9f571d1bf28ffb54edb8b47851e1737788afe533c95dfccb1520516c5e45d3e9

Analysis

max time kernel
149s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f553f5bec066bc2209b5ced1b8ba1d7.exe
Size

422KB
MD5

7f553f5bec066bc2209b5ced1b8ba1d7
SHA1

a4f969cb89496d374c56b1287d9a70163ac4c3dd
SHA256

9f571d1bf28ffb54edb8b47851e1737788afe533c95dfccb1520516c5e45d3e9
SHA512

66a974f353ce585f6ee04f2e97820da0887222a1bf37629b4d2dc62dc328a487136dfffb46b910578c8b8c675ad6e6a6ac5bbbd5de830063c2e3033a15b94d62
SSDEEP

6144:vhbZ5hMTNFf8LAurlEzAX7oAwfSZ4sXUzQIlJZCoT:ZtXMzqrllX7XwfEIlJZ7T

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 26 IoCs

pid	Process
3944	7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe
1224	7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe
3536	7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe
2784	7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe
2468	7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe
3688	7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe
1520	7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe
884	7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe
3820	7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe
2852	7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe
4084	7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe
2804	7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe
3768	7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe
316	7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe
3192	7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe
4272	7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe
3700	7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe
4856	7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe
4844	7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe
1456	7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe
4492	7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe
1488	7f553f5bec066bc2209b5ced1b8ba1d7_3202u.exe
1600	7f553f5bec066bc2209b5ced1b8ba1d7_3202v.exe
2120	7f553f5bec066bc2209b5ced1b8ba1d7_3202w.exe
4896	7f553f5bec066bc2209b5ced1b8ba1d7_3202x.exe
1224	7f553f5bec066bc2209b5ced1b8ba1d7_3202y.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4868-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000400000001e7e2-5.dat	upx
behavioral2/memory/4868-6-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4868-10-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000400000001e7e3-17.dat	upx
behavioral2/memory/3944-18-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000300000001e7e4-27.dat	upx
behavioral2/memory/1224-34-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3536-28-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000400000001e7e6-36.dat	upx
behavioral2/memory/3536-37-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000400000001e7e9-45.dat	upx
behavioral2/memory/2784-46-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7eb-54.dat	upx
behavioral2/memory/2468-56-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7ec-63.dat	upx
behavioral2/memory/3688-65-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1520-71-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1520-73-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7ed-74.dat	upx
behavioral2/memory/884-81-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7ee-83.dat	upx
behavioral2/memory/884-84-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3820-86-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7ef-93.dat	upx
behavioral2/memory/3820-94-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2852-101-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000300000001e7f1-103.dat	upx
behavioral2/memory/2852-104-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4084-114-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7f2-113.dat	upx
behavioral2/memory/3768-124-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7f3-123.dat	upx
behavioral2/memory/2804-122-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/3768-132-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7f4-131.dat	upx
behavioral2/memory/316-139-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7f5-141.dat	upx
behavioral2/memory/316-142-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7f6-150.dat	upx
behavioral2/memory/3192-151-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7f8-159.dat	upx
behavioral2/memory/4272-160-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7fa-170.dat	upx
behavioral2/memory/3700-169-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4856-172-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7fb-178.dat	upx
behavioral2/memory/4856-179-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7fc-187.dat	upx
behavioral2/memory/4844-189-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7fe-196.dat	upx
behavioral2/memory/1456-198-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4492-199-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4492-206-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7ff-207.dat	upx
behavioral2/files/0x000200000001e800-217.dat	upx
behavioral2/files/0x000200000001e801-225.dat	upx
behavioral2/memory/1600-218-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1488-216-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e802-233.dat	upx
behavioral2/memory/2120-234-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e803-242.dat	upx
behavioral2/memory/4896-243-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/1224-245-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202w.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202v.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202y.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202x.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202v.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202u.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202x.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202w.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202u.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Trickler = "\"c:\\users\\admin\\appdata\\local\\temp\\7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe\""	7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202x.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202u.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202x.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202y.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202y.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202v.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202w.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets = 52e14f0db713372e	7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe
Key created	\REGISTRY\MACHINE\Software\CLASSES\WOW6432Node\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}	7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 3944	4868	7f553f5bec066bc2209b5ced1b8ba1d7.exe	92
PID 4868 wrote to memory of 3944	4868	7f553f5bec066bc2209b5ced1b8ba1d7.exe	92
PID 4868 wrote to memory of 3944	4868	7f553f5bec066bc2209b5ced1b8ba1d7.exe	92
PID 3944 wrote to memory of 1224	3944	7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe	93
PID 3944 wrote to memory of 1224	3944	7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe	93
PID 3944 wrote to memory of 1224	3944	7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe	93
PID 1224 wrote to memory of 3536	1224	7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe	95
PID 1224 wrote to memory of 3536	1224	7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe	95
PID 1224 wrote to memory of 3536	1224	7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe	95
PID 3536 wrote to memory of 2784	3536	7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe	97
PID 3536 wrote to memory of 2784	3536	7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe	97
PID 3536 wrote to memory of 2784	3536	7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe	97
PID 2784 wrote to memory of 2468	2784	7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe	98
PID 2784 wrote to memory of 2468	2784	7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe	98
PID 2784 wrote to memory of 2468	2784	7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe	98
PID 2468 wrote to memory of 3688	2468	7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe	99
PID 2468 wrote to memory of 3688	2468	7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe	99
PID 2468 wrote to memory of 3688	2468	7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe	99
PID 3688 wrote to memory of 1520	3688	7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe	100
PID 3688 wrote to memory of 1520	3688	7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe	100
PID 3688 wrote to memory of 1520	3688	7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe	100
PID 1520 wrote to memory of 884	1520	7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe	101
PID 1520 wrote to memory of 884	1520	7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe	101
PID 1520 wrote to memory of 884	1520	7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe	101
PID 884 wrote to memory of 3820	884	7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe	102
PID 884 wrote to memory of 3820	884	7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe	102
PID 884 wrote to memory of 3820	884	7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe	102
PID 3820 wrote to memory of 2852	3820	7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe	103
PID 3820 wrote to memory of 2852	3820	7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe	103
PID 3820 wrote to memory of 2852	3820	7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe	103
PID 2852 wrote to memory of 4084	2852	7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe	104
PID 2852 wrote to memory of 4084	2852	7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe	104
PID 2852 wrote to memory of 4084	2852	7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe	104
PID 4084 wrote to memory of 2804	4084	7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe	105
PID 4084 wrote to memory of 2804	4084	7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe	105
PID 4084 wrote to memory of 2804	4084	7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe	105
PID 2804 wrote to memory of 3768	2804	7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe	106
PID 2804 wrote to memory of 3768	2804	7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe	106
PID 2804 wrote to memory of 3768	2804	7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe	106
PID 3768 wrote to memory of 316	3768	7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe	107
PID 3768 wrote to memory of 316	3768	7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe	107
PID 3768 wrote to memory of 316	3768	7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe	107
PID 316 wrote to memory of 3192	316	7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe	108
PID 316 wrote to memory of 3192	316	7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe	108
PID 316 wrote to memory of 3192	316	7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe	108
PID 3192 wrote to memory of 4272	3192	7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe	109
PID 3192 wrote to memory of 4272	3192	7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe	109
PID 3192 wrote to memory of 4272	3192	7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe	109
PID 4272 wrote to memory of 3700	4272	7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe	110
PID 4272 wrote to memory of 3700	4272	7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe	110
PID 4272 wrote to memory of 3700	4272	7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe	110
PID 3700 wrote to memory of 4856	3700	7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe	111
PID 3700 wrote to memory of 4856	3700	7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe	111
PID 3700 wrote to memory of 4856	3700	7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe	111
PID 4856 wrote to memory of 4844	4856	7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe	112
PID 4856 wrote to memory of 4844	4856	7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe	112
PID 4856 wrote to memory of 4844	4856	7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe	112
PID 4844 wrote to memory of 1456	4844	7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe	113
PID 4844 wrote to memory of 1456	4844	7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe	113
PID 4844 wrote to memory of 1456	4844	7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe	113
PID 1456 wrote to memory of 4492	1456	7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe	114
PID 1456 wrote to memory of 4492	1456	7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe	114
PID 1456 wrote to memory of 4492	1456	7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe	114
PID 4492 wrote to memory of 1488	4492	7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe	115

C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7.exe
"C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4868
- \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe
  c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3944
- - \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe
    c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1224
  - - \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe
      c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:3536
    - - \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2784
      - \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2468
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3688
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1520
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:884
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3820
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2852
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4084
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe
        13⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2804
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3768
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:316
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3192
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4272
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3700
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4856
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe
        20⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4844
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1456
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4492
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202u.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202u.exe
        23⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1488
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202v.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202v.exe
        24⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:1600
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202w.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202w.exe
        25⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:2120
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202x.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202x.exe
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4896
        
        \??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202y.exe
        
        c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202y.exe
        27⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202.exe

Filesize
422KB

MD5
6b96868827e8b2c4f65c4189508cad14

SHA1
651fea885ee4091e09b742743182db4443cf4656

SHA256
111d619a9441814a3facfb2f79bd6f64ace3bc567f952744790cb041b163cdc2

SHA512
cedf2fad1a81e1c3dabdbdd02ec67b18ea3160b9547f06c39b48c39c2c99ca2755db68496647c0c5c447be8f937a42777a26a38f60fc924fbd6e02272ff45a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202a.exe

Filesize
423KB

MD5
75526afa53848a1edcb9146531de07a7

SHA1
85fd19a75bdc85e40f71ee8517b0bbf8ca8a61c7

SHA256
5c69c7d82201c11869500f2bf3c2479820e98ce8f6bdd540781de7bd7b2763ce

SHA512
d3b91df43c13ffc5ca3977d7672d165bf41d5cc3ba75a2277d67dddb1e5606d9c8643ba32f7fc3cc92b5d5bb9cce4b66cb07ebc60bf07b3cd8a4b2983ad761ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202c.exe

Filesize
423KB

MD5
32d58912f821212627931fc0333102bd

SHA1
911b631019fe9ff66c68297f21de940d8e6d2fe6

SHA256
06cdfa10dc6210bebfbc4475e2d7d33b257053a4f937588ef1a8975260ef57c0

SHA512
71ad6defa7b815292089c96885b2d2692eece0ea15c2fe4a9759631558d6c4c6547ad67041b38d24148144b78b71e3b77694cc31047199e7a4252718abbf39f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202d.exe

Filesize
423KB

MD5
be5f9571b9b07be42dbd40a9b8f5ec37

SHA1
972205c3d4a27875d0d204314be358b8b2003599

SHA256
ee439dda0776fa2cdd9178897c74d843c3349efa4301f42ce54dc3e95bae41e4

SHA512
a4dbd430ec96260cdfcfdb5ee6a6aa27209f7724c27882a4e9fadfae3e7c35e476263ff2b3c50cb8eae6cc1b13ee352b700158550f749f2620c6052370802fec

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202e.exe

Filesize
424KB

MD5
336d168fb28d26418793cd2c770f041b

SHA1
f6a9f577e162a01a4b616bd011900777793b6af1

SHA256
33ebb579f304eccb3b614d86f8e864301d83c120aec0b16f5ea3b7b8abd17abf

SHA512
b3ac7902dea2e750d6cd78e8cf0b9d63af80742e22e3ef69de80ab86cbd2087fba27cdfe49448d9ede6cff919422d187981be69c5ed3919c41fb98d2cbf08960

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202f.exe

Filesize
424KB

MD5
d4475ffe1c0fd00979b7053f45de4fb8

SHA1
fadc240399ae15dcc8c87609d467a06153045f56

SHA256
1fb34229cafe6ebf9a1032f95b80906406198c3e5a539034193a4f27a6aa72dc

SHA512
5ffd53f3bbe035d0ecd386946dd7026de5f909fcb68b5904b5c939294128c5c383a9fa2b6cd8524599a11262e8413faa2211bc9616b82e959505035f75c7ea5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202g.exe

Filesize
424KB

MD5
c29897609aca48105aa3855a3628affb

SHA1
8319685e44b764e7563aa145a37936f1f43d7ecb

SHA256
fa94756ec500d463d2e70d94ee73a535f572e4bc743fe2895221113ca4feac02

SHA512
49852698dff56c13e4f474fac01044caf2b61ed9c3de9aee04d84159c85459f6a34a7c0ec5615f1a878f3566b69c9d2811376314f86721b40dea31b850ee5182

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202h.exe

Filesize
424KB

MD5
225695b36942108f9e4134e83050595f

SHA1
87a1a477ecd1e3b37c4852bc5f81e2024002a4e7

SHA256
1e1c74928dffc6c0a7c12f961ca7eb3f758b450f9824de17274ee5d1dfbe5ab1

SHA512
6720672f2261da042d351568ac1e986d492a518593ce38722696fb6a9c2f20492e06d4f5091e305ecfeb9a41a6f346022a1588d62186a4fd84861b0085b52537

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202i.exe

Filesize
424KB

MD5
743d417cb2882cefaf391dee334860e1

SHA1
28bac5d862f8db63872ab44fb23339b43bc4bac5

SHA256
735714295f59c3ca06ce4289e87dbd5191c028d693055a695af88c2d1288ce66

SHA512
8f882a2389dbec4c0f97840cfbf2ee92ff4bf6d9e249b4002ba64808117a4f947c444fb4500540c5c72ce784e20b9ba16a8d8836b3d5e6a11c5097fc28652c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202j.exe

Filesize
425KB

MD5
a0793383dfe9128c8fdbf36a1b5f413a

SHA1
eee2234f3b0141b8f8a98e55cbeedbd3d56828d6

SHA256
5879aca1aed8ed5e8f1620b2a4ee813238bf65a2c545737bd4eec376d44c7110

SHA512
b32509c7cbe3977f32c7146092de9fbed766818a2c655ed5072274945e71d71ab58819ae9f410bc26dd3af79e15f7df861d62b43062f59f20173633530f95b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202m.exe

Filesize
425KB

MD5
a524dc0e71ccf3503b7331887082dc4a

SHA1
d8fd878a0cd0089d90e39ef91cf97cda03902c8e

SHA256
bf34c87b886957d3fba7ed3f050dff7eef75f586bffcb0061378aea3578f3a08

SHA512
399e970badc6158cc1977e943df7f26fb42362580b91803598c96f9496cd1667315494a4592d7cb59f2d659ee1fc69546800ba9174536a54bfb200f7eae4695e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202n.exe

Filesize
426KB

MD5
76df4b317cc84be66ba89cf2e7e0bb8a

SHA1
42b5a13e7d9f52e886ce0ebecc6aaa70042669f7

SHA256
d07cc0a66fbb73f6a8dccd94e34b61dd86deb1ea6da97a7563589ddd13add39a

SHA512
4ddd9ee94262db8233872dcf5e4eef93615529b1b74b4a07936f131264d175d8357616eee3742d255dced85b4a8543e08417f61c1fba12781a18164995d43418

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202o.exe

Filesize
426KB

MD5
efe5b6b8450a69d134873ff597d7c9d8

SHA1
fcacc27d955953e746a62aa2a5df33ab6b218505

SHA256
4710de6c07a1240b9058cd27977267f86b62304f085efa56ba05e609d30a010b

SHA512
ccf7a0177438682f7da51feff682ecd4092053d5fc057ab56cc15051d60b9e240fd371dfaad4a7a5b3b678c070e32136c2bed706a18b5db29a14708f1db94123

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202p.exe

Filesize
426KB

MD5
a2fbcbac071c2d308e21e82628c99835

SHA1
cce67af7f80c06c8aea7b0b915ccc241daeb842f

SHA256
9b2dbec7358ab17b67b40c4ab234f7b78dddea885d54035bc18ca9f7c90b8f50

SHA512
b15c301976b28cb3d5a3c4c8d6dcd0db809df0a79d84d127df8b5c6d6d2477a31b43d645c01a09227a83864917a03c9d0ea64c61b198e0a0ae820af9fcb47a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202r.exe

Filesize
427KB

MD5
837c7aea03a78f93c2615e75fb4dd40e

SHA1
b93bd7bdf008d64bcff713a57af8a49ef7ffa79d

SHA256
ac6354664d4efb801eeb2c4c0172a100d546d9f64842f781e6766a0069780e16

SHA512
e803c90f9eabb7a3241bbeb03169cf3777f52637c296545cc04371eda4c26fc65e610db4f9dfc6956aeb605b54fa7fe83e517baa72797e24a6bdf1bff46026aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202s.exe

Filesize
427KB

MD5
e9b74e49f7973789c8294a6a3992e9e7

SHA1
8c68c5e63b12ce34e2d17bae88424384be1765bc

SHA256
c05c7440051f70a31668b36c1f12601fa9a21ba7b4a569e0cf93a92e9b4b5295

SHA512
17b2071de1977d7dbb953d97e6aa1cb27161eb5566a6c9a0837a87255284702dacc3e77d34f4b937e487ed378eeee8ea07f7eb47074fd80549ddb6373554800a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202t.exe

Filesize
427KB

MD5
3aca3effaa0a765257c20ff558847b79

SHA1
e61e07b0c26e70214524ebbefb273d3a5585a498

SHA256
50794ba8c6656032df89ac9be2c5d762aa9b0c8cd5acf291cb21382a2e3f234b

SHA512
5a76ea5b2b21733ad593f0c6ab2ac59d91db1797cf0a26e731deb9c730dc4f4a4d30adbeddca5fbf8d82104897c606bce51f23d166e80fcf6022ce9cb8bfdb02

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202u.exe

Filesize
427KB

MD5
4850dbb49830644a805034220b524c03

SHA1
293012674ad5a10552a552521a273730c94f4169

SHA256
b18c40b9a55a7482d88a8f782911992b0864cee06f83475f9ce5e4570f4e3266

SHA512
8502a076e852d99a923342872cdf5daa12266f325cbecda74fbac58153c31b1a64f56b1869c4b8719b08012bef71f7d9f2dc7e6bc96295941473cf15db8663e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202w.exe

Filesize
428KB

MD5
7124937d0ab3c0e1d7485bba3cd40200

SHA1
7fbfeea1dcaf2777839f0b29b13bd7c212b3571c

SHA256
55bb1089007477beb14b7fdceeda0c134622401239af67713f7cbf79a24740c8

SHA512
59193dff7f2ffa947b3335ef47742a10587072510c2e40ad1225867ddc46bd308e1fc396fc23b1259ffe6ffcde315111e1d6763d7e9b22096609416ffc9b1d13

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202x.exe

Filesize
428KB

MD5
47fd465207a75a5c6ad8205090c2fe40

SHA1
e80b18b9558613de9d0612fa8ab4529435b07ac8

SHA256
52c1a34db9f90e15043585f8b24fedfdf0db64c08aa6fbc2218c7f954451f82b

SHA512
1efac0a8c003f269fe0b6d2f32caa90798fa368b7108044ac0787c69cb1cf0d0c2c8d97807133bc68f448f9b65ce6324e4f9937d0459d912dd8b22a3ce4544bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202y.exe

Filesize
428KB

MD5
9b5ac584e6f07f96888eae95a4f0caa7

SHA1
05c073a64b89ca1dfc4b0c4a408a05257068124e

SHA256
cc94231997719a9753f50c9781732dcc86dbb005e68ba3859bf1447a556b3902

SHA512
b4e76dc2929af0f35c329c234fca272bda3322a76b1ac98717df077c71a5a0a02d3d5fcad7f0bc68d43d7792b9e6a4d1ae29f076ce48fde3a9525720d543ef6e

Download Submit
\??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202b.exe

Filesize
423KB

MD5
6de5af7104ef0e7f1e8516e3cb2bb195

SHA1
53944113b4f3607ab9835d37b01fa9ea8a0e6729

SHA256
8b642d6e3735846d6c6c3d4e69d7fe410104ef8e1675cec5084c79b8ef545cf0

SHA512
263ed47a3c8e3a6aecc346d4340230b957e726655c4e753a2a976f61d195ebce464705ac47404231bb0b3e8dd3dc6dd9432befc4af9385eb9faceaef9564599e

Download Submit
\??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202k.exe

Filesize
425KB

MD5
d128bcbe8abffd65e2014ae46b3f4777

SHA1
65959bcec4eded58b455dbedeb65a659c21f2ed6

SHA256
f4fc11b898ec6598034b73d916948ea54276e84149ee3b0f037e426ba53bbff2

SHA512
a4fcd0462824496edfea93e75381afdf34b8db2a937cc3b8151516b1503041aca0173ec4b1c11dd5008b64ec39abbd4e013c35241ae8ed0e57c199db6f49f430

Download Submit
\??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202l.exe

Filesize
425KB

MD5
08fc0244666dcdd2bbe825a5f4a68b63

SHA1
6996bd5c9b1fde718609da44d46fcbf6fbdf6f5d

SHA256
0afbfd2590b29b587086824ed260a6be2cabeddcd67b95feacb69218abb4b3b5

SHA512
419dd84250ab2cb58fdf98c1457be037afb58af0357107c84c7de30db0bb3c75c36002b23cfa97656b56cb4e4c43881635db2193089cca3acfdf3c3f1d752c1b

Download Submit
\??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202q.exe

Filesize
426KB

MD5
d15c8db8b7747223f63784803f12413d

SHA1
ac1fb0951432150dd0b8af15b72661ec7d182b70

SHA256
037f7fb7846499fc2980f76c6e3e55e0c01c9cb411d8eb54f0e29a99f86002b9

SHA512
1b7f6d6e325a0f2d7005f0bed1709fe4e39ae3d74fc8ee3e622195f1faa87bc80106d595fc289f1d3fd27885abd308ecc4f059a73d22e1e55aebd0588c72662d

Download Submit
\??\c:\users\admin\appdata\local\temp\7f553f5bec066bc2209b5ced1b8ba1d7_3202v.exe

Filesize
427KB

MD5
8602fe43b7abe8dc0d91700a8aff2407

SHA1
e5a60e3f90e748a87da92f095dd58fb91b923d38

SHA256
b43ab7a42624c14afccefd354325706b540e69cce1e6eb6ff453ba15ac744a1b

SHA512
e89cc4ec8664c6d6adf384c00f9ee12fa6b8dda5bf46aeeff15299b3c4967f88d0f9e17da61b4de2a1f782988e9771956d4c6d33df7000c038c6fb4168b0f239

Download Submit
memory/316-142-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/316-139-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/884-84-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/884-81-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1224-34-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1224-245-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1456-198-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1488-216-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1520-73-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1520-71-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1600-246-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1600-218-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2120-234-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2468-56-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2784-46-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2804-122-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2852-101-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2852-104-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3192-151-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3536-28-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3536-37-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3688-65-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3700-169-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3768-132-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3768-124-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3820-86-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3820-94-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3944-18-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4084-114-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4272-160-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4492-199-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4492-206-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4844-189-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4856-179-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4856-172-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4868-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4868-10-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4868-6-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4896-243-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads