73ded328a46df28af5ed90f5529b7f7cfcbf1d8da07bdd004c394a100920b6df

Analysis

max time kernel
0s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7559cba00e939a5243e8301b8f8e1f96.exe
Size

1.4MB
MD5

7559cba00e939a5243e8301b8f8e1f96
SHA1

f29ded3b7bbfeba5149e8f7d1e947a62f43ae12d
SHA256

73ded328a46df28af5ed90f5529b7f7cfcbf1d8da07bdd004c394a100920b6df
SHA512

14f45bfff4002843a5d67638b0e1af0f62a6756cdb2af40e3eeba161601119e813a71de4ae3198a8cfcfec71824f2d518e72eccdb497b9c6d2770474abcf2980
SSDEEP

24576:A/4QJJ7fTLTI1vi8WSYgl1U6gbL1PR6WzMrHpI+P0itO0Lg2Zzd76v4u:A/BJPQo8WSJ1O77ArHOEs2ZRg

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2156	B820A2.EXE

Loads dropped DLL 10 IoCs

pid	Process
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	explorer.exe
2144	explorer.exe
2156	B820A2.EXE
2156	B820A2.EXE
2156	B820A2.EXE
2156	B820A2.EXE

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	explorer.exe
File opened for modification	\??\PhysicalDrive0	B820A2.EXE
File opened for modification	\??\PhysicalDrive0	7559cba00e939a5243e8301b8f8e1f96.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\3CA4E3\	B820A2.EXE
File opened for modification	C:\Windows\SysWOW64\B3A6A3\	explorer.exe
File opened for modification	C:\Windows\SysWOW64\3CA4E3\	explorer.exe
File opened for modification	C:\Windows\SysWOW64\B3A6A3\B820A2.EXE	explorer.exe
File opened for modification	C:\Windows\SysWOW64\B5A29B\	B820A2.EXE
File opened for modification	C:\Windows\SysWOW64\D42343\	B820A2.EXE
File opened for modification	C:\Windows\SysWOW64\B5A29B\	explorer.exe
File opened for modification	C:\Windows\SysWOW64\D42343\	explorer.exe
File created	C:\Windows\SysWOW64\B3A6A3\B820A2.EXE	explorer.exe
File opened for modification	C:\Windows\SysWOW64\B3A6A3\	B820A2.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2144	7559cba00e939a5243e8301b8f8e1f96.exe
2156	B820A2.EXE
2156	B820A2.EXE
2156	B820A2.EXE
2156	B820A2.EXE
2156	B820A2.EXE
2156	B820A2.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2044	2144	explorer.exe	28
PID 2144 wrote to memory of 2044	2144	explorer.exe	28
PID 2144 wrote to memory of 2044	2144	explorer.exe	28
PID 2144 wrote to memory of 2044	2144	explorer.exe	28
PID 2144 wrote to memory of 2156	2144	explorer.exe	72
PID 2144 wrote to memory of 2156	2144	explorer.exe	72
PID 2144 wrote to memory of 2156	2144	explorer.exe	72
PID 2144 wrote to memory of 2156	2144	explorer.exe	72
PID 2156 wrote to memory of 2264	2156	B820A2.EXE	71
PID 2156 wrote to memory of 2264	2156	B820A2.EXE	71
PID 2156 wrote to memory of 2264	2156	B820A2.EXE	71
PID 2156 wrote to memory of 2264	2156	B820A2.EXE	71

C:\Users\Admin\AppData\Local\Temp\7559cba00e939a5243e8301b8f8e1f96.exe
"C:\Users\Admin\AppData\Local\Temp\7559cba00e939a5243e8301b8f8e1f96.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2144
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Users\Admin\AppData\Local\Temp\7559cba00e939a5243e8301b8f8e1f96
  2⤵
  PID:2044
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2156

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1868

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:628
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:696
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\B3A6A3\B820A2
  2⤵
  PID:2996

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2532

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:2764
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\SysWOW64\B3A6A3\B820A2
  2⤵
  PID:2868
- C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
  C:\Windows\system32\B3A6A3\B820A2.EXE
  2⤵
  PID:2264
- - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
    C:\Windows\system32\B3A6A3\B820A2.EXE
    3⤵
    PID:1224
  - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
      C:\Windows\system32\B3A6A3\B820A2.EXE
      4⤵
      PID:2924
    - - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        5⤵
        
        PID:2136
      - C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        6⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        7⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        7⤵
        
        PID:952
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        8⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        8⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        9⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        9⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        10⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        10⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        11⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        12⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        12⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        13⤵
        
        PID:812
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        13⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        14⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        14⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        15⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        15⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        16⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        16⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        17⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        17⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        18⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        18⤵
        
        PID:376
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        19⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        19⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        20⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        20⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        21⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        21⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        22⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        22⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        23⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        23⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        24⤵
        
        PID:808
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        24⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        25⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        25⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        26⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        26⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        27⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        27⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        28⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        28⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\B3A6A3\B820A2
        29⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
        
        C:\Windows\system32\B3A6A3\B820A2.EXE
        29⤵
        
        PID:3536

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2564

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1636

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1640

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2632

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:1804

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:912

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1516

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2236

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2380

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1304

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2448

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2996

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:2328

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1280

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1096

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1440

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2204

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:1548

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:1584

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3036

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2916

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:2928

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2196

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2752

C:\Windows\SysWOW64\B3A6A3\B820A2.EXE
C:\Windows\system32\B3A6A3\B820A2.EXE
1⤵
PID:2644

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2264

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2496

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2076

C:\Windows\SysWOW64\explorer.exe
explorer C:\Windows\SysWOW64\B3A6A3\B820A2
1⤵
PID:2520

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2836

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2148

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2796

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2144

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:540

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2108

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1524

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2308

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3132

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3204

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3244

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3476

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3640

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3736

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3800

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3948

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4072

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:552

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3372

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

Filesize
73KB

MD5
ee5ba11a0dc62ec8c933c56dcdbf4e07

SHA1
dba9a205559bb24c3d734030819c61dff31f0293

SHA256
f2c17ee4016c7267bbc55d9cfc96e36fa965d005e023898a38ecce4fb4e12d73

SHA512
f2cfb032645d66915e99d3a10ef5b4033df26e1759b4f2615764287a1edc4ba847812d8fcfea0b2e224618c55d14fc14f42ffd6b4f37573067f7c81c9dc58025

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\cnvpe.fne

Filesize
60KB

MD5
af7ae6c319fab169676fc5278f2889c4

SHA1
2f839ccd775c0df2b17fd88c7041e773f9e86350

SHA256
52e93cb4b837e4749d00b877cf561a98177fc0853aa1217178e5d22a6bb02b3e

SHA512
224d14f882673aeb3d2e3e29e9e16dbe6923ca872e1b6d9ddf9083822c078532d92e2f0ed4decd7cc4275f9783c889a860cd3ca7ec26e0e867b7441bfffc0fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne

Filesize
316KB

MD5
595164152691376ca058875e81482c1d

SHA1
76f25bbbb70b2c74a7c57457f05f34bbab5e4082

SHA256
8471411d91b1733dc3dddcb8d382af7c7626d2a74d1376320cc50d36920c3a6c

SHA512
3a10d57aa4f6f12dd6302bdac9e97c5d3711c8f40b6770182d393bf2580d6f43fe559c0956c2a42e4e52d4eb823e17f671c9cdc7685e0ad047ee60fb389b2889

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\internet.fne

Filesize
180KB

MD5
73390c04bb83764ea44766a221877d03

SHA1
141087051159339144a7574d39dc12664b6d49b8

SHA256
ee5296de43cf944e6db6ee845d43e589fe3d4dfe3b0c5a1c237c64ad8f733bf9

SHA512
b6d16a8a170d0438220bf62c47965b38b4b98fdb0200d73f738ebf76fe9fa590d1877002ccc1e21f9c51d7b88c648a50c6b369bf0a11fe82b620e17586cef4ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
79KB

MD5
6d342e5da3c92a9121a4a1cf45d1a5ea

SHA1
c795fc15c243b17bdf710a8df0752f24bb20feb7

SHA256
b5740437b66c2d502a7e5f0e9f9527a08db21f8449d8c2e5b66a213d6ddf90b0

SHA512
633844c323adc967509a129d5a8ce2757556f7c473d01f9479668bfbd6a25ea2a1dbb2638253324ed9a80093c94d4922a44f0b64df231ad1de8703033b20ae00

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_N4\spec.fne

Filesize
72KB

MD5
1443c95b6de39382b69fc64b9c6e7ec3

SHA1
05859a4f76ab4acebec1a41ab59ad1971163d5fa

SHA256
8d3b7f2cd2cbd575f64e46311e35513c0e1c60a7578721adcde1370aa84f43f0

SHA512
8beac7896a5e419a2c60e59d09a36437bcba3e8b3d13ff1f79a8e359c6e78e8c659ccb8f1218db41d688935f2c6d22ff7ce7b81cd7c0c98dd746562517b30641

Download Submit
C:\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
609KB

MD5
8510f7949ac32d22534b428bd237ed66

SHA1
510edaf3986328a8f95dff4bc4e80b0af5dac804

SHA256
89a8d66548b7b95da18bb6b0c206079a4ed2ac7c0234499c0fb13dac868c4da8

SHA512
0d6d9a4b9b0345754df966485d3b5b7e50c37f34a218cdd4d94b9bb522f8f80d63c6c5940e466195e7a35c8a02c688859e1aa8a490529a3bd5fee53af9078428

Download Submit
C:\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
569KB

MD5
383d0c11bf958c4530530e9dd655dc7b

SHA1
72038cce8c849994346b5ba18bbdebdcbf46b689

SHA256
45e1ccf006e4e1d08d1135f9f22f52f9203a91f7e837918c252d08ad90a9e94c

SHA512
b370c0c94127d21ece6a39c6342aac46a0af65c4a7e70d5c21d96ae43becc1f0b7887eb20b45d01e96b4c5b98b5c53b022a147e1594d95696e4c6f789fde5b29

Download Submit
C:\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
100KB

MD5
91c39167944b5398e7c8533d1d6bc381

SHA1
2b285c40badf29fcb90fed94a9dc3e23cf37007a

SHA256
6328ca3f90300acb850d1666f3d076b694d8f15b2ca441c6d89e953d2e97cd40

SHA512
396c295b0c264f0657056d8af78f2da67f0bc92b6b792b5c73329f3e4acc285bb598e371a8c7a25579b829f475dd8c8bdc8445cf9b7569d291dfa579131f62b8

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

Filesize
212KB

MD5
869681be3764a02c5f9d6ed1d828af83

SHA1
5531cd8ef5c315a94abc1f5d9cb1e4fb497cfc90

SHA256
b85f978bc0bc32801e4b3be4cab01d9f5632e0a3ee43a5776217e79f2149e457

SHA512
5e3f40ee687dd5bd49efee49bba0ea28be7c65f1c6381127810114f616e32b11100f0dde277c7d1aae5f629310a9d56894fa8fa8525f3be8a7df5ea7127e7c0f

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

Filesize
88KB

MD5
1e227f370a889f5a35f06ff106a3668e

SHA1
0eeebab39503c390055ea021f0dc7a2e41ca49ed

SHA256
8147c5d4d745ea45bdf574b2c50f717e179e80d18e5c2dce8f298fc0bd8bed70

SHA512
9b41066d0f7e7feb25d7c573fde19bd5f4fb93b1d799fab5057019f9986f18519d8315bf988777542f3d02de1dd6130eae2122dc84bee5b6eedf88e37c66c0fa

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

Filesize
100KB

MD5
0449f48fb741e841a4eed8b923465b31

SHA1
797c5d31b3761dff19a2189f9ec79e31a61a0eca

SHA256
653e9f756638a7bc884d8b11518256c04e6d2126d354eb9701e97597466f4d98

SHA512
b69edc15ccae83ac3b43c9755db49edc7df3ae6f29ceb7cc90f4cd87fd5a2b2a45e342ad1e603a36f39a411e3974f2c6a2dec8fe7d16f26c09594a0da20725cf

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\dp1.fne

Filesize
82KB

MD5
8e9f77dc8cb1938484cd928d9edb5f2d

SHA1
764021a3c843fe1c372b9aa5a3e9a72d159bf543

SHA256
7fcbcd341e2f7274ed7b792ee50fa9c0ce2efd35e359ee186f538bfda169b31b

SHA512
dac86775b4571505c01bf781ef8ecfe2f5c1d875114657fb789f628d74b282fe1166fc1d4038b51c56674f00e1873fc1e420eb2146e341825241f395acd16435

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\dp1.fne

Filesize
112KB

MD5
b4e124a5a32f4bcf210b14a5b00fa9d4

SHA1
085f4644dec91c331996e8f4247559b8ec0f8299

SHA256
44ecbc66fc08fdd2f22e08f2a0f5b6114415d089a20a951efdc5da3cda14d6f1

SHA512
6d837752e21ed52f6c709220e30369f27e773a3133e6a2d10b752c8c9cea769a4ac68fd879d2b39fc032882b456b428510e70ba85ba1c4e5aa93d4ecbb447611

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
899KB

MD5
a2a227b5345b39c08fde35b08c184c9f

SHA1
051d89c8b09d8f9a8001e91c711e4c6c0de80cda

SHA256
41fcffdff46f33ff58911811a3bc5a1ff7356f09af507f8263255a6a5c5f9e2c

SHA512
f24a907b4d233daaa2ecbad150268c0f63cc1b4200d83524732fa0b418d49dffa38eb2e60a3040e96a6ba7998a02c28c9e8a5da6300c04b6feb6fa80594a08e4

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
873KB

MD5
41dec6b2918e6cd423dbeac4ff88b45e

SHA1
a5d290aff9c43f09c827cce3c2ac7617b566eaab

SHA256
eaac846d63b75a205054dc3b2f833263263b112499cd193ff34cee4369459c2b

SHA512
e02cbd637b58032bebd0a3acee55c6ead85167999c89949b52b969bc06a5ec4a21dfa5310b7ee0c708ab8ffee206022d83b7a02cb6813528b1a35f3fc578bf02

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
45KB

MD5
c4a240a0c22d716539700b9e47534c56

SHA1
5ed836a9e2f3346a679d645cb9d262d0ca77a68e

SHA256
a6c9f17f6ffc5e25ee4940d26fa4957e382e6a2b1db5e5bde5ca40c300f8005e

SHA512
e5edb3ed9f5ef38673abf235e307555c82eb862a3fea2c28fda62d221a7096256ae53dafe5eac31e52b864a7a50bab394c232ce241f232d74f94ad676214bd51

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.1MB

MD5
407da9c584565acf4d55e463bd2d9821

SHA1
abf2565dba7436aa580bb347d71bc95558bd7798

SHA256
b3cfeecf382c6a64e649527f4ba03c86a1f5d7e77ae511cac5a949cd78afa47a

SHA512
f2ca976e0b88036e1db55e22638e4c6582dc93acab6335880a31ffaced24d999d66017d6fc308c5867677e28926c72dbff3f6b5ecf7815287374ccc91bcbbd7c

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
571KB

MD5
979c3d53417fd7619566647d4e16110e

SHA1
6727837025f9312a4977ee44904fcc839d1866bc

SHA256
33246d188e0e5a44763abc7001e671fe62341f90efeae60732a98b1245660678

SHA512
1b3be512b57316c9ad7457c10cff69da6fb6a44d07d8a9ba92bc5d9cf0d69c4046e27cec875c28125085e8052012b873136776de05a0471ce32fa12e3254ca2a

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\shell.fne

Filesize
40KB

MD5
18357c256eb20458d6d3fbfc65729447

SHA1
6eafc52977ba3e63caad5fd29c3ab57d22403583

SHA256
2f76ce2eb17625b07ddeafc8e90e2d62ea9996b5e16cab1bdddc4ea4bb2d2ff2

SHA512
8df68c13a7feff323764030dd43dfa788a7cc5e28984214aabef3740ef107cca96a06ce5a843c625d7b5732fc74b94af0b7744f5959523869267e4c3535d3dcb

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\shell.fne

Filesize
35KB

MD5
a55e55efc8ed84019ac77d0f31b1429a

SHA1
e1719cf4c21bb34aa3be5bfe2ea27805a9faef70

SHA256
506032cebcad9aa7d1c1f85c66d46d87abeaa9c8767d73a9cc7ebe407e66b6ba

SHA512
ccb2fce399c2399ad70f13ee31922dcc2d0be8eff374f3f13b119a58b6f248f56630399d9f9da75c96e9e1dac7b067baf770b3df49e32c9978ee9ef16e93817e

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
845KB

MD5
50515b1cf1581d9002fab9e35ca178c0

SHA1
9256f9d0d915f2b2560734f51b4837787076090e

SHA256
b6c90a46566a0a4b8bb82c09cdb34c12fb61c2c9487f2756f89f8cfeffcb599d

SHA512
17c09d88af14237512c8b67673a799a0488130042022c76c0c334944ea1e634b986b53570197c0734ceb9548daebaf8815728fc900f7f7d53f47e13a2049a481

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
665KB

MD5
79bb414994d84b33321643e6449d0668

SHA1
fc41cdd53597e5dc249ec7cac5c4076cb10c5753

SHA256
cd0ec22533f9b75bc59154f2d98e9f54fa67ab16199963d854b7420ae8074c10

SHA512
a8b7028052412daa3058623606e198bbafabe64d7fb130dc9be89353c72f67f458d6b1d4d3b5da2ef4ed00cb83294f6fb3866cd110bb0886baec7f5f9a2f931c

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
72KB

MD5
0b887880dc0ea17651d6961a9627a73a

SHA1
e15ffdba5aa037c375606947f9ddaf20b677c0f9

SHA256
6ecea257d61e54b9db75dd9feb88d4ccdb9a5d50e9f7d9a8d3c82dabe335c682

SHA512
0a3317535ef7ea1ce1b8f383be5ccf4df91355347662083de30b9317a641e117bcbf04fd2ff42342e94fb07a9c1c180444798da15bd9909ca0619a79a0765722

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
1.4MB

MD5
7559cba00e939a5243e8301b8f8e1f96

SHA1
f29ded3b7bbfeba5149e8f7d1e947a62f43ae12d

SHA256
73ded328a46df28af5ed90f5529b7f7cfcbf1d8da07bdd004c394a100920b6df

SHA512
14f45bfff4002843a5d67638b0e1af0f62a6756cdb2af40e3eeba161601119e813a71de4ae3198a8cfcfec71824f2d518e72eccdb497b9c6d2770474abcf2980

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
1.1MB

MD5
e88b703caade17d8a594d84b55b4186f

SHA1
b8956d434ae9d3cb921e3af0e9b1c52c814d30e9

SHA256
d8ffc9fdb418872f75e68e9b94b8d4bbbe5aa3eb6abe7e966a6ba8a7a37c5160

SHA512
94dc0ceab857194d7fbc90394f5e8d36c55685159d147e19cd94f4a25e121eb7e87e8d795eb931403ce89f07699bd7867a0b79cf0a4f904eae7f660a25f794b5

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
1.3MB

MD5
5be071cf597760349dbcfde38ca47740

SHA1
9a2d8b380b08094fc9af7598028bb970fa029e05

SHA256
9aad3afd09cd6c8181872be57d7dccb9862938f28430be1631df6378e954d345

SHA512
913b6b115bb013dd3c286cfff3c6d5c1bf03baeff2184586d7f0363447da8a34818fdf86f532e753a0b14438f012b3b96e0ec64c229644e0c966b212995dd449

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
921KB

MD5
49e1808766b1afa5a6d013020d664a60

SHA1
0ac9d3913b9aaa791fb497e943c7f2b1a0f1a1d9

SHA256
27d6f7987a674a9e7b984e855f4a17074df32700fca4e99dfd31362c245a718e

SHA512
96a83c7b8d6ab874f28eec8e8b216394744fd4101df3ed7c0d2294a94a30c4b1fd4b4fbd6b8a4cb20bcc7467635c4243aeb7f47526fc6890557ed188f667459c

Download Submit
\Windows\SysWOW64\B3A6A3\B820A2.EXE

Filesize
92KB

MD5
8d1c6ef2ccba05fbfca343b16a7dfa99

SHA1
d95ce009b1f7573ef8455e194bac59f71b5fa112

SHA256
e17a6c63991f11ad1f0113826de93da02bf7ecd36ff3d14ad87190863ec5b533

SHA512
08ff50bdc78a5e2c03fb422ae637ee135d6cac92493bbf9697c68ce4bd8945c48cf1c7434df8c55be7cf1203712e545372e6302efe53d5a3f331c3fff9c83328

Download Submit
memory/628-141-0x0000000000330000-0x000000000034E000-memory.dmp

Filesize
120KB

Download
memory/628-132-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/628-153-0x0000000001E50000-0x0000000001E94000-memory.dmp

Filesize
272KB

Download
memory/628-142-0x0000000001E50000-0x0000000001E94000-memory.dmp

Filesize
272KB

Download
memory/628-140-0x0000000000310000-0x0000000000321000-memory.dmp

Filesize
68KB

Download
memory/628-137-0x00000000002A0000-0x00000000002D8000-memory.dmp

Filesize
224KB

Download
memory/628-136-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/696-167-0x00000000003A0000-0x00000000003E4000-memory.dmp

Filesize
272KB

Download
memory/696-154-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/696-148-0x0000000000240000-0x0000000000278000-memory.dmp

Filesize
224KB

Download
memory/696-150-0x00000000002F0000-0x000000000030E000-memory.dmp

Filesize
120KB

Download
memory/696-159-0x00000000003A0000-0x00000000003E4000-memory.dmp

Filesize
272KB

Download
memory/696-149-0x00000000002D0000-0x00000000002E1000-memory.dmp

Filesize
68KB

Download
memory/696-143-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1096-181-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/1440-158-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/1584-129-0x0000000000310000-0x000000000032E000-memory.dmp

Filesize
120KB

Download
memory/1584-130-0x0000000001E90000-0x0000000001ED4000-memory.dmp

Filesize
272KB

Download
memory/1584-127-0x0000000000220000-0x0000000000258000-memory.dmp

Filesize
224KB

Download
memory/1584-135-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/1584-133-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1584-128-0x00000000002F0000-0x0000000000301000-memory.dmp

Filesize
68KB

Download
memory/1584-131-0x0000000001E90000-0x0000000001ED4000-memory.dmp

Filesize
272KB

Download
memory/1804-178-0x00000000003C0000-0x00000000003F8000-memory.dmp

Filesize
224KB

Download
memory/1804-180-0x0000000000480000-0x000000000049E000-memory.dmp

Filesize
120KB

Download
memory/1804-179-0x0000000000460000-0x0000000000471000-memory.dmp

Filesize
68KB

Download
memory/1804-177-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2144-20-0x0000000001F90000-0x0000000001FAE000-memory.dmp

Filesize
120KB

Download
memory/2144-29-0x0000000001FE0000-0x0000000002024000-memory.dmp

Filesize
272KB

Download
memory/2144-19-0x0000000000490000-0x00000000004A1000-memory.dmp

Filesize
68KB

Download
memory/2144-11-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2144-14-0x0000000000450000-0x0000000000488000-memory.dmp

Filesize
224KB

Download
memory/2144-52-0x0000000001FE0000-0x0000000002024000-memory.dmp

Filesize
272KB

Download
memory/2144-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2156-46-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2156-49-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2156-53-0x00000000004D0000-0x00000000004E1000-memory.dmp

Filesize
68KB

Download
memory/2156-50-0x0000000001E30000-0x0000000001E68000-memory.dmp

Filesize
224KB

Download
memory/2156-51-0x0000000001E70000-0x0000000001E8E000-memory.dmp

Filesize
120KB

Download
memory/2204-155-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/2328-165-0x00000000003E0000-0x00000000003F1000-memory.dmp

Filesize
68KB

Download
memory/2328-171-0x0000000001DE0000-0x0000000001E24000-memory.dmp

Filesize
272KB

Download
memory/2328-170-0x0000000001DE0000-0x0000000001E24000-memory.dmp

Filesize
272KB

Download
memory/2328-166-0x0000000000450000-0x000000000046E000-memory.dmp

Filesize
120KB

Download
memory/2328-164-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2328-169-0x00000000002E0000-0x0000000000318000-memory.dmp

Filesize
224KB

Download
memory/2328-168-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2448-183-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/2496-74-0x0000000003A80000-0x0000000003A81000-memory.dmp

Filesize
4KB

Download
memory/2496-71-0x0000000003A90000-0x0000000003AA0000-memory.dmp

Filesize
64KB

Download
memory/2644-73-0x00000000002E0000-0x00000000002FE000-memory.dmp

Filesize
120KB

Download
memory/2644-66-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2644-75-0x0000000000220000-0x0000000000258000-memory.dmp

Filesize
224KB

Download
memory/2644-72-0x00000000002C0000-0x00000000002D1000-memory.dmp

Filesize
68KB

Download
memory/2644-68-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2752-97-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/2752-176-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/2916-156-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/2928-79-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2928-92-0x0000000010000000-0x000000001011D000-memory.dmp

Filesize
1.1MB

Download
memory/2928-93-0x0000000000550000-0x0000000000561000-memory.dmp

Filesize
68KB

Download
memory/2928-117-0x0000000001DD0000-0x0000000001E14000-memory.dmp

Filesize
272KB

Download
memory/2928-95-0x0000000000380000-0x00000000003B8000-memory.dmp

Filesize
224KB

Download
memory/2928-94-0x0000000000570000-0x000000000058E000-memory.dmp

Filesize
120KB

Download
memory/2928-101-0x0000000001DD0000-0x0000000001E14000-memory.dmp

Filesize
272KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads