252a19451e03520ea608af9aae0e8e090e7854f631b87cbc6156614be287c41d

Analysis

max time kernel
148s
max time network
138s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 15:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

59062d5df3dc2cc09028e3896c1bf56d.exe
Size

772KB
MD5

59062d5df3dc2cc09028e3896c1bf56d
SHA1

5cef9e055b823929828d2d057e68cebe9e22f20b
SHA256

252a19451e03520ea608af9aae0e8e090e7854f631b87cbc6156614be287c41d
SHA512

f3b29ee338c82974c6b31a54f4a5d087de3b780c75561217ccbfd49371b641cbdb0bea700180154820a4db2bd7ee1d7de4b6da5ad2f711ed384726be011445d3
SSDEEP

12288:wEH4LHsAZ7qGyEQmNBhtbllYOGuRU9aQ0dcz3HEai:wEH4LHaoNBhNYOfdO3E9

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies firewall policy service 2 TTPs 8 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\svchost.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\svchost.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\8872\Scvhost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\8872\\Scvhost.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe

Adds policy Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\Scvhost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\8872\\Scvhost.exe"	svchost.exe

Modifies Installed Components in the registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{263FA446-C8BF-264F-FAB5-AEDDD5FC7CBA}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\8872\\Scvhost.exe"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{263FA446-C8BF-264F-FAB5-AEDDD5FC7CBA}	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Active Setup\Installed Components\{263FA446-C8BF-264F-FAB5-AEDDD5FC7CBA}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\8872\\Scvhost.exe"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{263FA446-C8BF-264F-FAB5-AEDDD5FC7CBA}	svchost.exe

Executes dropped EXE 2 IoCs

pid	Process
2796	winini.exe
1972	svchost.exe

Loads dropped DLL 3 IoCs

pid	Process
1696	59062d5df3dc2cc09028e3896c1bf56d.exe
1696	59062d5df3dc2cc09028e3896c1bf56d.exe
2796	winini.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Live = "C:\\Users\\Admin\\AppData\\Local\\Temp\\winini.exe"	winini.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Scvhost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\8872\\Scvhost.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Scvhost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\8872\\Scvhost.exe"	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2796 set thread context of 1972	2796	winini.exe	41

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
2780	reg.exe
2544	reg.exe
1228	reg.exe
2652	reg.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: 1	1972	svchost.exe
Token: SeCreateTokenPrivilege	1972	svchost.exe
Token: SeAssignPrimaryTokenPrivilege	1972	svchost.exe
Token: SeLockMemoryPrivilege	1972	svchost.exe
Token: SeIncreaseQuotaPrivilege	1972	svchost.exe
Token: SeMachineAccountPrivilege	1972	svchost.exe
Token: SeTcbPrivilege	1972	svchost.exe
Token: SeSecurityPrivilege	1972	svchost.exe
Token: SeTakeOwnershipPrivilege	1972	svchost.exe
Token: SeLoadDriverPrivilege	1972	svchost.exe
Token: SeSystemProfilePrivilege	1972	svchost.exe
Token: SeSystemtimePrivilege	1972	svchost.exe
Token: SeProfSingleProcessPrivilege	1972	svchost.exe
Token: SeIncBasePriorityPrivilege	1972	svchost.exe
Token: SeCreatePagefilePrivilege	1972	svchost.exe
Token: SeCreatePermanentPrivilege	1972	svchost.exe
Token: SeBackupPrivilege	1972	svchost.exe
Token: SeRestorePrivilege	1972	svchost.exe
Token: SeShutdownPrivilege	1972	svchost.exe
Token: SeDebugPrivilege	1972	svchost.exe
Token: SeAuditPrivilege	1972	svchost.exe
Token: SeSystemEnvironmentPrivilege	1972	svchost.exe
Token: SeChangeNotifyPrivilege	1972	svchost.exe
Token: SeRemoteShutdownPrivilege	1972	svchost.exe
Token: SeUndockPrivilege	1972	svchost.exe
Token: SeSyncAgentPrivilege	1972	svchost.exe
Token: SeEnableDelegationPrivilege	1972	svchost.exe
Token: SeManageVolumePrivilege	1972	svchost.exe
Token: SeImpersonatePrivilege	1972	svchost.exe
Token: SeCreateGlobalPrivilege	1972	svchost.exe
Token: 31	1972	svchost.exe
Token: 32	1972	svchost.exe
Token: 33	1972	svchost.exe
Token: 34	1972	svchost.exe
Token: 35	1972	svchost.exe
Token: SeDebugPrivilege	1972	svchost.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1972	svchost.exe
1972	svchost.exe
1972	svchost.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2796	1696	59062d5df3dc2cc09028e3896c1bf56d.exe	28
PID 1696 wrote to memory of 2796	1696	59062d5df3dc2cc09028e3896c1bf56d.exe	28
PID 1696 wrote to memory of 2796	1696	59062d5df3dc2cc09028e3896c1bf56d.exe	28
PID 1696 wrote to memory of 2796	1696	59062d5df3dc2cc09028e3896c1bf56d.exe	28
PID 2796 wrote to memory of 1972	2796	winini.exe	41
PID 2796 wrote to memory of 1972	2796	winini.exe	41
PID 2796 wrote to memory of 1972	2796	winini.exe	41
PID 2796 wrote to memory of 1972	2796	winini.exe	41
PID 2796 wrote to memory of 1972	2796	winini.exe	41
PID 2796 wrote to memory of 1972	2796	winini.exe	41
PID 2796 wrote to memory of 1972	2796	winini.exe	41
PID 2796 wrote to memory of 1972	2796	winini.exe	41
PID 1972 wrote to memory of 2604	1972	svchost.exe	40
PID 1972 wrote to memory of 2604	1972	svchost.exe	40
PID 1972 wrote to memory of 2604	1972	svchost.exe	40
PID 1972 wrote to memory of 2604	1972	svchost.exe	40
PID 1972 wrote to memory of 2880	1972	svchost.exe	39
PID 1972 wrote to memory of 2880	1972	svchost.exe	39
PID 1972 wrote to memory of 2880	1972	svchost.exe	39
PID 1972 wrote to memory of 2880	1972	svchost.exe	39
PID 1972 wrote to memory of 2612	1972	svchost.exe	37
PID 1972 wrote to memory of 2612	1972	svchost.exe	37
PID 1972 wrote to memory of 2612	1972	svchost.exe	37
PID 1972 wrote to memory of 2612	1972	svchost.exe	37
PID 1972 wrote to memory of 2296	1972	svchost.exe	36
PID 1972 wrote to memory of 2296	1972	svchost.exe	36
PID 1972 wrote to memory of 2296	1972	svchost.exe	36
PID 1972 wrote to memory of 2296	1972	svchost.exe	36
PID 2880 wrote to memory of 2652	2880	cmd.exe	33
PID 2880 wrote to memory of 2652	2880	cmd.exe	33
PID 2880 wrote to memory of 2652	2880	cmd.exe	33
PID 2880 wrote to memory of 2652	2880	cmd.exe	33
PID 2604 wrote to memory of 1228	2604	cmd.exe	32
PID 2604 wrote to memory of 1228	2604	cmd.exe	32
PID 2604 wrote to memory of 1228	2604	cmd.exe	32
PID 2604 wrote to memory of 1228	2604	cmd.exe	32
PID 2296 wrote to memory of 2780	2296	cmd.exe	30
PID 2296 wrote to memory of 2780	2296	cmd.exe	30
PID 2296 wrote to memory of 2780	2296	cmd.exe	30
PID 2296 wrote to memory of 2780	2296	cmd.exe	30
PID 2612 wrote to memory of 2544	2612	cmd.exe	31
PID 2612 wrote to memory of 2544	2612	cmd.exe	31
PID 2612 wrote to memory of 2544	2612	cmd.exe	31
PID 2612 wrote to memory of 2544	2612	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\59062d5df3dc2cc09028e3896c1bf56d.exe
"C:\Users\Admin\AppData\Local\Temp\59062d5df3dc2cc09028e3896c1bf56d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Users\Admin\AppData\Local\Temp\winini.exe
  "C:\Users\Admin\AppData\Local\Temp\winini.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\svchost.exe
    C:\Users\Admin\AppData\Local\Temp\svchost.exe
    3⤵
    - Adds policy Run key to start application
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1972

C:\Windows\SysWOW64\reg.exe
REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\8872\Scvhost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\8872\Scvhost.exe:*:Enabled:Windows Messanger" /f
1⤵
- Modifies firewall policy service
- Modifies registry key
PID:2780

C:\Windows\SysWOW64\reg.exe
REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
1⤵
- Modifies firewall policy service
- Modifies registry key
PID:2544

C:\Windows\SysWOW64\reg.exe
REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
1⤵
- Modifies firewall policy service
- Modifies registry key
PID:1228

C:\Windows\SysWOW64\reg.exe
REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\svchost.exe:*:Enabled:Windows Messanger" /f
1⤵
- Modifies firewall policy service
- Modifies registry key
PID:2652

C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\8872\Scvhost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\8872\Scvhost.exe:*:Enabled:Windows Messanger" /f
1⤵
- Suspicious use of WriteProcessMemory
PID:2296

C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
1⤵
- Suspicious use of WriteProcessMemory
PID:2612

C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\svchost.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\svchost.exe:*:Enabled:Windows Messanger" /f
1⤵
- Suspicious use of WriteProcessMemory
PID:2880

C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
1⤵
- Suspicious use of WriteProcessMemory
PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
31KB

MD5
ed797d8dc2c92401985d162e42ffa450

SHA1
0f02fc517c7facc4baefde4fe9467fb6488ebabe

SHA256
b746362010a101cb5931bc066f0f4d3fc740c02a68c1f37fc3c8e6c87fd7cb1e

SHA512
e831a6ff987f3ef29982da16afad06938b68eddd43c234ba88d1c96a1b5547f2284baf35cbb3a5bfd75e7f0445d14daa014e0ba00b4db72c67f83f0a314c80c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\winini.exe

Filesize
141KB

MD5
8fc3c8bebea057f99b6c639027e5de3c

SHA1
dcd179069eae31dfa6f3ddc217f2bce480d6f825

SHA256
8163b03b0ed594d3796b554166d1996a0631445288b7f2e7652cc589ba0c147a

SHA512
3205a2d49b346582c14b0fd932e71d476ac6cc953d16863393c0e45a7f3c24f700d2493008d21cacbc8326b95656f9616a23caef91577fadafdd4084ed0a3ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\winini.exe

Filesize
108KB

MD5
d241090648e5adefc929bbb56736dc7f

SHA1
43ac9e10fa42aa8f84acb4467a1d35adedaea374

SHA256
35e2a55f2ef153adfa821ef0ad754b6514167ba5900a32fa18dcc4a218abef46

SHA512
9ec2879ef9bbb40f70e7742a05f0feaff0ba613980a7e660c6654e5875d069cddf7b5860b85e779d5b67242de09d42dc26e277825d4ebf5301bc604ecf950dc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\winini.exe

Filesize
135KB

MD5
f3e78e63c6afab27cf460bee8f5e698b

SHA1
b9341f696362fada928caee444b72c9bbb17e264

SHA256
90a2e098b92ad1c1d60fa200a2ee14fded56dbb192dff3831892f1d423d93c85

SHA512
ad35f1018addb71e128e401a18d8a54286c1f586b807b8036a84dff682234841be47276b9e4a9d79810b2d55189599bd43b4f0035cf2fbc578a28f1d8fd152a6

Download Submit
\Users\Admin\AppData\Local\Temp\winini.exe

Filesize
342KB

MD5
d952b360c888ac8f1fe1e2bab91e11dd

SHA1
dc3fda87eb3993e89469a8d45533e4a3997bf464

SHA256
30a2e8485cb76451e7c444abb89d7a39567fd840eb20e7abff596be0b2edc85a

SHA512
d3e5f44059059b1028f217a323d1a4b52396a5ae91a3322abbb8ab966af30522f77e29fb8c60f5e16c655e954e0ae8e4c6d752caf5b1bb81f3f58003905509e7

Download Submit
\Users\Admin\AppData\Local\Temp\winini.exe

Filesize
140KB

MD5
28b41e5b78c3720ce7705f609df0a782

SHA1
328737b67b743f9c9673059a59beb7aa3e926647

SHA256
f82a5dbd5d1fb6d08e856f74fc95bf29cdcf4e16a3ec48119c825027daa23481

SHA512
7473d0bdbddf7dc53822f8d290482ca8e18c684a7ca1c1fa67fbb17b77248b7a2ff3347f75a9027425082eb5740b4216048ac3537967894660d5b9d5e25e320a

Download Submit
memory/1696-1-0x00000000009C0000-0x0000000000A00000-memory.dmp

Filesize
256KB

Download
memory/1696-2-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/1696-13-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/1696-0-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/1972-50-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-53-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-20-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-61-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-41-0x0000000075240000-0x0000000075350000-memory.dmp

Filesize
1.1MB

Download
memory/1972-43-0x00000000777C1000-0x00000000777C2000-memory.dmp

Filesize
4KB

Download
memory/1972-42-0x0000000075A30000-0x0000000075AD0000-memory.dmp

Filesize
640KB

Download
memory/1972-59-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-58-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-24-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-57-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-26-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1972-44-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-46-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-45-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-47-0x0000000075240000-0x0000000075350000-memory.dmp

Filesize
1.1MB

Download
memory/1972-49-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-28-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-51-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-22-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-54-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1972-55-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/2796-31-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/2796-14-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/2796-15-0x0000000002030000-0x0000000002070000-memory.dmp

Filesize
256KB

Download
memory/2796-34-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads