477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae

General

Target

477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe
Size

3.0MB
MD5

349b58ac22ceee7a2d9f5becb6b68ae1
SHA1

c4e2f6de987d2dad58305490b758ed8b71820f74
SHA256

477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae
SHA512

a9e3f169477cac925731509f99b9dd18a117a149fabb62c1458c9104edaf5fe39631da2a8ae2ab513d47f1d515c574324a24e14dcd3fe812437b4564209ddcd4
SSDEEP

98304:/A8h1iV9lP9Wp24uD3+s7/ilFH47zSHOrv:/A80P9o24SDWB47zS+v

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe.exe	cryptone

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe

pid process

536 Logo1_.exe
932 477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\GetHelp.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\smsconnect\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\id\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerElevatedAppServiceClient.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ro-RO\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\art\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\wabmig.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\beeps\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\7-Zip\Lang\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\az\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\spu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-US\en-US_female_TTS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\6.0.25\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe
File created	C:\Windows\Logo1_.exe	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

Logo1_.exe

pid	process
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe
536	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exeLogo1_.execmd.exenet.exe

description	pid	process	target process
PID 4752 wrote to memory of 5004	4752	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe	cmd.exe
PID 4752 wrote to memory of 5004	4752	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe	cmd.exe
PID 4752 wrote to memory of 5004	4752	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe	cmd.exe
PID 4752 wrote to memory of 536	4752	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe	Logo1_.exe
PID 4752 wrote to memory of 536	4752	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe	Logo1_.exe
PID 4752 wrote to memory of 536	4752	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe	Logo1_.exe
PID 536 wrote to memory of 856	536	Logo1_.exe	net.exe
PID 536 wrote to memory of 856	536	Logo1_.exe	net.exe
PID 536 wrote to memory of 856	536	Logo1_.exe	net.exe
PID 5004 wrote to memory of 932	5004	cmd.exe	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe
PID 5004 wrote to memory of 932	5004	cmd.exe	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe
PID 5004 wrote to memory of 932	5004	cmd.exe	477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe
PID 856 wrote to memory of 2160	856	net.exe	net1.exe
PID 856 wrote to memory of 2160	856	net.exe	net1.exe
PID 856 wrote to memory of 2160	856	net.exe	net1.exe
PID 536 wrote to memory of 3384	536	Logo1_.exe	Explorer.EXE
PID 536 wrote to memory of 3384	536	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe
"C:\Users\Admin\AppData\Local\Temp\477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4752

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1B63.bat
3⤵
- Suspicious use of WriteProcessMemory
PID:5004

C:\Users\Admin\AppData\Local\Temp\477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe
"C:\Users\Admin\AppData\Local\Temp\477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe"
4⤵
- Executes dropped EXE
PID:932

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:536

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:856

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1040 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:3048

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe
Filesize
570KB

MD5
069adcd61f51089f14b9488b8528d033

SHA1
5023d0cc190db01def44145ce65547c815b985a5

SHA256
3c9a901c62e390eb72e460f54b2d887b33bc0c141f3de7ca4b0090fdcdd4a9d9

SHA512
70b7de359e485b575249d9dd54d33c0518ab52d2fdbacab9050c04f3324f5408525ba948acd83291cd5e0a2d2d93f71bd4835df7d0a58b72ee06b1477d7c1b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a1B63.bat
Filesize
722B

MD5
5ba983362c80f64a49db7cb8ea4a39ca

SHA1
962102772d349157bb3aa14f7796b1680201bbaf

SHA256
a2cf071cf24521a53f92935137375970cc8f9e3efd92fe420430d68815e8b167

SHA512
7b9a19a47842b15fd2552934d8bf22f22cdd20baca720b0035708320d14f7d7c7bfdebe9ae27b998dca8b7ffdd7dbb018e777c051eff9279fb7fd0d79745973f

Download Submit
C:\Users\Admin\AppData\Local\Temp\477484286161223da65e75036d86bb3712c0e322258f174e2f74cc2cdccd4dae.exe.exe
Filesize
3.0MB

MD5
a94ed6699d08a59484fd2d4884cf4400

SHA1
135a80e681ec8b9e0e5d1a41c2617a8c46ea780e

SHA256
2122b63576219671aae4e32c706ad997a4d5220b5cfd94f1f134fe3c53b66b14

SHA512
879729c1aa1c6a8a1195afa7df2d212a731fa4f7991149ac6eb2f0786f4f727fe93aa74998b49491536fd8af5a6a98ab77adadf2d2b7cd02569a3c2fb877a62d

Download Submit
C:\Windows\Logo1_.exe
Filesize
26KB

MD5
773d4ec846cc53c96e2ff8dd102079e4

SHA1
b654768c79314a1a7bcddd3e744703cab0beaf97

SHA256
683baf581a18f3dcd8322de60398c793150eb75d0480964ccd3a8b7b915522db

SHA512
c3989fefed8a01d718acccfaf1775d1351bdb2a1a8a714cb8ca81044b723a0bb33a185819aa76fc06720b7c6ffe70af0a80b4e4d0b81634a86dffc8ec15559e3

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
Filesize
9B

MD5
4b2b75605a65a6762ec4715de0a70902

SHA1
3b85993ef06d2d814abc405188fdd19a1bffea0c

SHA256
77072cc5a7b394508cf5d819ff8cf4385a9b3cb15d8715a59845ccfa235ea34e

SHA512
888361e75afd4308bdad817af543704a42ffdf2d798acef619459e9978ac68f1cf4d468c6e0b146ab738b0109fdf331c4380471aa83f637b0f6ab06164840c65

Download Submit
memory/536-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-446-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-1016-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/536-1183-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4752-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4752-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads