72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce

General

Target

72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
Size

26KB
MD5

2f900ad4ecd1726c9001bc41a42073cc
SHA1

98eda90f954cd3dc68fe58e8b9738487256e66c3
SHA256

72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce
SHA512

bb99fba927b802eb25ab0672b2eeefdfb56c18e763e7b202ef6bd0cc7a824583f00b6df5f947bd6fce23be957f4af0e133fbfefc6f7c553356c460badb19735a
SSDEEP

384:fiwLXY3y9eHBgVmtCFbxRbA+4okzNC6ybGMhTKNljsq+Vhnka0+itIY/JLjP4L3W:fixCg6tdRbA+4CBbhKNWqc++it7R23W

Score

8^/10

discovery exploit

Malware Config

Signatures

Possible privilege escalation attempt 6 IoCs
exploit

Processes:

icacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exe

pid process

1672 icacls.exe
1808 takeown.exe
1324 icacls.exe
1164 takeown.exe
2036 icacls.exe
1864 takeown.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1392 cmd.exe
Modifies file permissions 1 TTPs 6 IoCs
discovery

File Permissions Modification
T1222

Processes:

takeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exe

pid process

1808 takeown.exe
1324 icacls.exe
1164 takeown.exe
2036 icacls.exe
1864 takeown.exe
1672 icacls.exe

pid	process
1672	icacls.exe
1808	takeown.exe
1324	icacls.exe
1164	takeown.exe
2036	icacls.exe
1864	takeown.exe

pid	process
1392	cmd.exe

pid	process
1808	takeown.exe
1324	icacls.exe
1164	takeown.exe
2036	icacls.exe
1864	takeown.exe
1672	icacls.exe

Drops file in System32 directory 10 IoCs

Processes:

72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\123A6EB.tmp	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File created	C:\Windows\SysWOW64\dllcache\iphlpapi.dll	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File opened for modification	C:\Windows\SysWOW64\123E1AB.tmp	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File opened for modification	C:\Windows\syswow64\123E1AB.tmp	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File opened for modification	C:\Windows\syswow64\123320.tmp	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File opened for modification	C:\Windows\syswow64\123A6EB.tmp	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File created	C:\Windows\SysWOW64\dllcache\rasadhlp.dll	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File opened for modification	C:\Windows\SysWOW64\123320.tmp	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File created	C:\Windows\SysWOW64\dllcache\midimap.dll	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
File created	C:\Windows\SysWOW64\sxload.tmp	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe

Drops file in Program Files directory 1 IoCs

Processes:

72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe

description ioc process

File created C:\Program Files (x86)\Common Files\sxmy.tmp 72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

1496 taskkill.exe
1928 taskkill.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe

pid process

952 72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\sxmy.tmp	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe

pid	process
1496	taskkill.exe
1928	taskkill.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exetakeown.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
Token: SeTakeOwnershipPrivilege	1164	takeown.exe
Token: SeDebugPrivilege	1496	taskkill.exe
Token: SeDebugPrivilege	1928	taskkill.exe

Suspicious use of FindShellTrayWindow 12 IoCs

Processes:

72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe

pid	process
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe

Suspicious use of WriteProcessMemory 60 IoCs

Processes:

72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.execmd.execmd.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 952 wrote to memory of 900	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 900	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 900	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 900	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 900 wrote to memory of 672	900	cmd.exe	cmd.exe
PID 900 wrote to memory of 672	900	cmd.exe	cmd.exe
PID 900 wrote to memory of 672	900	cmd.exe	cmd.exe
PID 900 wrote to memory of 672	900	cmd.exe	cmd.exe
PID 672 wrote to memory of 1164	672	cmd.exe	takeown.exe
PID 672 wrote to memory of 1164	672	cmd.exe	takeown.exe
PID 672 wrote to memory of 1164	672	cmd.exe	takeown.exe
PID 672 wrote to memory of 1164	672	cmd.exe	takeown.exe
PID 900 wrote to memory of 2036	900	cmd.exe	icacls.exe
PID 900 wrote to memory of 2036	900	cmd.exe	icacls.exe
PID 900 wrote to memory of 2036	900	cmd.exe	icacls.exe
PID 900 wrote to memory of 2036	900	cmd.exe	icacls.exe
PID 952 wrote to memory of 1780	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 1780	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 1780	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 1780	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 1780 wrote to memory of 1512	1780	cmd.exe	cmd.exe
PID 1780 wrote to memory of 1512	1780	cmd.exe	cmd.exe
PID 1780 wrote to memory of 1512	1780	cmd.exe	cmd.exe
PID 1780 wrote to memory of 1512	1780	cmd.exe	cmd.exe
PID 1512 wrote to memory of 1864	1512	cmd.exe	takeown.exe
PID 1512 wrote to memory of 1864	1512	cmd.exe	takeown.exe
PID 1512 wrote to memory of 1864	1512	cmd.exe	takeown.exe
PID 1512 wrote to memory of 1864	1512	cmd.exe	takeown.exe
PID 1780 wrote to memory of 1672	1780	cmd.exe	icacls.exe
PID 1780 wrote to memory of 1672	1780	cmd.exe	icacls.exe
PID 1780 wrote to memory of 1672	1780	cmd.exe	icacls.exe
PID 1780 wrote to memory of 1672	1780	cmd.exe	icacls.exe
PID 952 wrote to memory of 608	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 608	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 608	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 608	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 608 wrote to memory of 1456	608	cmd.exe	cmd.exe
PID 608 wrote to memory of 1456	608	cmd.exe	cmd.exe
PID 608 wrote to memory of 1456	608	cmd.exe	cmd.exe
PID 608 wrote to memory of 1456	608	cmd.exe	cmd.exe
PID 1456 wrote to memory of 1808	1456	cmd.exe	takeown.exe
PID 1456 wrote to memory of 1808	1456	cmd.exe	takeown.exe
PID 1456 wrote to memory of 1808	1456	cmd.exe	takeown.exe
PID 1456 wrote to memory of 1808	1456	cmd.exe	takeown.exe
PID 608 wrote to memory of 1324	608	cmd.exe	icacls.exe
PID 608 wrote to memory of 1324	608	cmd.exe	icacls.exe
PID 608 wrote to memory of 1324	608	cmd.exe	icacls.exe
PID 608 wrote to memory of 1324	608	cmd.exe	icacls.exe
PID 952 wrote to memory of 1496	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	taskkill.exe
PID 952 wrote to memory of 1496	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	taskkill.exe
PID 952 wrote to memory of 1496	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	taskkill.exe
PID 952 wrote to memory of 1496	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	taskkill.exe
PID 952 wrote to memory of 1928	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	taskkill.exe
PID 952 wrote to memory of 1928	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	taskkill.exe
PID 952 wrote to memory of 1928	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	taskkill.exe
PID 952 wrote to memory of 1928	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	taskkill.exe
PID 952 wrote to memory of 1392	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 1392	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 1392	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe
PID 952 wrote to memory of 1392	952	72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe
"C:\Users\Admin\AppData\Local\Temp\72bb16b9c12138cdacbd260e8176acd8d2e4dee422c384e7251ffefa04cf6fce.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:952

C:\Windows\SysWOW64\cmd.exe
cmd /c 2.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:900

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c takeown /f "C:\Windows\syswow64"
3⤵
- Suspicious use of WriteProcessMemory
PID:672

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\syswow64"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1164

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\syswow64" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2036

C:\Windows\SysWOW64\cmd.exe
cmd /c 2.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:1780

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c takeown /f "C:\Windows\syswow64"
3⤵
- Suspicious use of WriteProcessMemory
PID:1512

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\syswow64"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1864

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\syswow64" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1672

C:\Windows\SysWOW64\cmd.exe
cmd /c 2.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:608

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c takeown /f "C:\Windows\syswow64"
3⤵
- Suspicious use of WriteProcessMemory
PID:1456

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\syswow64"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1808

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\syswow64" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1324

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "soul.exe"
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1496

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "soul.exe"
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1928

C:\Windows\SysWOW64\cmd.exe
cmd /c 1.bat
2⤵
- Deletes itself
PID:1392

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1

T1222

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.bat
Filesize
253B

MD5
dfa62139605a98aa1859c623a9aaf1ca

SHA1
917a4320fd269c31126cd069726218d0766f32b1

SHA256
75817b09fa299fa35a04be611efe35a237a6ce0b690d3f9d2fce838b33d6ba6e

SHA512
40e9e7ea282a036831dd81195b9703949abcc6d7052c0f272430dedf1ac9e3592f0cd97aa5b009306a88967b44bd45e01ec838f53819aec5bbae7f12e148c8bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat
Filesize
110B

MD5
521e37256443e6b3f2281f217476bf79

SHA1
81f0e2b65605f070782cbe241569c6b9a25bb9dc

SHA256
79ae97b29c3a714fa32b14c282716f1378ad8de73d6a6d954fdd7e1270bc411f

SHA512
23096a5eee45c7f2b278cf9385a0ea91b86c01332a096e56f1c8de336ca0bba77e0b1dbb6f2197b5c6a91c2ca093df356026c6452e4a022db79a6b555cb39025

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat
Filesize
110B

MD5
521e37256443e6b3f2281f217476bf79

SHA1
81f0e2b65605f070782cbe241569c6b9a25bb9dc

SHA256
79ae97b29c3a714fa32b14c282716f1378ad8de73d6a6d954fdd7e1270bc411f

SHA512
23096a5eee45c7f2b278cf9385a0ea91b86c01332a096e56f1c8de336ca0bba77e0b1dbb6f2197b5c6a91c2ca093df356026c6452e4a022db79a6b555cb39025

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat
Filesize
110B

MD5
521e37256443e6b3f2281f217476bf79

SHA1
81f0e2b65605f070782cbe241569c6b9a25bb9dc

SHA256
79ae97b29c3a714fa32b14c282716f1378ad8de73d6a6d954fdd7e1270bc411f

SHA512
23096a5eee45c7f2b278cf9385a0ea91b86c01332a096e56f1c8de336ca0bba77e0b1dbb6f2197b5c6a91c2ca093df356026c6452e4a022db79a6b555cb39025

Download Submit
C:\Windows\SysWOW64\dllcache\iphlpapi.dll
Filesize
101KB

MD5
0894ff9cb2f6ac6696b04351f5bfc422

SHA1
fa02fb7e2b343b7d467675a81afd088c877d641f

SHA256
f63abb152ab1ee993236a7b1b30b0b40be2aeab0edee9eb52fc465695190bb88

SHA512
493c7fa3cfb938c3b98704baad0be2519787cce465ee344fcd6450c5707b3d3bd0a834d35c33947b8a4dd95a2178b4dab0f5668abc8995dc4965532d5b8c33b7

Download Submit
C:\Windows\SysWOW64\dllcache\rasadhlp.dll
Filesize
11KB

MD5
f87a749e97c7a8c63406321aa604498f

SHA1
5da6a31742558d3f5e9ccde10304012230d2e0a7

SHA256
c54a7f4a32e9f6d19dbd80a7a52ea54f689956ee25e42bb6a168dc0ca3dd5946

SHA512
73fad4c4f9fb08a2a6ecc82695f18266600ad954ac50056c0db83c2dd3c5171c64e33bcced26ba06c9994c172d7c4c6fd979cd9d795e107f0bc28baa3becc97b

Download Submit
C:\Windows\SysWOW64\iphlpapi.dll
Filesize
101KB

MD5
0894ff9cb2f6ac6696b04351f5bfc422

SHA1
fa02fb7e2b343b7d467675a81afd088c877d641f

SHA256
f63abb152ab1ee993236a7b1b30b0b40be2aeab0edee9eb52fc465695190bb88

SHA512
493c7fa3cfb938c3b98704baad0be2519787cce465ee344fcd6450c5707b3d3bd0a834d35c33947b8a4dd95a2178b4dab0f5668abc8995dc4965532d5b8c33b7

Download Submit
C:\Windows\SysWOW64\rasadhlp.dll
Filesize
11KB

MD5
f87a749e97c7a8c63406321aa604498f

SHA1
5da6a31742558d3f5e9ccde10304012230d2e0a7

SHA256
c54a7f4a32e9f6d19dbd80a7a52ea54f689956ee25e42bb6a168dc0ca3dd5946

SHA512
73fad4c4f9fb08a2a6ecc82695f18266600ad954ac50056c0db83c2dd3c5171c64e33bcced26ba06c9994c172d7c4c6fd979cd9d795e107f0bc28baa3becc97b

Download Submit
memory/608-70-0x0000000000000000-mapping.dmp

Download
memory/672-57-0x0000000000000000-mapping.dmp

Download
memory/900-55-0x0000000000000000-mapping.dmp

Download
memory/952-60-0x0000000074F71000-0x0000000074F73000-memory.dmp

Filesize
8KB

Download
memory/952-67-0x0000000074C31000-0x0000000074C33000-memory.dmp

Filesize
8KB

Download
memory/952-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download
memory/952-77-0x0000000074C71000-0x0000000074C73000-memory.dmp

Filesize
8KB

Download
memory/1164-58-0x0000000000000000-mapping.dmp

Download
memory/1324-74-0x0000000000000000-mapping.dmp

Download
memory/1392-82-0x0000000000000000-mapping.dmp

Download
memory/1456-72-0x0000000000000000-mapping.dmp

Download
memory/1496-80-0x0000000000000000-mapping.dmp

Download
memory/1512-63-0x0000000000000000-mapping.dmp

Download
memory/1672-65-0x0000000000000000-mapping.dmp

Download
memory/1780-61-0x0000000000000000-mapping.dmp

Download
memory/1808-73-0x0000000000000000-mapping.dmp

Download
memory/1864-64-0x0000000000000000-mapping.dmp

Download
memory/1928-81-0x0000000000000000-mapping.dmp

Download
memory/2036-59-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads