9e237566305404e187cca580ed01815ff90488256c50fced3bc2d657207a4b99

Analysis

max time kernel
150s
max time network
131s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
26-06-2024 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
Size

120KB
MD5

100b670b2ab771a312c1949561c81395
SHA1

bdc442e62d703bfbdf84327c69ca6a8aabb3d5e1
SHA256

9e237566305404e187cca580ed01815ff90488256c50fced3bc2d657207a4b99
SHA512

dfb3dec558f6fdd5caff479e411ec6b96c4959d6dd773b96fff0930d6e59d5ccb41987a149a95290116f196f4c1a9d5230dccd38b881073e90c88d53c08e6bf2
SSDEEP

1536:EN5iFRVrsdlWL3U7irrFnVZ1veuP49dMKIpsrTPHEGJ5iREJeVtef:k5Krj3UW3yuP4IppCzkGJAREoVtk

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KB95 = "C:\\Windows\\KB955759.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Win32Update = "C:\\Windows\\kbd101c.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\InstallTheme = "C:\\Windows\\clbcatex.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NTDT = "C:\\Windows\\ntdtcsetup.exe"	reg.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\KB955759.exe	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
File created	C:\Windows\clbcatex.exe	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
File opened for modification	C:\Windows\clbcatex.exe	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
File created	C:\Windows\kbd101c.exe	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
File opened for modification	C:\Windows\kbd101c.exe	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
File created	C:\Windows\ntdtcsetup.exe	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
File opened for modification	C:\Windows\ntdtcsetup.exe	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
File created	C:\Windows\KB955759.exe	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe

Modifies registry key 1 TTPs 64 IoCs

Modify Registry

T1112

pid	Process
1500	reg.exe
1812	reg.exe
3060	reg.exe
2496	reg.exe
1440	reg.exe
1264	reg.exe
2504	reg.exe
2356	reg.exe
1084	reg.exe
792	reg.exe
696	reg.exe
2288	reg.exe
2716	reg.exe
2068	reg.exe
2016	reg.exe
1276	reg.exe
2552	reg.exe
2572	reg.exe
276	reg.exe
852	reg.exe
1632	reg.exe
1936	reg.exe
1572	reg.exe
2308	reg.exe
2632	reg.exe
2252	reg.exe
1672	reg.exe
2432	reg.exe
2372	reg.exe
2204	reg.exe
2088	reg.exe
2732	reg.exe
2760	reg.exe
2052	reg.exe
2500	reg.exe
936	reg.exe
1932	reg.exe
2692	reg.exe
2580	reg.exe
1820	reg.exe
2888	reg.exe
2288	reg.exe
1392	reg.exe
1724	reg.exe
3008	reg.exe
1172	reg.exe
2632	reg.exe
2280	reg.exe
1356	reg.exe
2652	reg.exe
2528	reg.exe
2416	reg.exe
1448	reg.exe
616	reg.exe
884	reg.exe
2916	reg.exe
2128	reg.exe
1440	reg.exe
344	reg.exe
2264	reg.exe
556	reg.exe
1212	reg.exe
1660	reg.exe
2768	reg.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2996	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	28
PID 2388 wrote to memory of 2996	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	28
PID 2388 wrote to memory of 2996	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	28
PID 2388 wrote to memory of 2996	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	28
PID 2388 wrote to memory of 2652	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2652	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2652	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	29
PID 2388 wrote to memory of 2652	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	29
PID 2388 wrote to memory of 1932	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	31
PID 2388 wrote to memory of 1932	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	31
PID 2388 wrote to memory of 1932	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	31
PID 2388 wrote to memory of 1932	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	31
PID 2388 wrote to memory of 2928	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	33
PID 2388 wrote to memory of 2928	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	33
PID 2388 wrote to memory of 2928	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	33
PID 2388 wrote to memory of 2928	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	33
PID 2388 wrote to memory of 2572	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	36
PID 2388 wrote to memory of 2572	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	36
PID 2388 wrote to memory of 2572	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	36
PID 2388 wrote to memory of 2572	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	36
PID 2388 wrote to memory of 2868	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	37
PID 2388 wrote to memory of 2868	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	37
PID 2388 wrote to memory of 2868	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	37
PID 2388 wrote to memory of 2868	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	37
PID 2388 wrote to memory of 2708	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	39
PID 2388 wrote to memory of 2708	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	39
PID 2388 wrote to memory of 2708	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	39
PID 2388 wrote to memory of 2708	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	39
PID 2388 wrote to memory of 2808	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	40
PID 2388 wrote to memory of 2808	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	40
PID 2388 wrote to memory of 2808	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	40
PID 2388 wrote to memory of 2808	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	40
PID 2388 wrote to memory of 3016	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	44
PID 2388 wrote to memory of 3016	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	44
PID 2388 wrote to memory of 3016	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	44
PID 2388 wrote to memory of 3016	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	44
PID 2388 wrote to memory of 2384	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	45
PID 2388 wrote to memory of 2384	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	45
PID 2388 wrote to memory of 2384	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	45
PID 2388 wrote to memory of 2384	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	45
PID 2388 wrote to memory of 3032	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	46
PID 2388 wrote to memory of 3032	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	46
PID 2388 wrote to memory of 3032	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	46
PID 2388 wrote to memory of 3032	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	46
PID 2388 wrote to memory of 1972	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	48
PID 2388 wrote to memory of 1972	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	48
PID 2388 wrote to memory of 1972	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	48
PID 2388 wrote to memory of 1972	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	48
PID 2388 wrote to memory of 3024	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	52
PID 2388 wrote to memory of 3024	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	52
PID 2388 wrote to memory of 3024	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	52
PID 2388 wrote to memory of 3024	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	52
PID 2388 wrote to memory of 1632	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	54
PID 2388 wrote to memory of 1632	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	54
PID 2388 wrote to memory of 1632	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	54
PID 2388 wrote to memory of 1632	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	54
PID 2388 wrote to memory of 1756	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	55
PID 2388 wrote to memory of 1756	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	55
PID 2388 wrote to memory of 1756	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	55
PID 2388 wrote to memory of 1756	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	55
PID 2388 wrote to memory of 2432	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	57
PID 2388 wrote to memory of 2432	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	57
PID 2388 wrote to memory of 2432	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	57
PID 2388 wrote to memory of 2432	2388	100b670b2ab771a312c1949561c81395_JaffaCakes118.exe	57

C:\Users\Admin\AppData\Local\Temp\100b670b2ab771a312c1949561c81395_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\100b670b2ab771a312c1949561c81395_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:2996
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2652
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:1932
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2928
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2572
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:2868
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:2708
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:2808
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:3016
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:2384
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:3032
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:1972
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:3024
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:1632
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:1756
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:2432
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:2340
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  PID:2368
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:1688
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:1572
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:840
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:1448
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:2888
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2016
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2284
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:1440
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2424
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:596
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Modifies registry key
  PID:276
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:2012
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:1812
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2516
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:2408
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:792
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:680
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:1580
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Modifies registry key
  PID:344
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:3060
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:852
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:2120
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2196
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:1740
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:1732
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:1636
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Modifies registry key
  PID:2288
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:2372
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2760
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2824
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2068
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:2924
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:2812
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2732
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:2876
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  PID:2352
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:3016
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2904
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:1956
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:1632
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:3024
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:2416
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:1616
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:1660
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:1792
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:2612
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:1312
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:2016
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2264
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:632
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:780
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:696
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:332
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:2528
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:816
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:556
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:656
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:408
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:1852
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:1068
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:2496
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:616
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:1392
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:1724
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2440
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:1704
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Modifies registry key
  PID:2204
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  PID:2400
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:884
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:3056
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:2696
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:1932
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:2288
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2692
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2212
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2716
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2780
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:2580
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:3036
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  PID:1788
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2352
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:1972
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:1980
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:2428
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2416
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:1624
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2604
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  PID:1616
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:1572
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:1660
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2952
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:1264
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2072
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:1448
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Modifies registry key
  PID:2280
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:1440
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2284
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:1500
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2012
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:576
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:528
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2324
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:1348
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  PID:1992
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:1580
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:1536
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:344
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:2308
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:2504
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:2916
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:1104
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:3040
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:2052
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:612
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2356
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2128
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:2768
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:1924
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Modifies registry key
  PID:1820
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:1940
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:2548
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:2704
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:956
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:2632
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2880
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:1952
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  PID:3028
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:3008
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:552
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2992
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:1612
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:1248
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:2468
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:1292
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:1324
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  PID:1208
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:1212
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2016
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2276
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  PID:1136
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2144
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:1356
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:1488
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:2168
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2060
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:1028
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2252
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:1276
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:1172
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:1080
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:1268
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:1144
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:908
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:1084
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2348
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:2500
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2088
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  PID:1496
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2112
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Modifies registry key
  PID:1672
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:1948
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:1936
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2552
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:2184
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Modifies registry key
  PID:936
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2760
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  PID:2568
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:2732
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  PID:2772
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  - Modifies registry key
  PID:2068
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v InstallTheme /t reg_sz /d C:\Windows\clbcatex.exe /f
  2⤵
  - Modifies registry key
  PID:2632
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v Win32Update /t reg_sz /d C:\Windows\kbd101c.exe /f
  2⤵
  PID:2020
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v NTDT /t reg_sz /d C:\Windows\ntdtcsetup.exe /f
  2⤵
  - Adds Run key to start application
  PID:2872
- C:\Windows\SysWOW64\reg.exe
  reg add hklm\software\microsoft\windows\currentversion\run /v KB95 /t reg_sz /d C:\Windows\KB955759.exe /f
  2⤵
  PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\ntdtcsetup.exe

Filesize
120KB

MD5
100b670b2ab771a312c1949561c81395

SHA1
bdc442e62d703bfbdf84327c69ca6a8aabb3d5e1

SHA256
9e237566305404e187cca580ed01815ff90488256c50fced3bc2d657207a4b99

SHA512
dfb3dec558f6fdd5caff479e411ec6b96c4959d6dd773b96fff0930d6e59d5ccb41987a149a95290116f196f4c1a9d5230dccd38b881073e90c88d53c08e6bf2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads