2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e

General

Target

2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
Size

180KB
MD5

a9927372adb1bbab4d9feda4973b99bb
SHA1

afe047b6cb99dc22fe5861b38bc01499204f4aed
SHA256

2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e
SHA512

8729870e62ec803fa0e5a56dd6ce885d9ef852a6c43892258ef6d8a007e6c63609e29bd2c8a964b1b0a025a3444406e0f541f8af85a65c007887c9edadd0d5e5
SSDEEP

3072:l0co4JQWrrjAkHClaFkX2KlR7zkB7gCcsUPmtVwVwHIofiFYrfavMAPN5w0nepC:VQAr7HCIFa2KlR787N2mtaVXMiqTaNjd

Score

9^/10

ransomware

Malware Config

Signatures

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490
Drops startup file 1 IoCs

Processes:

explorer.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e0d7b5e.exe explorer.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e0d7b5e.exe	explorer.exe

Drops file in System32 directory 14 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6F44E21A9D619ED3DDA892C60C09B740	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_C1D494D2F32AEDC4FBA6C14F3F436273	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6F44E21A9D619ED3DDA892C60C09B740	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27	svchost.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_C1D494D2F32AEDC4FBA6C14F3F436273	svchost.exe

Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490

Processes:

vssadmin.exe

pid process

1744 vssadmin.exe

pid	process
1744	vssadmin.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

svchost.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{705ECD17-ED2C-4A37-B767-AF7C143CAE4F}	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{705ECD17-ED2C-4A37-B767-AF7C143CAE4F}\WpadNetworkName = "Network 2"	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f003c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{705ECD17-ED2C-4A37-B767-AF7C143CAE4F}\WpadDecisionReason = "1"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{705ECD17-ED2C-4A37-B767-AF7C143CAE4F}\WpadDecisionTime = 50c04439bd01d901	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-cb-2a-ff-64-c6\WpadDecisionTime = 50c04439bd01d901	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-cb-2a-ff-64-c6\WpadDecisionReason = "1"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-cb-2a-ff-64-c6\WpadDecision = "0"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{705ECD17-ED2C-4A37-B767-AF7C143CAE4F}\WpadDecision = "0"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{705ECD17-ED2C-4A37-B767-AF7C143CAE4F}\2e-cb-2a-ff-64-c6	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	svchost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe

pid	process
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

1212

pid	process
1212

Suspicious behavior: MapViewOfSection 3 IoCs

Processes:

2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exeexplorer.exe

pid	process
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
344	explorer.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

vssvc.exe

description pid process

Token: SeBackupPrivilege 816 vssvc.exe
Token: SeRestorePrivilege 816 vssvc.exe
Token: SeAuditPrivilege 816 vssvc.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

pid process

1212
1212
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

pid process

1212
1212

description	pid	process
Token: SeBackupPrivilege	816	vssvc.exe
Token: SeRestorePrivilege	816	vssvc.exe
Token: SeAuditPrivilege	816	vssvc.exe

pid	process
1212
1212

pid	process
1212
1212

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exeexplorer.exe

description	pid	process	target process
PID 1044 wrote to memory of 344	1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe	explorer.exe
PID 1044 wrote to memory of 344	1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe	explorer.exe
PID 1044 wrote to memory of 344	1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe	explorer.exe
PID 1044 wrote to memory of 344	1044	2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe	explorer.exe
PID 344 wrote to memory of 1780	344	explorer.exe	svchost.exe
PID 344 wrote to memory of 1780	344	explorer.exe	svchost.exe
PID 344 wrote to memory of 1780	344	explorer.exe	svchost.exe
PID 344 wrote to memory of 1780	344	explorer.exe	svchost.exe
PID 344 wrote to memory of 1744	344	explorer.exe	vssadmin.exe
PID 344 wrote to memory of 1744	344	explorer.exe	vssadmin.exe
PID 344 wrote to memory of 1744	344	explorer.exe	vssadmin.exe
PID 344 wrote to memory of 1744	344	explorer.exe	vssadmin.exe

C:\Users\Admin\AppData\Local\Temp\2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe
"C:\Users\Admin\AppData\Local\Temp\2ddb020a499b7ac7936a11bc73f7a8e2dacd09eddd6cd8c6c51c7326f9c95d3e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1044

C:\Windows\syswow64\explorer.exe
"C:\Windows\syswow64\explorer.exe"
2⤵
- Drops startup file
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:344

C:\Windows\syswow64\svchost.exe
-k netsvcs
3⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1780

C:\Windows\syswow64\vssadmin.exe
vssadmin.exe Delete Shadows /All /Quiet
3⤵
- Interacts with shadow copies
PID:1744

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:816

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2

T1107

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

memory/344-68-0x0000000000000000-mapping.dmp

Download
memory/344-71-0x0000000000080000-0x00000000000AB000-memory.dmp

Filesize
172KB

Download
memory/344-70-0x00000000750F1000-0x00000000750F3000-memory.dmp

Filesize
8KB

Download
memory/1044-66-0x00000000003E0000-0x00000000003F9000-memory.dmp

Filesize
100KB

Download
memory/1044-58-0x0000000000060000-0x000000000006C000-memory.dmp

Filesize
48KB

Download
memory/1044-63-0x00000000003E0000-0x00000000003F9000-memory.dmp

Filesize
100KB

Download
memory/1044-62-0x0000000002280000-0x0000000002283000-memory.dmp

Filesize
12KB

Download
memory/1044-55-0x0000000000400000-0x0000000000568000-memory.dmp

Filesize
1.4MB

Download
memory/1044-54-0x0000000076931000-0x0000000076933000-memory.dmp

Filesize
8KB

Download
memory/1044-56-0x0000000000400000-0x0000000000568000-memory.dmp

Filesize
1.4MB

Download
memory/1212-65-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1212-67-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1212-64-0x00000000029F0000-0x00000000029FC000-memory.dmp

Filesize
48KB

Download
memory/1744-73-0x0000000000000000-mapping.dmp

Download
memory/1780-72-0x0000000000000000-mapping.dmp

Download
memory/1780-74-0x0000000000080000-0x00000000000AB000-memory.dmp

Filesize
172KB

Download
memory/1780-76-0x0000000000080000-0x00000000000AB000-memory.dmp

Filesize
172KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads