1624601dbd4a69c2290458c2dde106fbd8576cc1b6d7df1c994bc266f84627ab

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
Size

55KB
MD5

fa4bbe0ede323c901ea447e5f8e45146
SHA1

bc3b21bd85b60a8088e4fcd5031b41f4688b885a
SHA256

1624601dbd4a69c2290458c2dde106fbd8576cc1b6d7df1c994bc266f84627ab
SHA512

bd99759bcca116aa710beb1adbb6bd273e5f1f1023e0677127ab101bb74187adaacf7ad12471a66fc6d2f7b02933eff1ec170024f09197f9623f4439455d0a0b
SSDEEP

768:kvb+QT1htb46xxkVzet1OpNZCiecgp6hx4VU4l20WiosK2p/1H5HYXdnh:C+oHtb46xxeGOZC0gps4fl20zrK2LVq

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nlcnda32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nlcnda32.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Npagjpcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Npagjpcd.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nenobfak.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nenobfak.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe

Executes dropped EXE 4 IoCs

pid	Process
2316	Nlcnda32.exe
2652	Npagjpcd.exe
2632	Nenobfak.exe
2668	Nlhgoqhh.exe

Loads dropped DLL 8 IoCs

pid	Process
2836	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
2836	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
2316	Nlcnda32.exe
2316	Nlcnda32.exe
2652	Npagjpcd.exe
2652	Npagjpcd.exe
2632	Nenobfak.exe
2632	Nenobfak.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Nenobfak.exe	Npagjpcd.exe
File created	C:\Windows\SysWOW64\Lamajm32.dll	Nenobfak.exe
File opened for modification	C:\Windows\SysWOW64\Nlcnda32.exe	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
File created	C:\Windows\SysWOW64\Ogjgkqaa.dll	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
File created	C:\Windows\SysWOW64\Mahqjm32.dll	Nlcnda32.exe
File created	C:\Windows\SysWOW64\Nenobfak.exe	Npagjpcd.exe
File created	C:\Windows\SysWOW64\Mehjml32.dll	Npagjpcd.exe
File created	C:\Windows\SysWOW64\Nlhgoqhh.exe	Nenobfak.exe
File opened for modification	C:\Windows\SysWOW64\Nlhgoqhh.exe	Nenobfak.exe
File created	C:\Windows\SysWOW64\Nlcnda32.exe	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
File created	C:\Windows\SysWOW64\Npagjpcd.exe	Nlcnda32.exe
File opened for modification	C:\Windows\SysWOW64\Npagjpcd.exe	Nlcnda32.exe

Modifies registry class 15 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Nlcnda32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mehjml32.dll"	Npagjpcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lamajm32.dll"	Nenobfak.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ogjgkqaa.dll"	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mahqjm32.dll"	Nlcnda32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Npagjpcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nenobfak.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Nenobfak.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nlcnda32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Npagjpcd.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2316	2836	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe	28
PID 2836 wrote to memory of 2316	2836	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe	28
PID 2836 wrote to memory of 2316	2836	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe	28
PID 2836 wrote to memory of 2316	2836	NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe	28
PID 2316 wrote to memory of 2652	2316	Nlcnda32.exe	29
PID 2316 wrote to memory of 2652	2316	Nlcnda32.exe	29
PID 2316 wrote to memory of 2652	2316	Nlcnda32.exe	29
PID 2316 wrote to memory of 2652	2316	Nlcnda32.exe	29
PID 2652 wrote to memory of 2632	2652	Npagjpcd.exe	30
PID 2652 wrote to memory of 2632	2652	Npagjpcd.exe	30
PID 2652 wrote to memory of 2632	2652	Npagjpcd.exe	30
PID 2652 wrote to memory of 2632	2652	Npagjpcd.exe	30
PID 2632 wrote to memory of 2668	2632	Nenobfak.exe	31
PID 2632 wrote to memory of 2668	2632	Nenobfak.exe	31
PID 2632 wrote to memory of 2668	2632	Nenobfak.exe	31
PID 2632 wrote to memory of 2668	2632	Nenobfak.exe	31

C:\Users\Admin\AppData\Local\Temp\NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.fa4bbe0ede323c901ea447e5f8e45146.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\SysWOW64\Nlcnda32.exe
  C:\Windows\system32\Nlcnda32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2316
- - C:\Windows\SysWOW64\Npagjpcd.exe
    C:\Windows\system32\Npagjpcd.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Windows\SysWOW64\Nenobfak.exe
      C:\Windows\system32\Nenobfak.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Windows\SysWOW64\Nlhgoqhh.exe
        
        C:\Windows\system32\Nlhgoqhh.exe
        5⤵
        Executes dropped EXE
        
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Nenobfak.exe

Filesize
55KB

MD5
d1de72e87d4963f4c5d4d8288a0d34f4

SHA1
d06739127207d83defecd851f6f30c4d1a45c8e2

SHA256
a6e04975792ee62aa01cf998804013f7cc01ab7d335206dea4e591e2f38dff86

SHA512
07bba7f4d5d7d151637686815c237b14276ca988eadae2ba3ecfd8583df50eb5eaa22fd5413fa5d64b936966001503e572a579eb71d1f900d3ab21114d640005

Download Submit
C:\Windows\SysWOW64\Nenobfak.exe

Filesize
55KB

MD5
d1de72e87d4963f4c5d4d8288a0d34f4

SHA1
d06739127207d83defecd851f6f30c4d1a45c8e2

SHA256
a6e04975792ee62aa01cf998804013f7cc01ab7d335206dea4e591e2f38dff86

SHA512
07bba7f4d5d7d151637686815c237b14276ca988eadae2ba3ecfd8583df50eb5eaa22fd5413fa5d64b936966001503e572a579eb71d1f900d3ab21114d640005

Download Submit
C:\Windows\SysWOW64\Nenobfak.exe

Filesize
55KB

MD5
d1de72e87d4963f4c5d4d8288a0d34f4

SHA1
d06739127207d83defecd851f6f30c4d1a45c8e2

SHA256
a6e04975792ee62aa01cf998804013f7cc01ab7d335206dea4e591e2f38dff86

SHA512
07bba7f4d5d7d151637686815c237b14276ca988eadae2ba3ecfd8583df50eb5eaa22fd5413fa5d64b936966001503e572a579eb71d1f900d3ab21114d640005

Download Submit
C:\Windows\SysWOW64\Nlcnda32.exe

Filesize
55KB

MD5
55ea1425b42210f37827126300eed4bd

SHA1
b4ebf061b0036105cf097b61c60942e649bb07b6

SHA256
dc00c280172f46140f2d24bdfecce1cb5ee10d258f14b3c482b312fe47ff57c7

SHA512
8e76fc6d2c0f1c962a74a7073aa0d59717078528694a5782db51883612f9e79cd79c2164688d14d60c72b490abe9e4f6bb7b1d8c80a2aae6e08539d618911d11

Download Submit
C:\Windows\SysWOW64\Nlcnda32.exe

Filesize
55KB

MD5
55ea1425b42210f37827126300eed4bd

SHA1
b4ebf061b0036105cf097b61c60942e649bb07b6

SHA256
dc00c280172f46140f2d24bdfecce1cb5ee10d258f14b3c482b312fe47ff57c7

SHA512
8e76fc6d2c0f1c962a74a7073aa0d59717078528694a5782db51883612f9e79cd79c2164688d14d60c72b490abe9e4f6bb7b1d8c80a2aae6e08539d618911d11

Download Submit
C:\Windows\SysWOW64\Nlcnda32.exe

Filesize
55KB

MD5
55ea1425b42210f37827126300eed4bd

SHA1
b4ebf061b0036105cf097b61c60942e649bb07b6

SHA256
dc00c280172f46140f2d24bdfecce1cb5ee10d258f14b3c482b312fe47ff57c7

SHA512
8e76fc6d2c0f1c962a74a7073aa0d59717078528694a5782db51883612f9e79cd79c2164688d14d60c72b490abe9e4f6bb7b1d8c80a2aae6e08539d618911d11

Download Submit
C:\Windows\SysWOW64\Nlhgoqhh.exe

Filesize
55KB

MD5
77302620990a4f0dd9689ea719258a69

SHA1
6abec0ecbab71e9ea6377f7dfd61833276ccadf2

SHA256
23a3d34cd7b3bea328b00d545e2c52617068817a09acd5d19a015cbb3c36296e

SHA512
12c03055c2ce8e3da780300130cf00a5d2da2ce00565f016dc03a0b11539dc50563e74dcf46d887be690f1e1f94c744d764c8e444a78add0e4f8f679efd7d729

Download Submit
C:\Windows\SysWOW64\Nlhgoqhh.exe

Filesize
55KB

MD5
77302620990a4f0dd9689ea719258a69

SHA1
6abec0ecbab71e9ea6377f7dfd61833276ccadf2

SHA256
23a3d34cd7b3bea328b00d545e2c52617068817a09acd5d19a015cbb3c36296e

SHA512
12c03055c2ce8e3da780300130cf00a5d2da2ce00565f016dc03a0b11539dc50563e74dcf46d887be690f1e1f94c744d764c8e444a78add0e4f8f679efd7d729

Download Submit
C:\Windows\SysWOW64\Npagjpcd.exe

Filesize
55KB

MD5
b42198202b6526190ee5fb34a8f77894

SHA1
f3799a3e47e60d40d0a811caec3b6f4636154182

SHA256
3b55601d5ba2a1d6a112aff2c726a8df98f9e08c21dba657f7918efdb05afb87

SHA512
7b3eab45ff90156cd2a0ba5532890725680326ee87108da8d37ac63f0bee6800941b8d355b99292dcdfd17efec19a4abd29ddccc17a26f3b06e6b7cc4a506137

Download Submit
C:\Windows\SysWOW64\Npagjpcd.exe

Filesize
55KB

MD5
b42198202b6526190ee5fb34a8f77894

SHA1
f3799a3e47e60d40d0a811caec3b6f4636154182

SHA256
3b55601d5ba2a1d6a112aff2c726a8df98f9e08c21dba657f7918efdb05afb87

SHA512
7b3eab45ff90156cd2a0ba5532890725680326ee87108da8d37ac63f0bee6800941b8d355b99292dcdfd17efec19a4abd29ddccc17a26f3b06e6b7cc4a506137

Download Submit
C:\Windows\SysWOW64\Npagjpcd.exe

Filesize
55KB

MD5
b42198202b6526190ee5fb34a8f77894

SHA1
f3799a3e47e60d40d0a811caec3b6f4636154182

SHA256
3b55601d5ba2a1d6a112aff2c726a8df98f9e08c21dba657f7918efdb05afb87

SHA512
7b3eab45ff90156cd2a0ba5532890725680326ee87108da8d37ac63f0bee6800941b8d355b99292dcdfd17efec19a4abd29ddccc17a26f3b06e6b7cc4a506137

Download Submit
\Windows\SysWOW64\Nenobfak.exe

Filesize
55KB

MD5
d1de72e87d4963f4c5d4d8288a0d34f4

SHA1
d06739127207d83defecd851f6f30c4d1a45c8e2

SHA256
a6e04975792ee62aa01cf998804013f7cc01ab7d335206dea4e591e2f38dff86

SHA512
07bba7f4d5d7d151637686815c237b14276ca988eadae2ba3ecfd8583df50eb5eaa22fd5413fa5d64b936966001503e572a579eb71d1f900d3ab21114d640005

Download Submit
\Windows\SysWOW64\Nenobfak.exe

Filesize
55KB

MD5
d1de72e87d4963f4c5d4d8288a0d34f4

SHA1
d06739127207d83defecd851f6f30c4d1a45c8e2

SHA256
a6e04975792ee62aa01cf998804013f7cc01ab7d335206dea4e591e2f38dff86

SHA512
07bba7f4d5d7d151637686815c237b14276ca988eadae2ba3ecfd8583df50eb5eaa22fd5413fa5d64b936966001503e572a579eb71d1f900d3ab21114d640005

Download Submit
\Windows\SysWOW64\Nlcnda32.exe

Filesize
55KB

MD5
55ea1425b42210f37827126300eed4bd

SHA1
b4ebf061b0036105cf097b61c60942e649bb07b6

SHA256
dc00c280172f46140f2d24bdfecce1cb5ee10d258f14b3c482b312fe47ff57c7

SHA512
8e76fc6d2c0f1c962a74a7073aa0d59717078528694a5782db51883612f9e79cd79c2164688d14d60c72b490abe9e4f6bb7b1d8c80a2aae6e08539d618911d11

Download Submit
\Windows\SysWOW64\Nlcnda32.exe

Filesize
55KB

MD5
55ea1425b42210f37827126300eed4bd

SHA1
b4ebf061b0036105cf097b61c60942e649bb07b6

SHA256
dc00c280172f46140f2d24bdfecce1cb5ee10d258f14b3c482b312fe47ff57c7

SHA512
8e76fc6d2c0f1c962a74a7073aa0d59717078528694a5782db51883612f9e79cd79c2164688d14d60c72b490abe9e4f6bb7b1d8c80a2aae6e08539d618911d11

Download Submit
\Windows\SysWOW64\Nlhgoqhh.exe

Filesize
55KB

MD5
77302620990a4f0dd9689ea719258a69

SHA1
6abec0ecbab71e9ea6377f7dfd61833276ccadf2

SHA256
23a3d34cd7b3bea328b00d545e2c52617068817a09acd5d19a015cbb3c36296e

SHA512
12c03055c2ce8e3da780300130cf00a5d2da2ce00565f016dc03a0b11539dc50563e74dcf46d887be690f1e1f94c744d764c8e444a78add0e4f8f679efd7d729

Download Submit
\Windows\SysWOW64\Nlhgoqhh.exe

Filesize
55KB

MD5
77302620990a4f0dd9689ea719258a69

SHA1
6abec0ecbab71e9ea6377f7dfd61833276ccadf2

SHA256
23a3d34cd7b3bea328b00d545e2c52617068817a09acd5d19a015cbb3c36296e

SHA512
12c03055c2ce8e3da780300130cf00a5d2da2ce00565f016dc03a0b11539dc50563e74dcf46d887be690f1e1f94c744d764c8e444a78add0e4f8f679efd7d729

Download Submit
\Windows\SysWOW64\Npagjpcd.exe

Filesize
55KB

MD5
b42198202b6526190ee5fb34a8f77894

SHA1
f3799a3e47e60d40d0a811caec3b6f4636154182

SHA256
3b55601d5ba2a1d6a112aff2c726a8df98f9e08c21dba657f7918efdb05afb87

SHA512
7b3eab45ff90156cd2a0ba5532890725680326ee87108da8d37ac63f0bee6800941b8d355b99292dcdfd17efec19a4abd29ddccc17a26f3b06e6b7cc4a506137

Download Submit
\Windows\SysWOW64\Npagjpcd.exe

Filesize
55KB

MD5
b42198202b6526190ee5fb34a8f77894

SHA1
f3799a3e47e60d40d0a811caec3b6f4636154182

SHA256
3b55601d5ba2a1d6a112aff2c726a8df98f9e08c21dba657f7918efdb05afb87

SHA512
7b3eab45ff90156cd2a0ba5532890725680326ee87108da8d37ac63f0bee6800941b8d355b99292dcdfd17efec19a4abd29ddccc17a26f3b06e6b7cc4a506137

Download Submit
memory/2316-25-0x0000000000220000-0x0000000000253000-memory.dmp

Filesize
204KB

Download
memory/2316-27-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2632-52-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2652-42-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2668-59-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2836-6-0x0000000000220000-0x0000000000253000-memory.dmp

Filesize
204KB

Download
memory/2836-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2836-58-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2836-12-0x0000000000220000-0x0000000000253000-memory.dmp

Filesize
204KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads