a6cebeb00e23f69189901beeef2a6f245281144730f641733949c4360ba6415e

Analysis

max time kernel
135s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 18:02

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

2024-03-06_21-25-25.z03
Size

25.0MB
MD5

06644c1b4e9a077db1ac51bf794fdc21
SHA1

237aa64fbcf0c5fd265e2f49708099f470cd44c8
SHA256

a6cebeb00e23f69189901beeef2a6f245281144730f641733949c4360ba6415e
SHA512

25064600d0bc7cfd2b56491baf4a7d19611abe2c28af4eac10625bcd27c94623e16fba9216c5167adbc3961fa99194ed5ff1cf1597100f23990d6257c7361c13
SSDEEP

786432:2A8FmJk+m7WRNsc/uwFZNogpMDsAp5HsmxK:2Ahi+1skFPobDscsmxK

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

MEMZ.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation MEMZ.exe
Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

3996 MEMZ.exe
3872 MEMZ.exe
3376 MEMZ.exe
2492 MEMZ.exe
6140 MEMZ.exe
1644 MEMZ.exe
5132 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

320 raw.githubusercontent.com
321 raw.githubusercontent.com
322 raw.githubusercontent.com
323 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	MEMZ.exe

pid	process
3996	MEMZ.exe
3872	MEMZ.exe
3376	MEMZ.exe
2492	MEMZ.exe
6140	MEMZ.exe
1644	MEMZ.exe
5132	MEMZ.exe

flow	ioc
320	raw.githubusercontent.com
321	raw.githubusercontent.com
322	raw.githubusercontent.com
323	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 3 IoCs

Processes:

firefox.execmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exe

pid	process
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe

Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
656
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

firefox.exeMEMZ.exe

description pid process

Token: SeDebugPrivilege 4220 firefox.exe
Token: SeDebugPrivilege 4220 firefox.exe
Token: SeShutdownPrivilege 2492 MEMZ.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4220 firefox.exe
4220 firefox.exe
4220 firefox.exe
4220 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4220 firefox.exe
4220 firefox.exe
4220 firefox.exe

pid
4
4
4
4
4
656

description	pid	process
Token: SeDebugPrivilege	4220	firefox.exe
Token: SeDebugPrivilege	4220	firefox.exe
Token: SeShutdownPrivilege	2492	MEMZ.exe

pid	process
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe

pid	process
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

OpenWith.exefirefox.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4440	OpenWith.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
4220	firefox.exe
3872	MEMZ.exe
2492	MEMZ.exe
6140	MEMZ.exe
3376	MEMZ.exe
2492	MEMZ.exe
6140	MEMZ.exe
3376	MEMZ.exe
3872	MEMZ.exe
3872	MEMZ.exe
2492	MEMZ.exe
3376	MEMZ.exe
6140	MEMZ.exe
2492	MEMZ.exe
3872	MEMZ.exe
6140	MEMZ.exe
3376	MEMZ.exe
3872	MEMZ.exe
6140	MEMZ.exe
3376	MEMZ.exe
2492	MEMZ.exe
2492	MEMZ.exe
6140	MEMZ.exe
3376	MEMZ.exe
3872	MEMZ.exe
2492	MEMZ.exe
3872	MEMZ.exe
6140	MEMZ.exe
3376	MEMZ.exe
2492	MEMZ.exe
6140	MEMZ.exe
3376	MEMZ.exe
3872	MEMZ.exe
2492	MEMZ.exe
3872	MEMZ.exe
3376	MEMZ.exe
6140	MEMZ.exe
2492	MEMZ.exe
3376	MEMZ.exe
6140	MEMZ.exe
3872	MEMZ.exe
2492	MEMZ.exe
3872	MEMZ.exe
3376	MEMZ.exe
6140	MEMZ.exe
2492	MEMZ.exe
3376	MEMZ.exe
6140	MEMZ.exe
3872	MEMZ.exe
2492	MEMZ.exe
3872	MEMZ.exe
3376	MEMZ.exe
6140	MEMZ.exe
2492	MEMZ.exe
3376	MEMZ.exe
3872	MEMZ.exe
6140	MEMZ.exe
2492	MEMZ.exe
3872	MEMZ.exe
3376	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 1312 wrote to memory of 4220	1312	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 1772	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe
PID 4220 wrote to memory of 5032	4220	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\2024-03-06_21-25-25.z03
1⤵
- Modifies registry class
PID:1284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.0.1103948197\288308116" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22de7ca3-6eaa-461d-814c-6939bd35f874} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 1896 1a653e2e358 gpu
3⤵
PID:1772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.1.1124619523\1399902200" -parentBuildID 20230214051806 -prefsHandle 2436 -prefMapHandle 2424 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6f258ef-61ae-4844-a24b-a15a122e1ada} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 2464 1a647088a58 socket
3⤵
- Checks processor information in registry
PID:5032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.2.2008051269\1990008674" -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2888 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53dc2b21-306c-41a3-8cde-9997daa9635b} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 3004 1a656b22558 tab
3⤵
PID:3912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.3.2090283712\276729818" -childID 2 -isForBrowser -prefsHandle 4204 -prefMapHandle 4200 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ad264d7-007e-4a66-b642-01dd561ac76b} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 4216 1a658b84b58 tab
3⤵
PID:4744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.4.1708653741\222406908" -childID 3 -isForBrowser -prefsHandle 5076 -prefMapHandle 5016 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5a55fac-2285-4caf-a341-317999ee2f5a} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 5128 1a659161158 tab
3⤵
PID:2476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.5.2021786146\923088263" -childID 4 -isForBrowser -prefsHandle 5356 -prefMapHandle 5352 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b21f146-f0a4-4c8b-b217-bfce3cdc5408} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 5364 1a65b8e0858 tab
3⤵
PID:1164

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.6.149710493\605963705" -childID 5 -isForBrowser -prefsHandle 5272 -prefMapHandle 5384 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14cd1f7c-7a10-4555-a8b5-bfd2520c06fb} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 5444 1a65b8dff58 tab
3⤵
PID:1672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.7.1270768624\510380807" -childID 6 -isForBrowser -prefsHandle 5844 -prefMapHandle 5840 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ecd52e0-3d2a-42f4-9e4b-1029c6674684} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 5852 1a653070258 tab
3⤵
PID:3584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.8.587136016\697461690" -childID 7 -isForBrowser -prefsHandle 2596 -prefMapHandle 4396 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa81b07f-1346-4a06-9241-cc0ee6408025} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 3548 1a65bb05058 tab
3⤵
PID:620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.9.1958185032\1058418984" -childID 8 -isForBrowser -prefsHandle 6020 -prefMapHandle 6024 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf51c4c5-b6b2-45db-b4dc-a67ac0962b5b} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 5980 1a65ba45558 tab
3⤵
PID:5052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.10.353969286\29441176" -parentBuildID 20230214051806 -prefsHandle 6280 -prefMapHandle 6300 -prefsLen 27776 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01709e09-50a2-436a-abf6-d314f654688f} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 6324 1a65c792358 rdd
3⤵
PID:2920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.11.1342211563\1286506626" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6204 -prefMapHandle 6208 -prefsLen 27776 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b8d7c0d-4a7a-4014-a06a-df3ff36109b5} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 6200 1a65c793558 utility
3⤵
PID:2368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.12.1154177387\547009675" -childID 9 -isForBrowser -prefsHandle 6548 -prefMapHandle 4576 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c8655c8-f8da-4486-b0df-38630a5e8bd5} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 6552 1a65bb06858 tab
3⤵
PID:5156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.13.1470813077\56208956" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 6668 -prefMapHandle 10876 -prefsLen 27776 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c96cf4dc-cd33-4cbf-a2b6-8156be65137e} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 9632 1a6589da158 utility
3⤵
PID:5304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.14.1605342582\1971451874" -childID 10 -isForBrowser -prefsHandle 9552 -prefMapHandle 5452 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8f80791-bd46-458c-ad36-8ce55884f0b3} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 10904 1a65aafa058 tab
3⤵
PID:5000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4220.15.515760583\2044421179" -childID 11 -isForBrowser -prefsHandle 9424 -prefMapHandle 9428 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1216 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6270890-1f6e-4d5d-8954-aaf846253e5e} 4220 "\\.\pipe\gecko-crash-server-pipe.4220" 9412 1a65d204a58 tab
3⤵
PID:5136

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
PID:3996

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3872

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3376

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6140

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
PID:1644

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
4⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:5132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:5860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5572

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp
Filesize
26KB

MD5
ec77bd243a42e65d122ff8b8ff185366

SHA1
161e00d06c53c0860abe7908d6bb806a66749c0a

SHA256
c116596d6245854c41705c0758995694149c94c5608e68158812ff9309b96f78

SHA512
33537d4d9112afc8beb32528a441629d6d0ec6d262fa559e5a288e1e2ad69762f5bd41a65f0945fdd9859bad40f54e352bb03dfb4e6e44f45e5f8180e728bc67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\11210
Filesize
16KB

MD5
4478e75475e97b495583eec9000ab921

SHA1
1652a50fa4858864eb1f322f3aef57ae6cca6acc

SHA256
a3b863d873658b8c48c142f498ea878c3d7931152f87dffad3e91bc92513e976

SHA512
0de64bc4290904c9787c2088a064ccc940102c8433ac4908f9f27f437d2dfcadc8f75be005e79652e54209f160608012ee3eca12c986a17b8d4ffbd924df2e99

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\19112
Filesize
16KB

MD5
b9670b8598eac0a641fce6b184315c94

SHA1
7791288b41356fec961eb37353edab00019d6a80

SHA256
68b6622f710b38af4a16969c98095876aa0919f16720ab3338e4f17cfab61381

SHA512
7e6e48512137284786063572d1c761615a85381fb44e948fbc2ac817c9daaa8e3cb9742ea367ca9e96ed522c8ff4d5f8a51206e4a67a1d1389865ddd93cb6869

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\20860
Filesize
19KB

MD5
966c5b0e4db28e0d9ab111b428806bd2

SHA1
6284056c27b42fefdc742b071985e4301539697b

SHA256
bd5e62bcb4820bf2a613c7ecf628ffc309c2cf5198cb9fee36fd9677e6a3cc0a

SHA512
87ab525ac9d32104d5f157647fc0a4c65d45f9cd35b9cb94ad3545857726807a67fd80c1f1ceb1ec42309ef282fd266c10f06795e6e28ef01b2fadb6c3b6f42d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\21189
Filesize
16KB

MD5
e75abdf7ef38dfa8074e3105461c21a7

SHA1
0bc0a977e5de78c4a4545f7539b9871cfc57353a

SHA256
51ba318ce402bbcc5687d711406983964aee6b8fe69b8ba9a6bb44e5a2aa0a0a

SHA512
ad0ed59f02e141d5b1d905fdb02c0a2b17c6e12b921f92fba3e8dcfa31ff3f2f66d152c3d6d04f4efffc52f606d341f7f4101e8dc603844ddce294b0feccacad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\23176
Filesize
24KB

MD5
b8bb2a4fba658dc96f25b89e598e70ce

SHA1
01b99082baf232124ac2c5f2f2f72a5a2e1ff4cb

SHA256
99f47c151fcf27b4e85b75c67dcc39649bcd1cd08cfd0cc4bd9b298e69b1b208

SHA512
9f3b5801c025393138f7b8b25108f1f490a330f233467be6c1d8ad8b98c5ef6bda3ee833e20b93c8308e2084671976bffaf33954b8d9141136896a6719697abe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\23746
Filesize
18KB

MD5
011eab202b4b02aa3500a46b7d7272b4

SHA1
5b30c67b053f049178a91d83d44679b8c631dd32

SHA256
c993f0a1c9f5263d20f3f9cc2757cddfbfba533483892f7b6b7f1f03f2d875d5

SHA512
1416f58919576587a39aaac89ed63628d479c4cfbce57668ba3829cd9e1ebf928548debef2d9c522c9c97069f7e0bc210ca22ff43fed5210382c70a1f4342b4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\2381
Filesize
16KB

MD5
fcf2b1a6423693b861b8d2fca03211ae

SHA1
9e9e79113309f7a36976238325de179b80cea839

SHA256
8d799d73e16b51343ec7d06c3719127122bd656fc9830b626991a21b926acf6b

SHA512
cffc08f4b2dcdf18c2bf7fd1aa3bd8e8a50c659763c650b2679bc7df65eeb1510fad653c44f0168b084ee72dc291d34656cb2c534a8b1e0644c57f67f12c132b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\25258
Filesize
15KB

MD5
cd659d252c7eb9aab05702f87440d53e

SHA1
5eeca385d62c8c2c1704e06cd6e957b6efe2953e

SHA256
4defbf0fb9a8c3b5bf7971d8c29a2a573a3145380c33c94856e9080042de4ecd

SHA512
0d15c324273c0c8461d912574f224c367e3ee8e31d80e6f1c7921ae4bf17ab188c54630adb8df7f8c754d3a11986e50f2c42c15641d8da03eebae0f1e883184f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\29304
Filesize
17KB

MD5
1904baf1253553f6a4f605f48e0d733e

SHA1
905adb7e7aabe90cb335c20e729cb374305c4358

SHA256
28acdcfced7a744aab2130c6137e5e813b8a5280dc89cdc45d843a33e2209cec

SHA512
bf0ec5d9ab3a006ab94689d8fb3016e8c63887b62fb66ecd767301504514aea7061888642edc5d074bfd7a71487e513cfbd246b716180dc1c98fdb3109941ced

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\30174
Filesize
16KB

MD5
9dde5f28bab6d3aff7cf4d18c1ed62f4

SHA1
6db9a31bf5f7db30786a41911df58cf1ce6c6b69

SHA256
95f8d5112c0ebc6d4aaef1065506b796cc24f8b40a71ee2a410fe6e806f06d91

SHA512
b1cf980e4fb04a3dfd87e2b4b30272ccab8bee5d56bcb37865f92f00454a4c7d9e75f2509ae45762a2622f4cadfadfee354bf2ec47a261ac87a32f2af0311e35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\6240
Filesize
16KB

MD5
48a7b1b66b7f2a14eee06961d6299907

SHA1
5c7bc5f9149b0169485936ec4c16c565370ab812

SHA256
3bab016941c61f1fc10a8b989e2e11f61e87a2e043caf8087170bc2255d1870c

SHA512
e114b9eb9421c8336bb13a1cabf2ed41e314c5c94245a29235050e4dbc3ab7003b7013ddee4fcd1ab1349ce3eed56b38e126363df392b72c9bd8d51d790a2169

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\8597
Filesize
25KB

MD5
865c9c9df1f0e0397f25a0be07c47f04

SHA1
69463cfcc154650f045dfd303b670537a97d8ee3

SHA256
e7acc7a99c1766d4db909fccf307a5928f005be3239cbfe888cd1d826d1651c2

SHA512
ebfdf13321308a170e3f4c1ae76e9a01a0c3f89c375be961444b25a4c27fbb2d53476d522db705a8e5027080f74450fe30789b05d9b4576b4bf7284f60828dc2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\doomed\9458
Filesize
16KB

MD5
08b9b66634d051a479925efc3ffcc352

SHA1
610445805df92121502e5f5cc94d83d3a497a320

SHA256
eef6c67574bd0330409f598c28d893205dbb67217fb74d30901ad5cb94d1e561

SHA512
c1694f61562966e452b907f0033fb642ba1b380baec44f71251a034a96674d6405bbbfa5194ad0d5b4e70d300051e9cb4e0f50ee918147c65e47d6239b8fe3aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
6KB

MD5
f0aaed6704be68f2f74063f5708b860a

SHA1
17110a5c7552aa3a5ce2c49770da9b0fba7a95b3

SHA256
4caac514fbd4497e6fd37a9137bef2b569f7c69e8cd7a127bb582d1ed5a40a03

SHA512
1b0c69ea0f6862cb88242e94036fb10d06c74ee4603e905c4782a26635e809a33fc1d67b6a15a2915bff0b01076d112947565fc5d873ca23fc2796cbd5ce11b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
7KB

MD5
a10f85118ee0643ec71af43577e4c90e

SHA1
d998a1cbbaec3cf2166f03014d972afd16e79805

SHA256
97413efe3d03824fed8c585037eb3a38ef72767b11adac1b20ba7a9c8bbdf5c1

SHA512
8b573fa36ac47594457a09fe9d4c65ec79d3dc7e37b910b3cf4ee582e4b821cf7244b43451af0d3c4393f44f64ff33adf62f8a2e49d353fd3baa0713934d1932

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
7KB

MD5
2e93d7e7278eab7b85f0e87711176e14

SHA1
bc22a96165da9de8dec6b94d17598f28ab10c371

SHA256
cb165ee8730626c5260052776b51b36593c9f9b843c18d82fe3b341b9460db36

SHA512
9cfc853a6c4850640dfff5c640b6e0c203cd8ce98be7a286c6274cfdad232dda55fc09155c7637c699fbe6420fad23514a99c8e1422dcd1587506449c9dceba9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
1fa13e0f878a32495754b850c6732725

SHA1
5ed12e7cba17c4cc9e8f5f2d1cd7382bba16b679

SHA256
9266f6cd29a00e2050cadaab1875e9f55cc95267c9f879c539ca38c248532b7f

SHA512
4cf39ff6a43bf5226c208cddfee34a0d4dd529682afd662054aaba8fa85aecfd800b1e314bd56781ee965020261d10b08497f0cdc0ffa791f24faa04f4dfbf1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
9bfad81e441c8f9d3b3bcd8b3b9a933c

SHA1
b48ca63dbeb4d1fb6a6ec31e2c89c5f8935625fc

SHA256
5f0d0e0f45a2eae847dced1a40027ef6b8d03546b16ed0a19bef1af9adabfc73

SHA512
1e83d5fd22f3f197a57f89ef626d273044762a4382c83aa3669dd9fd980bfd01951e3e23b28adb68631b5397036ad7e5f35dfd3444484e7053d402d0b1eab8d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
2c5f252a5fc49f40af67c1e9673d8a83

SHA1
25eadc375285c95d8339d8d95b25a9782f49af04

SHA256
d5c44398af778082abcca4f6f4b093d415f037a39a1b0cb8c97768c73ed1195c

SHA512
c08e41984550ada048589c71b6557a6eb5038378bcdd0aac2fd9f00ab88065af69c7b98005127faeca5f8f4d002d8ed3e957b3c5d902ff767b49ecafe7b052c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
8f59a805d5f9da5cd52a0fcfc1fa9822

SHA1
f83294d19dff48bb7a52f3949c92ac82df075c0e

SHA256
7cc50f0fad29fd23e9d12dcf58fe815d68e5d769f25fe38ae1617885122783b1

SHA512
e2c1e21798246271c841c79cde23ef8b39a945cb7ea629df9ee6ab88d3c2f5a3cd93e6a45815576a68bbb75ffbc249e1fc47d699609d5fa8710cd00c258539b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
07aa533deceb2854bb4506c8394a02bf

SHA1
98ccf94fd3d11ecce2d30c8afcebef0ac245d795

SHA256
3cfcd33922d481f9f06a93074816e885a7dc0144d48937c10fc5ba5b7f6a8df9

SHA512
324b0c5f2fa7599eea8ad08f82bfaff3186c4b9a9c3b4e2c015e97a5e0eeae0111a246c55ea5ffc1c7b73949739ca7c6dfd333acadd7b1efef56adc0fa044a31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
695eb576e988e3047ac57f6a6fd945f8

SHA1
cc01fc1256205b888591d0d239896865e3dc4815

SHA256
4a5c2afd53d40be2768fcc61cd0403c46fa64f138e6999684e6bf34294c59dda

SHA512
9e782eec795f6126827c77c777b779642ba57c33b6abc26729ca5fe1a6c7620479abd82d694d1179130ce3aeb50a2566b5cd5840dc540a97d59756698d861edb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore.jsonlz4
Filesize
8KB

MD5
3278d84f81198170d716f5d7683e19a5

SHA1
ff0d7cfd5fe0e2a1b497f1cadfc34262158242e0

SHA256
c06c84479bb924f6cf28213b4ad8cd45c800629819442107dbcdbcfb75ccdd04

SHA512
862ee22ab2a7d87d071d8638d5f6aa5d1145b484122e7e2c965b7026ed33a0a5949f4ef2eaa145b55b9d2258a7eb3421dfbee29c5514e5141e53ec2256d98568

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\default\https+++www.youtube.com\cache\morgue\208\{f271bc7e-4371-4354-a964-ca563a237bd0}.final
Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\default\https+++www.youtube.com\idb\1766604198yCt7-%iCt7-%rce3sfp6o.sqlite
Filesize
48KB

MD5
ce7210a33cf8da847f31067250b699ab

SHA1
31cd830f5e3045636a40cc984500ae4d6ad07943

SHA256
86290ac7d92786f86ef4750fda0bfe2ce2b85a82f223cf30be911e3b1d501bba

SHA512
9e3369fe5acff559606e5bf18b8e54ea15804753f6edfba603be62c8053b64b3c6a8ef14503d96a8523e0f758ce1332df18e905fbf784a3bc6b5ad9e7b0bef48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
a720981526551b33f6e66e4156fa73a1

SHA1
3bf45d0d83f635ca9af617f486bc75e59f6f3e30

SHA256
766fc5c7dd78c9bfd9be979550b351f0dc8e3e206bc02d4342ff274c9286abbf

SHA512
209baae644fb7c00e6b3fd5fff2f48a825f0bcaf27218e1dfc655082abe738fc9fafd41fc80a116275380f86c7271f0cf7f6056a200c8a13a5fb4a7e4bcd9695

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads