metasploit | ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed

General

Target

ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe
Size

1.4MB
MD5

86d42bc1c6c0636a5e5511e875aab599
SHA1

47a40954ecbd4abf85659a859341d4eb28cce41b
SHA256

ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed
SHA512

c98ad5dc51e6617e39251891a01c39ea9f39c7ca58373656d1803ca8fb3df7d005110362f92355cd0b634ad7ae5166d28158840aca1f0caf793e4c41a12fb166
SSDEEP

24576:i5lRMo0yiwcNRfdSaF95aqXzK/ekq3in1Lc8o00hSP65HsdWN1jc7cxO:iCdSaF/73inNSkP69ssg7CO

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.210.162.147:80/TJXf

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; NP07; NP07)

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631208950573494"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4732 chrome.exe
4732 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4732 chrome.exe
4732 chrome.exe
4732 chrome.exe
4732 chrome.exe
4732 chrome.exe
4732 chrome.exe
4732 chrome.exe
4732 chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4732 wrote to memory of 3716	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 3716	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 1092	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 4588	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 4588	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe
PID 4732 wrote to memory of 2712	4732	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe
"C:\Users\Admin\AppData\Local\Temp\ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe"
1⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdebddab58,0x7ffdebddab68,0x7ffdebddab78
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:2
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:8
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:8
2⤵
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:1
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:1
2⤵
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:8
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:8
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4632 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:1
2⤵
PID:1052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:1
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4328 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:1
2⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4660 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:1
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4620 --field-trial-handle=1920,i,8850492661616486094,3960874563339356983,131072 /prefetch:1
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
811B

MD5
9998c0494955c0ae045c5ec8c39f6268

SHA1
553144aab81bd744fe0456546c7d8699d2ec2db3

SHA256
4e0d49d7077c155157a7b2a952d6ba2ec1627349dc695f764384500f7b886dca

SHA512
9a4bc8b136cec256d1c17bf9d37a9c31cf84bef209cce337902aad4daac4576a9fb260e89515970cc19318362d643f429d0a0498ed04314dfd555b90c038853a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e46a0af89b06102145d34fa9c4f2c370

SHA1
c5ae8e3401601049e46e015f369a839ba77ebc13

SHA256
727a6084cd4ed18b68f2b0baa52010f983b533aef15243962c6d8d0d56e79400

SHA512
330220b69faa2493ffb88d23fabf764133f7a7088df48fdb6cf15ad6fa0df55bbbc7bd7bb615da95e3cfb48d9a1474436bcdbc56d1853d05d45357427ad47006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
86ffc88fda750aa498776b59ad02f1b4

SHA1
8f9ead17235c65012a2bd79bdcaf022b1bb687b5

SHA256
20491cbb2a9e1a55fd2a391f8e9c3dec57c5e49c31501901d04cb8d897ce8585

SHA512
887fd3190e43b924780181a6ce42bc3865a6eddb341b605b9c7a829fe0fa3b37f951fbe2526f4cf92ead38075cc346fe6704cb9289937edad7312d43bcf415ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
5a5d5a6d2ea6b48c9619287b72e1dd57

SHA1
3c213b17d2e0d7245d002b7eec175d766d31225b

SHA256
2c4644c1888e244a202756150c9e7cd209235319b5139637933c715e855208a2

SHA512
ca11131de776e4beac98253482e9fc5390914948610da72577df8f3e5ca135878b96e674537f3f8f0c58de53ca3189aaeda3b12d30727b748d55b87f24e16f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_4732_NPZIWMTQEKBGAEJR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1784-0-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads