a34209ae6fe8961f8f5d5c76793ae43b2aa0f927b741017d67508b5281e7d67c

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Size

932KB
MD5

0f7a9273863e4ec38f080763d206c1e7
SHA1

1cdec76da9116737199d22856bdb07c30ecd4ed3
SHA256

a34209ae6fe8961f8f5d5c76793ae43b2aa0f927b741017d67508b5281e7d67c
SHA512

5fd3484886c40ab8c452e9a22c7ace6bbc26ec9c7afb1a158d904cd84ba674750520ba6380b61e17481785e5622acca6cbf8a8bdf94b92ff9953ad139b835fde
SSDEEP

12288:l5Xe6gi+4Bb6uQa+qgYnEil+C/87dDEx+yppu5MOL9fTnxedGm97OmTxZpRqE/gt:pq4BbxLg6EiI7FY+QuaOL9f47OmlzR5c

Score

6^/10

adware discovery evasion persistence stealer trojan

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe /onboot"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download FLV video content with IDM	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download FLV video content with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEGetVL.htm"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEGetAll.htm"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\contexts = "243"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Low Rights	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download FLV video content with IDM\contexts = "243"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IEExt.htm"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with IDM	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Temp"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\ftp\	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ = "IDMan.CIDMLinkTransmitter"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\https\	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\WOW6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}\Model = "276"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\WOW6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}\Therad = "1"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\http\	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\WOW6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeRestorePrivilege	704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
704	0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f7a9273863e4ec38f080763d206c1e7_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Installs/modifies Browser Helper Object
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\idmmbc_2\idmmbc_2.log

Filesize
356B

MD5
df692fd0f14e9162789df9746fa318e1

SHA1
6e4938567c0c98fd54077622c3f352931215f2e7

SHA256
db9cf3ddd173e7b9e759f943b8de982730ba29f23644f1441901cba083fdec43

SHA512
7b702a97ee9cff62fcda7e2b186e54ed6f5eac9de70533dbe0bbf887941912d2d4e815a949695c97201e41a7679edabb1d321fbc5ca934104850bf4c9f017e8a

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\testing_1\testing_1.log

Filesize
887B

MD5
80a6051f9a6d813677c17980fc084c87

SHA1
c76b807932160d7d12bb2e229fe0402e4c3de3bf

SHA256
6c63bb58819520d2cb08c636ff0274b470a72eaaf58fa7cd5e90e1c48180db65

SHA512
bb063431fa319b47ad14f7200d72a160821577f789d460ec26cadb1b4b61e342a66016fe4de31925f06e0dd2a993a6a372d706dae2f6b24e578aec123d207410

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\testing_1\testing_1.log

Filesize
298B

MD5
b720552533db150dc223a757ac3ebca6

SHA1
9fa6a51f49e56f9b994bea2dbafe6563b0e0967d

SHA256
0e8a2fe94a617783d9d6e1ce0949d5d3d62872c1b1d272119979a5b8a1f73892

SHA512
a12a850e3dbcb159e39177ee8f84337efaedefcd35e171c287be5498f8f9fbe2c96e756643fe057f94f640da9aab0f6bf81b04222b504c01d3fc6da3bf37c176

Download Submit
memory/704-74-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-77-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-53-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-1-0x0000000000830000-0x0000000000832000-memory.dmp

Filesize
8KB

Download
memory/704-71-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-72-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-73-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-0-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-75-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-54-0x0000000000830000-0x0000000000832000-memory.dmp

Filesize
8KB

Download
memory/704-78-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-80-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-81-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-82-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-83-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-84-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/704-85-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads