c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71

Analysis

max time kernel
177s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Size

88KB
MD5

5a680251bc98000cfa2d5ff5aa114578
SHA1

d9ddd591922cd57695ad544477da10a7fe4c9e3a
SHA256

c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71
SHA512

0b4c708590bf2dd19f095a49fac1fcbceb9679d89fb1722cf910264aaabca9b723222111a7cdc22934981450da7748037d87851bf91fd0f6eea2a23186b3580b
SSDEEP

1536:ttZHJGPKZi+unw3uzV1cVJ+5ppoNr9hTcOujjwGTr0aIiksSaV1K7ZNc:33GCZi+u93O+KNr9hoOVGToadTutNc

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 10 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Wmi\Parameters\ServiceDll = "C:\\Windows\\system32\\Wmi.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WmdmPmSp\Parameters\ServiceDll = "C:\\Windows\\system32\\WmdmPmSp.dll"	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe

Loads dropped DLL 16 IoCs

Processes:

svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exe

pid	process
1956	svchost.exe
1956	svchost.exe
1824	svchost.exe
1824	svchost.exe
824	svchost.exe
824	svchost.exe
1720	svchost.exe
1720	svchost.exe
1584	svchost.exe
1584	svchost.exe
1468	svchost.exe
1468	svchost.exe
1832	svchost.exe
1832	svchost.exe
1492	svchost.exe
1492	svchost.exe

Drops file in System32 directory 10 IoCs

Processes:

c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\Nla.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\NWCWorkstation.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\Nwsapagent.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\WmdmPmSp.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\Ias.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\Irmon.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\Ntmssvc.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\SRService.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
File opened for modification	C:\Windows\SysWOW64\Wmi.dll	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe

pid process

2004 c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe

pid	process
2004	c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe

C:\Users\Admin\AppData\Local\Temp\c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe
"C:\Users\Admin\AppData\Local\Temp\c9ca8a753f91862a5a3d20633c1ef52575bf6bf38d987d38482b1014ee37af71.exe"
1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2004

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1956

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
PID:336

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1824

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:824

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1720

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1584

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1468

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1832

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
PID:1608

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1492

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\??\c:\windows\SysWOW64\irmon.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\??\c:\windows\SysWOW64\nla.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\??\c:\windows\SysWOW64\ntmssvc.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\??\c:\windows\SysWOW64\nwcworkstation.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\??\c:\windows\SysWOW64\nwsapagent.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\??\c:\windows\SysWOW64\srservice.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\??\c:\windows\SysWOW64\wmdmpmsp.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\FastUserSwitchingCompatibility.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\FastUserSwitchingCompatibility.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\Irmon.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\Irmon.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\NWCWorkstation.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\NWCWorkstation.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\Nla.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\Nla.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\Ntmssvc.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\Ntmssvc.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\Nwsapagent.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\Nwsapagent.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\SRService.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\SRService.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\WmdmPmSp.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
\Windows\SysWOW64\WmdmPmSp.dll
Filesize
88KB

MD5
7d8b0edc2398e36b3696525eb7c16d50

SHA1
c5ab236305edada248a33358832d0f449d64c75c

SHA256
fba08ce259d047f7f1cd78840cbee0b30aff97095e668f18cc6d179f1b7647ec

SHA512
9ba99fe24ff5f7a4bd433542e89bc13633e4676700acc0e34e716918e00dc68a83914e3b6dd81bfdad5ecc8cc4b40cb353e7fedbff9bdd0491b4446b9f2005fe

Download Submit
memory/2004-61-0x00000000000F0000-0x0000000000112000-memory.dmp

Filesize
136KB

Download
memory/2004-62-0x0000000002090000-0x0000000006090000-memory.dmp

Filesize
64.0MB

Download
memory/2004-67-0x0000000002090000-0x0000000006090000-memory.dmp

Filesize
64.0MB

Download
memory/2004-60-0x00000000000F0000-0x0000000000112000-memory.dmp

Filesize
136KB

Download
memory/2004-54-0x0000000075C21000-0x0000000075C23000-memory.dmp

Filesize
8KB

Download
memory/2004-59-0x0000000000310000-0x0000000000332000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads