| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol:Web Protocols | |
| Enterprise | T1573 | .001 | Encrypted Channel:Symmetric Cryptography | |
| Enterprise | T1069 | .001 | Permission Groups Discovery:Local Groups | Sys10 collects the group name of the logged-in user and sends it to the C2.[1] |
| Enterprise | T1082 | System Information Discovery | Sys10 collects the computer name, OS versioning information, and OS install date and sends the information to the C2.[1] | |
| Enterprise | T1016 | System Network Configuration Discovery | Sys10 collects the local IP address of the victim and sends it to the C2.[1] | |
| Enterprise | T1033 | System Owner/User Discovery | Sys10 collects the account name of the logged-in user and sends it to the C2.[1] | |