4d42fbe051fe6e7d4822b000665ac68e9779b063a0736191dcb5f2d875bd1e23

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe
Size

336KB
MD5

f64356ee1b09da8316b26481bee4e140
SHA1

5f61b7effde2b3c2e4e80844542528eef0f14f78
SHA256

4d42fbe051fe6e7d4822b000665ac68e9779b063a0736191dcb5f2d875bd1e23
SHA512

311022f7b46b3f53e9c5cb145c1a9c02cc255740b5e9515deb728057f05386d8588ea91743928931e8a32460d6c3d9fe4b0ca8ac90168658a344d9e5aa58d47a
SSDEEP

6144:9Va2W92obyul5mbdlrTCx3wu1MZAVM99rpV+l+XczH/L26dyQrroii/H:C32onwG6uB2hrOL263r

Score

10^/10

evasion persistence upx

Malware Config

Signatures

Modifies firewall policy service 2 TTPs 10 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\windll.exe = "C:\\Users\\Admin\\AppData\\Roaming\\windll.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\updater\winrun32.exe = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\winrun32.exe:*:Enabled:Windows Messanger"	reg.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\Control Panel\International\Geo\Nation	winrun32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\Control Panel\International\Geo\Nation	f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe

Executes dropped EXE 6 IoCs

pid	Process
5044	winrun32.exe
4052	winrun32.exe
5016	sysprocess.exe
3644	sysprocess.exe
3816	sysprocess.exe
444	sysprocess.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4052-5-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-10-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-11-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-32-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-35-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-36-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-39-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-44-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-47-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-51-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-54-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-57-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-74-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral2/memory/4052-77-0x0000000000400000-0x0000000000473000-memory.dmp	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Updater = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\winrun32.exe"	f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Updater = "C:\\Users\\Admin\\AppData\\Roaming\\updater\\winrun32.exe"	winrun32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Host Process = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sysprocess.exe"	sysprocess.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Host Process = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sysprocess.exe"	sysprocess.exe

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 5044 set thread context of 4052	5044	winrun32.exe	87
PID 3644 set thread context of 3816	3644	sysprocess.exe	99
PID 5016 set thread context of 444	5016	sysprocess.exe	100

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
2348	reg.exe
4256	reg.exe
1312	reg.exe
3288	reg.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: 1	4052	winrun32.exe
Token: SeCreateTokenPrivilege	4052	winrun32.exe
Token: SeAssignPrimaryTokenPrivilege	4052	winrun32.exe
Token: SeLockMemoryPrivilege	4052	winrun32.exe
Token: SeIncreaseQuotaPrivilege	4052	winrun32.exe
Token: SeMachineAccountPrivilege	4052	winrun32.exe
Token: SeTcbPrivilege	4052	winrun32.exe
Token: SeSecurityPrivilege	4052	winrun32.exe
Token: SeTakeOwnershipPrivilege	4052	winrun32.exe
Token: SeLoadDriverPrivilege	4052	winrun32.exe
Token: SeSystemProfilePrivilege	4052	winrun32.exe
Token: SeSystemtimePrivilege	4052	winrun32.exe
Token: SeProfSingleProcessPrivilege	4052	winrun32.exe
Token: SeIncBasePriorityPrivilege	4052	winrun32.exe
Token: SeCreatePagefilePrivilege	4052	winrun32.exe
Token: SeCreatePermanentPrivilege	4052	winrun32.exe
Token: SeBackupPrivilege	4052	winrun32.exe
Token: SeRestorePrivilege	4052	winrun32.exe
Token: SeShutdownPrivilege	4052	winrun32.exe
Token: SeDebugPrivilege	4052	winrun32.exe
Token: SeAuditPrivilege	4052	winrun32.exe
Token: SeSystemEnvironmentPrivilege	4052	winrun32.exe
Token: SeChangeNotifyPrivilege	4052	winrun32.exe
Token: SeRemoteShutdownPrivilege	4052	winrun32.exe
Token: SeUndockPrivilege	4052	winrun32.exe
Token: SeSyncAgentPrivilege	4052	winrun32.exe
Token: SeEnableDelegationPrivilege	4052	winrun32.exe
Token: SeManageVolumePrivilege	4052	winrun32.exe
Token: SeImpersonatePrivilege	4052	winrun32.exe
Token: SeCreateGlobalPrivilege	4052	winrun32.exe
Token: 31	4052	winrun32.exe
Token: 32	4052	winrun32.exe
Token: 33	4052	winrun32.exe
Token: 34	4052	winrun32.exe
Token: 35	4052	winrun32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4052	winrun32.exe
4052	winrun32.exe
4052	winrun32.exe
3816	sysprocess.exe
444	sysprocess.exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 5044	4036	f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe	86
PID 4036 wrote to memory of 5044	4036	f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe	86
PID 4036 wrote to memory of 5044	4036	f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe	86
PID 5044 wrote to memory of 4052	5044	winrun32.exe	87
PID 5044 wrote to memory of 4052	5044	winrun32.exe	87
PID 5044 wrote to memory of 4052	5044	winrun32.exe	87
PID 5044 wrote to memory of 4052	5044	winrun32.exe	87
PID 5044 wrote to memory of 4052	5044	winrun32.exe	87
PID 5044 wrote to memory of 4052	5044	winrun32.exe	87
PID 5044 wrote to memory of 4052	5044	winrun32.exe	87
PID 5044 wrote to memory of 4052	5044	winrun32.exe	87
PID 4052 wrote to memory of 1164	4052	winrun32.exe	89
PID 4052 wrote to memory of 1164	4052	winrun32.exe	89
PID 4052 wrote to memory of 1164	4052	winrun32.exe	89
PID 4052 wrote to memory of 2936	4052	winrun32.exe	90
PID 4052 wrote to memory of 2936	4052	winrun32.exe	90
PID 4052 wrote to memory of 2936	4052	winrun32.exe	90
PID 4052 wrote to memory of 3096	4052	winrun32.exe	92
PID 4052 wrote to memory of 3096	4052	winrun32.exe	92
PID 4052 wrote to memory of 3096	4052	winrun32.exe	92
PID 4052 wrote to memory of 4936	4052	winrun32.exe	93
PID 4052 wrote to memory of 4936	4052	winrun32.exe	93
PID 4052 wrote to memory of 4936	4052	winrun32.exe	93
PID 5044 wrote to memory of 5016	5044	winrun32.exe	91
PID 5044 wrote to memory of 5016	5044	winrun32.exe	91
PID 5044 wrote to memory of 5016	5044	winrun32.exe	91
PID 4036 wrote to memory of 3644	4036	f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe	95
PID 4036 wrote to memory of 3644	4036	f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe	95
PID 4036 wrote to memory of 3644	4036	f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe	95
PID 3644 wrote to memory of 3816	3644	sysprocess.exe	99
PID 3644 wrote to memory of 3816	3644	sysprocess.exe	99
PID 3644 wrote to memory of 3816	3644	sysprocess.exe	99
PID 3644 wrote to memory of 3816	3644	sysprocess.exe	99
PID 3644 wrote to memory of 3816	3644	sysprocess.exe	99
PID 3644 wrote to memory of 3816	3644	sysprocess.exe	99
PID 3644 wrote to memory of 3816	3644	sysprocess.exe	99
PID 3644 wrote to memory of 3816	3644	sysprocess.exe	99
PID 5016 wrote to memory of 444	5016	sysprocess.exe	100
PID 5016 wrote to memory of 444	5016	sysprocess.exe	100
PID 5016 wrote to memory of 444	5016	sysprocess.exe	100
PID 5016 wrote to memory of 444	5016	sysprocess.exe	100
PID 5016 wrote to memory of 444	5016	sysprocess.exe	100
PID 5016 wrote to memory of 444	5016	sysprocess.exe	100
PID 5016 wrote to memory of 444	5016	sysprocess.exe	100
PID 5016 wrote to memory of 444	5016	sysprocess.exe	100
PID 1164 wrote to memory of 2348	1164	cmd.exe	101
PID 1164 wrote to memory of 2348	1164	cmd.exe	101
PID 1164 wrote to memory of 2348	1164	cmd.exe	101
PID 2936 wrote to memory of 1312	2936	cmd.exe	102
PID 2936 wrote to memory of 1312	2936	cmd.exe	102
PID 2936 wrote to memory of 1312	2936	cmd.exe	102
PID 3096 wrote to memory of 4256	3096	cmd.exe	103
PID 3096 wrote to memory of 4256	3096	cmd.exe	103
PID 3096 wrote to memory of 4256	3096	cmd.exe	103
PID 4936 wrote to memory of 3288	4936	cmd.exe	104
PID 4936 wrote to memory of 3288	4936	cmd.exe	104
PID 4936 wrote to memory of 3288	4936	cmd.exe	104

C:\Users\Admin\AppData\Local\Temp\f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f64356ee1b09da8316b26481bee4e140_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Users\Admin\AppData\Roaming\updater\winrun32.exe
  "C:\Users\Admin\AppData\Roaming\updater\winrun32.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:5044
- - C:\Users\Admin\AppData\Roaming\updater\winrun32.exe
    "C:\Users\Admin\AppData\Roaming\updater\winrun32.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4052
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1164
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
        5⤵
        Modifies firewall policy service
        Modifies registry key
        
        PID:2348
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\updater\winrun32.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\updater\winrun32.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2936
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\updater\winrun32.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\updater\winrun32.exe:*:Enabled:Windows Messanger" /f
        5⤵
        Modifies firewall policy service
        Modifies registry key
        
        PID:1312
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3096
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
        5⤵
        Modifies firewall policy service
        Modifies registry key
        
        PID:4256
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\windll.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\windll.exe:*:Enabled:Windows Messanger" /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4936
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\windll.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\windll.exe:*:Enabled:Windows Messanger" /f
        5⤵
        Modifies firewall policy service
        Modifies registry key
        
        PID:3288
- - C:\Users\Admin\AppData\Local\Temp\sysprocess.exe
    "C:\Users\Admin\AppData\Local\Temp\sysprocess.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\sysprocess.exe
      "C:\Users\Admin\AppData\Local\Temp\sysprocess.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:444
- C:\Users\Admin\AppData\Local\Temp\sysprocess.exe
  "C:\Users\Admin\AppData\Local\Temp\sysprocess.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:3644
- - C:\Users\Admin\AppData\Local\Temp\sysprocess.exe
    "C:\Users\Admin\AppData\Local\Temp\sysprocess.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sysprocess.exe

Filesize
38KB

MD5
c04d820b09485586971717f5775c1339

SHA1
0689fe7166234540d062f9e5226929e8834ca313

SHA256
2bb1355053faabeffac1c45b1ab0860142182314c5e8bcaac10eb6b1ce5a33ce

SHA512
f145ab7e5d907379205bc909ab13a2963d77ab599f1c8c673bc8714c433928de759a7f5f7df6540510c74ee975f595977639a7d254988932c38821b3774c8a10

Download Submit
C:\Users\Admin\AppData\Roaming\updater\winrun32.exe

Filesize
336KB

MD5
f64356ee1b09da8316b26481bee4e140

SHA1
5f61b7effde2b3c2e4e80844542528eef0f14f78

SHA256
4d42fbe051fe6e7d4822b000665ac68e9779b063a0736191dcb5f2d875bd1e23

SHA512
311022f7b46b3f53e9c5cb145c1a9c02cc255740b5e9515deb728057f05386d8588ea91743928931e8a32460d6c3d9fe4b0ca8ac90168658a344d9e5aa58d47a

Download Submit
memory/444-34-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3816-25-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3816-33-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3816-20-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/4052-35-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-44-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-11-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-10-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-5-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-36-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-39-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-32-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-47-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-51-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-54-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-57-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-74-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4052-77-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads