852	takeown.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.execmd.execmd.exe

description	pid	process	target process
PID 1044 wrote to memory of 536	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 536	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 536	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 536	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 536 wrote to memory of 368	536	cmd.exe	takeown.exe
PID 536 wrote to memory of 368	536	cmd.exe	takeown.exe
PID 536 wrote to memory of 368	536	cmd.exe	takeown.exe
PID 536 wrote to memory of 368	536	cmd.exe	takeown.exe
PID 536 wrote to memory of 364	536	cmd.exe	icacls.exe
PID 536 wrote to memory of 364	536	cmd.exe	icacls.exe
PID 536 wrote to memory of 364	536	cmd.exe	icacls.exe
PID 536 wrote to memory of 364	536	cmd.exe	icacls.exe
PID 1044 wrote to memory of 808	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 808	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 808	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 808	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 808 wrote to memory of 852	808	cmd.exe	takeown.exe
PID 808 wrote to memory of 852	808	cmd.exe	takeown.exe
PID 808 wrote to memory of 852	808	cmd.exe	takeown.exe
PID 808 wrote to memory of 852	808	cmd.exe	takeown.exe
PID 808 wrote to memory of 840	808	cmd.exe	icacls.exe
PID 808 wrote to memory of 840	808	cmd.exe	icacls.exe
PID 808 wrote to memory of 840	808	cmd.exe	icacls.exe
PID 808 wrote to memory of 840	808	cmd.exe	icacls.exe
PID 1044 wrote to memory of 1916	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 1916	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 1916	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe
PID 1044 wrote to memory of 1916	1044	fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe
"C:\Users\Admin\AppData\Local\Temp\fea558e9db7fbf607c47a5c9d705b4b50143aa1dc08415d2049e1afbc6778586.exe"
1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1044

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c takeown /f C:\Windows\SysWOW64\wshtcpip.dll && icacls C:\Windows\SysWOW64\wshtcpip.dll /grant administrators:F
2⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\Windows\SysWOW64\wshtcpip.dll
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:368

C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\SysWOW64\wshtcpip.dll /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:364

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c takeown /f C:\Windows\SysWOW64\midimap.dll && icacls C:\Windows\SysWOW64\midimap.dll /grant administrators:F
2⤵
- Suspicious use of WriteProcessMemory
PID:808

C:\Windows\SysWOW64\takeown.exe
takeown /f C:\Windows\SysWOW64\midimap.dll
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:852

C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\SysWOW64\midimap.dll /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:840

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ahnmove.bat
2⤵
- Deletes itself
PID:1916

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Browser Extensions

1

T1176

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

File Permissions Modification

1

T1222

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ahnmove.bat
Filesize
181B

MD5
1188194ae58b29fe76b0a185828e110e

SHA1
7f77af291ad9066f455a3de364eaef47359a55d9

SHA256
bd1f18aa2bda2624b76cf4b96477456740b3994f313c3a9282ab3da5bb3c8b61

SHA512
f1baeed2f03d6127f58be43ec5b3b1c75f34b69ed689759c575206ac8fb0aac03de263930f03ebf4e1885aaa7dfa9056e5f72882481d5e3bf674be04b209bc4d

Download Submit
memory/364-60-0x0000000000000000-mapping.dmp

Download
memory/368-59-0x0000000000000000-mapping.dmp

Download
memory/536-58-0x0000000000000000-mapping.dmp

Download
memory/808-61-0x0000000000000000-mapping.dmp

Download
memory/840-63-0x0000000000000000-mapping.dmp

Download
memory/852-62-0x0000000000000000-mapping.dmp

Download
memory/1044-57-0x0000000001000000-0x000000000116A000-memory.dmp

Filesize
1.4MB

Download
memory/1044-56-0x0000000000220000-0x0000000000240000-memory.dmp

Filesize
128KB

Download
memory/1044-54-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download
memory/1044-65-0x0000000001000000-0x000000000116A000-memory.dmp

Filesize
1.4MB

Download
memory/1044-55-0x0000000001000000-0x000000000116A000-memory.dmp

Filesize
1.4MB

Download
memory/1916-64-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads