baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01

General

Target

baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe
Size

96KB
MD5

4be1ac9452947d3000daca209972d3cc
SHA1

595d3d653581f70b02c9510d76d4b7a70df73e10
SHA256

baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01
SHA512

2b11d8a798e988aa910d25bbebf55f251f354e659d9a5f4d505dffd9e21f7582c7ca2163fb2971a056fa958a67dc6710382a986348161939cc3a11e37138e0f0
SSDEEP

1536:S2dX/KGcry9vASJJ2DbxN4j+s+Ci5d5lIE1ppxRp9bDEvLlIAA31cviZi/:d/V2yVHsQjN+Ci9l5Zp5SIAA3LZi/

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1512	taskhost.exe
676	taskhost.exe

Loads dropped DLL 2 IoCs

pid	Process
1988	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe
1988	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\Taskhost = "C:\\Users\\Admin\\AppData\\Roaming\\taskhost.exe"	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1212 set thread context of 1988	1212	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	28
PID 1512 set thread context of 676	1512	taskhost.exe	30

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	taskhost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	taskhost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	taskhost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	taskhost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	taskhost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	taskhost.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1988	1212	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	28
PID 1212 wrote to memory of 1988	1212	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	28
PID 1212 wrote to memory of 1988	1212	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	28
PID 1212 wrote to memory of 1988	1212	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	28
PID 1212 wrote to memory of 1988	1212	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	28
PID 1212 wrote to memory of 1988	1212	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	28
PID 1988 wrote to memory of 1512	1988	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	29
PID 1988 wrote to memory of 1512	1988	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	29
PID 1988 wrote to memory of 1512	1988	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	29
PID 1988 wrote to memory of 1512	1988	baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe	29
PID 1512 wrote to memory of 676	1512	taskhost.exe	30
PID 1512 wrote to memory of 676	1512	taskhost.exe	30
PID 1512 wrote to memory of 676	1512	taskhost.exe	30
PID 1512 wrote to memory of 676	1512	taskhost.exe	30
PID 1512 wrote to memory of 676	1512	taskhost.exe	30
PID 1512 wrote to memory of 676	1512	taskhost.exe	30

C:\Users\Admin\AppData\Local\Temp\baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe
"C:\Users\Admin\AppData\Local\Temp\baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Users\Admin\AppData\Local\Temp\baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe
  C:\Users\Admin\AppData\Local\Temp\baa38e1a42600a3e470b469c423740c383bc0f0cd35b5e794bd8bfec26105e01.exe
  2⤵
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Users\Admin\AppData\Roaming\taskhost.exe
    C:\Users\Admin\AppData\Roaming\taskhost.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:1512
  - - C:\Users\Admin\AppData\Roaming\taskhost.exe
      C:\Users\Admin\AppData\Roaming\taskhost.exe
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      PID:676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\taskhost.exe

Filesize
96KB

MD5
413eb4df6fca058373d2e07edabb1ef2

SHA1
71d23bf40422d8b0815d87f4e5f99f47c3912334

SHA256
1f28e884b043bbb340954fdd59a8efcf8fc9494cade4f83144fe57e7ac0f142a

SHA512
981377df10be155d3da647be0b25c8d6188737b078780b3d2d1a76b75b356b6c4258fa5695aaf5064928ba19d78ee1cf1f7654aefa3cb2793c833661c0418ccc

Download Submit
C:\Users\Admin\AppData\Roaming\taskhost.exe

Filesize
96KB

MD5
413eb4df6fca058373d2e07edabb1ef2

SHA1
71d23bf40422d8b0815d87f4e5f99f47c3912334

SHA256
1f28e884b043bbb340954fdd59a8efcf8fc9494cade4f83144fe57e7ac0f142a

SHA512
981377df10be155d3da647be0b25c8d6188737b078780b3d2d1a76b75b356b6c4258fa5695aaf5064928ba19d78ee1cf1f7654aefa3cb2793c833661c0418ccc

Download Submit
C:\Users\Admin\AppData\Roaming\taskhost.exe

Filesize
96KB

MD5
413eb4df6fca058373d2e07edabb1ef2

SHA1
71d23bf40422d8b0815d87f4e5f99f47c3912334

SHA256
1f28e884b043bbb340954fdd59a8efcf8fc9494cade4f83144fe57e7ac0f142a

SHA512
981377df10be155d3da647be0b25c8d6188737b078780b3d2d1a76b75b356b6c4258fa5695aaf5064928ba19d78ee1cf1f7654aefa3cb2793c833661c0418ccc

Download Submit
\Users\Admin\AppData\Roaming\taskhost.exe

Filesize
96KB

MD5
413eb4df6fca058373d2e07edabb1ef2

SHA1
71d23bf40422d8b0815d87f4e5f99f47c3912334

SHA256
1f28e884b043bbb340954fdd59a8efcf8fc9494cade4f83144fe57e7ac0f142a

SHA512
981377df10be155d3da647be0b25c8d6188737b078780b3d2d1a76b75b356b6c4258fa5695aaf5064928ba19d78ee1cf1f7654aefa3cb2793c833661c0418ccc

Download Submit
\Users\Admin\AppData\Roaming\taskhost.exe

Filesize
96KB

MD5
413eb4df6fca058373d2e07edabb1ef2

SHA1
71d23bf40422d8b0815d87f4e5f99f47c3912334

SHA256
1f28e884b043bbb340954fdd59a8efcf8fc9494cade4f83144fe57e7ac0f142a

SHA512
981377df10be155d3da647be0b25c8d6188737b078780b3d2d1a76b75b356b6c4258fa5695aaf5064928ba19d78ee1cf1f7654aefa3cb2793c833661c0418ccc

Download Submit
memory/676-75-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/676-74-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/676-68-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-54-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-60-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-59-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download
memory/1988-72-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1988-56-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads