71b8d84aafac418501468bb2895a2e0a84451a55e130f986bff1df12ba6b7897

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37674233341137db0a6e2e058ba1da9e.exe
Size

500KB
MD5

37674233341137db0a6e2e058ba1da9e
SHA1

0ee187d3fe5950891794de55ca28f3c50fa459d3
SHA256

71b8d84aafac418501468bb2895a2e0a84451a55e130f986bff1df12ba6b7897
SHA512

5998cc04e23df31ce6b171d699f9a6c3e13c6643d4b1748351eb4319acf9cf5a646430e8dffd32052975c01dca686975d1eeee3e1269122852023573d76f0963
SSDEEP

6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvRAExJex5gfzDVlVXgaVU:5MMpXKb0hNGh1kG0HWnALbix5GpX/U

Score

10^/10

aspackv2 persistence ransomware

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	37674233341137db0a6e2e058ba1da9e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe HelpMe.exe"	HelpMe.exe

Renames multiple (5569) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

ASPack v2.12-2.42 5 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000400000001e630-4.dat	aspack_v212_v242
behavioral2/files/0x000400000001e630-3.dat	aspack_v212_v242
behavioral2/files/0x000100000000002c-15.dat	aspack_v212_v242
behavioral2/files/0x00090000000231ef-33.dat	aspack_v212_v242
behavioral2/files/0x000100000000002a-73.dat	aspack_v212_v242

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	37674233341137db0a6e2e058ba1da9e.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	HelpMe.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk	37674233341137db0a6e2e058ba1da9e.exe

Executes dropped EXE 1 IoCs

pid	Process
2872	HelpMe.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\J:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\X:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\E:	HelpMe.exe
File opened (read-only)	\??\Z:	HelpMe.exe
File opened (read-only)	\??\X:	HelpMe.exe
File opened (read-only)	\??\B:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\T:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\V:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\H:	HelpMe.exe
File opened (read-only)	\??\N:	HelpMe.exe
File opened (read-only)	\??\O:	HelpMe.exe
File opened (read-only)	\??\Q:	HelpMe.exe
File opened (read-only)	\??\V:	HelpMe.exe
File opened (read-only)	\??\U:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\W:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\Z:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\G:	HelpMe.exe
File opened (read-only)	\??\L:	HelpMe.exe
File opened (read-only)	\??\W:	HelpMe.exe
File opened (read-only)	\??\K:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\L:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\Y:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\B:	HelpMe.exe
File opened (read-only)	\??\R:	HelpMe.exe
File opened (read-only)	\??\H:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\I:	HelpMe.exe
File opened (read-only)	\??\K:	HelpMe.exe
File opened (read-only)	\??\A:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\E:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\P:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\S:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\J:	HelpMe.exe
File opened (read-only)	\??\M:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\N:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\O:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\M:	HelpMe.exe
File opened (read-only)	\??\S:	HelpMe.exe
File opened (read-only)	\??\T:	HelpMe.exe
File opened (read-only)	\??\U:	HelpMe.exe
File opened (read-only)	\??\Y:	HelpMe.exe
File opened (read-only)	\??\G:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\Q:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\R:	37674233341137db0a6e2e058ba1da9e.exe
File opened (read-only)	\??\A:	HelpMe.exe
File opened (read-only)	\??\P:	HelpMe.exe

Drops autorun.inf file 1 TTPs 3 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	F:\AUTORUN.INF	HelpMe.exe
File opened for modification	F:\AUTORUN.INF	37674233341137db0a6e2e058ba1da9e.exe
File opened for modification	C:\AUTORUN.INF	37674233341137db0a6e2e058ba1da9e.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\HelpMe.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Windows\SysWOW64\HelpMe.exe	HelpMe.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\PREVIEW.GIF.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Process.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationTypes.resources.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSORES.DLL.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Diagnostics.EventLog.Messages.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Concurrent.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Drawing.Common.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinStatusBar.v8.1.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\PREVIEW.GIF.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationCore.resources.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\LoanAmortization.xltx.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msoshext.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\vreg\dcf.x-none.msi.16.x-none.vreg.dat.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetCompare.HxS.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Royale.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe	37674233341137db0a6e2e058ba1da9e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.exe	37674233341137db0a6e2e058ba1da9e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2872	1960	37674233341137db0a6e2e058ba1da9e.exe	41
PID 1960 wrote to memory of 2872	1960	37674233341137db0a6e2e058ba1da9e.exe	41
PID 1960 wrote to memory of 2872	1960	37674233341137db0a6e2e058ba1da9e.exe	41

C:\Users\Admin\AppData\Local\Temp\37674233341137db0a6e2e058ba1da9e.exe
"C:\Users\Admin\AppData\Local\Temp\37674233341137db0a6e2e058ba1da9e.exe"
1⤵
- Modifies WinLogon for persistence
- Drops startup file
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\HelpMe.exe
  C:\Windows\system32\HelpMe.exe
  2⤵
  - Modifies WinLogon for persistence
  - Drops startup file
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in System32 directory
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1168293393-3419776239-306423207-1000\desktop.ini.exe

Filesize
83KB

MD5
05f24fcdde029abdf4a4983d6e742f74

SHA1
d3e6d05edd54add8b763eb7f67059e424c132c7f

SHA256
80c59e68b2c8ec34d8c765bf0a66aac9770f0df1e5cdc2f5a6356deb29eb4f45

SHA512
9509cab19aacad345b94411c38305120d6884e65694af2471b3fc790008c8714fee55ace88348d8d78f210739473887c10d701ea1167cea20fc78c2e0c7aa35a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
faa1c9d14af52841c3bb7834369388d6

SHA1
b3be351be3ad89c1c4de0ed938263f67f6487383

SHA256
5aca6a2a6f1ec2ffed413a06b34c006a8cfe3236e7c76c1577c26a76b524a68e

SHA512
248a0ef0f84b5f6e429babc9c17c759f29db0851e6ab334040372a513dab32a7480748cff16e4becf83006dd7acf19bff7f410c39bf7289155ab79bfdefce406

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
0fc7c814c2136e687312c019f4ce03ce

SHA1
344d66d29c33f4eb43480f52c198b1473c79d66d

SHA256
47fa1af01a0f85702710157df453788099881ad741905b30dac83f6dbc4baaf9

SHA512
5c430afe9d0059b5d553270586015022049fb21ad1a096ae2ed42535617e4bcd9097e8128d72a0f32f22930800c9d27877a5ee449a58c7a8ba8a8fe47dcf45d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
101ee0484bacca31f1f0c48fc9ebc189

SHA1
bb203fe580589d2a630c06e5ab9f2b0cc86462e9

SHA256
48ec94daaa6eff5e0cc68fcf4d0ffce91c80c9373897494932fc63e081da345f

SHA512
cc7b29984d20bbc52555621dd23a122755d6eeda1bff873338af9869c83e75b7d8e383653447a4e6ce0f7f813843654468d1800424204da3ca7714eb58a7d82d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
cd641f18fc03db120bcb2f5a6e82c6e3

SHA1
d62559b924808b90b95b116cfef1f7c3eba59330

SHA256
9f315060aee7ca497422bd63eb5b08c5a76d535eeba1fc2cebf11986a8f52a64

SHA512
16f24fccd2791e75380e88718876b8e37dd7714ab0b5e0dafefb07d8cfad16048020842e07747a6f933cc305fdaeed7a82b3f98edd64cdaef1bc02ca5c672486

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
5e632ebbadfe00592561d2df0fe6b460

SHA1
32019e9f7d440234cdf6cfbfa845d90c847439cc

SHA256
8f72e3847f71ff7d0dccf4040c732d2c31afa6ca4818d0e7bfc3a000c5ca8c95

SHA512
9e91c8f8f872ffda6a007bf6df880fc6d377acc43adaf325124e506fd6ccfcbdda3cfd1944acd8ab5b483d60085bd8f460ad7eb40d7ff366191baf1c9836bf84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8945728e7e695b6d88f060c80c728e7c

SHA1
ced1b69b60418c293817b46a6951c84184dcda80

SHA256
cc0fb16f43088fbc6ac472a62418161dcf1fe75d667d6da13684a22233f087c3

SHA512
aa89fa1305c95a07be9462675b2a2364ef3f5cace495658080313d320f705d9005a574d4bd110f3377b28ee1b27dbabca8432a3b304ec052886ebf202be5973b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
8b41d00ac53070acc66952910359872a

SHA1
05503241e73125a67f230275748ad12140d4ea7d

SHA256
cd949a37b7836ef5873eb33d61951f3120ba051a56e1d7334c0e63528698dca6

SHA512
a93e524fa3994f3f8deb37cf9780d50b9852e4c54f57cc405d773576e0d0462e296787424dae59b43804c89f03d8e967b8cc6a77d6576903927ffc652ca07548

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
fac355d9c461005e3e052f647493ce15

SHA1
20a426656737752b6940e3f9794e8606f300a84f

SHA256
2275a324716505eeb1f02341d49d9fa1d90bb0dc583eda3b553d6740e4d2d525

SHA512
6d29860024d8a117f4a57f945fe080ecb9f390d033e522a90a1f10a6d1c221e2bf571bfaa2b8ad17c4c88cb0c91abe7dbb17d7c39fedaab77a779bc4e68fa802

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
2fb3b99693b5e9fd9e52077e846f823e

SHA1
17aa0ead3a71d8f4e5fcf576fbf8ebbf704085e5

SHA256
c2acdd3cdb4cdb504420f2a1dc62c0cdd4bcf9fc03151397003da206b8ee9526

SHA512
8f3a0648069cf609f46c7e2daf9520e08cd715db0d28e5102f6f9b87c2cf5c88237f242e6dcab38ccc03eb46322cb1a5e22ec765fcc5d5c386b3f00b81e623ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
61cf919743fe2281a88bbfc141271165

SHA1
f8766376700eaeeac649467d657f3ca234279723

SHA256
07d15002a711b867c877dcc0de83d51f8de9f4d4c8302ecf0640bcc8e644059f

SHA512
d589a292c13f71ba476ba84e442acb95b7c33596ed374b0821a2e50616bec687408aefb15ef3cee0e187293c5ae67dda8edd33c5d8336643e21515ca0ba2e048

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
c14043cbf89eee9ec9638ff39decdcf1

SHA1
b309884b87b67f1839865bc1a0c29530b4cab969

SHA256
c5c5f204cb8f5d3d974feab4f2e342023d45f9746eafe33a6d49bea3773f5072

SHA512
669013db3337efaac9b876262ee07e14a4e612b8051905708c0a054c0d7c106719330c420ee75b7a6456e29d1606c349df3ba2a2bc713030cd864aa709247932

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
365ebac79ace608e14e8ab973bf2f6a5

SHA1
ea4590f8cd1686e1a4dad83e8a8aa1051541c053

SHA256
0d73f1b7d9fcc6bf947931387443a1c6293f650ec0b3c1a2be00403ca85a0482

SHA512
4ef5cd6ff91c1d52ae9fb2f4201047e5b82024fce53a85dd7bceb03ef173d0b98d2c9adc922e0f0fa4e506246d9898822f364482896d9e5aa679812dee05d920

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
37ce909e5c3ca1b273fd1d566d082b17

SHA1
32f242f2cd0d56385e28b03c129fde4586522f22

SHA256
f67029e69a5eeb450dad7d5bc4c9712df415d7c405796f22e5545e814565d467

SHA512
b324249b924d984abc76ff9f20f16ac1d44c17c9c93375588003c90fc6256da997ce43501443091a3ad17102bddd14cc80358e6cf06830c291afa7a8710b6d1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
bbd3ba0df279bf59ac8bf6ff0987ed38

SHA1
e71e6edf058d9c6c1b1f57eb9c4352cdcba73256

SHA256
2ecec7de8cacc61c25fbd951b26f72122ed41e9853bb4423e8e00ddc3ed4e150

SHA512
ac04d7ff528856e7ba2c170330ee9649943fcde45dec79a7de70e0972fca6ec85c257ed832f259f9fc00f09bd078102f07d359bb945310834a0a65cd0fd5e376

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c16a2cffbac0ba3152a65c860daeef8b

SHA1
3670e350c37d1c1ebce08b53800de48e7a5960b1

SHA256
d0d5d7aac2630f6fa908004e58a15886dcfff00c65cb5f81deed7f7a16b726f5

SHA512
07193ae8c88cf684bde42f5b40e2908b67c392fd9a085464da87f748984a406b3b39bba5b273044916d13eaeea902fb5ce4b62a34802e2e89ae9418c970089f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e1bd4f85c0e64ddd4a1687970f9ae11d

SHA1
5cfe02f9e4c2ffe72217ac6c7165bc10a838eec2

SHA256
2710303645d7a3437197aa69f19435756dc5d852f3ca6e1e53ed09c5f064dffd

SHA512
d3794774f0b480aab378fcc28aa6f52fdaf81d7bb335d9981c7bf717e57446214247c82aaca25ee3a906ef3acb8842e156e94f805a12599ad446721c3006b050

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
97415bca8701063cf8ee448c75e856be

SHA1
5c33a3b21c469a47be7383f70f02559207536da2

SHA256
b1079adf69b4b0dfb823d0c1009db7ea424e4f1ad2af7370b6a7673161c4381c

SHA512
6b3a3c8579e1800f1b3ae3aa5d2e4279f5c09c59b7ae90d0a30d8594e56a6eaa049f62cfde2421abbd72fad11327f5844aa5d0801e1910e95c0136b051f6ada9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
64ba3267ea8bb9608892b36d7a5cd2c5

SHA1
e08c07f113edb0db5a3c2036a4fd2916e9ab1a47

SHA256
a4969720162fa1c35daf64d832b904ae1882574580b5139aec34a6d99b385799

SHA512
95cff681f799640c32a63aaffe8a6e71b851df8f263be4f3adc6eb8b9077693524c8b1f9eece8d5481a66a062c747484fe825cc8f6ebb49d7bfbda166437e832

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8a042feee23c34cea7933af5824edcc7

SHA1
ec9a839d1e2ca79e86355283b0e864df6baeac70

SHA256
35ed6b3712de64e296e490a26507f872673647d34fdbddaef59355fe036381e6

SHA512
6275d9ff65d4ebe2b55869e410e129f7919c8c765343152c3d6bd03e250ef11f0fa09898a71788b633933a635f9670f20aed018e557a257f28ff7df63b5f590d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
6d52f69c278b65f75d4282e1a759f71b

SHA1
1d74cb79a3378f954b540a72e55b5e1ae4df3150

SHA256
3bec36d15d160b28fc6c3a1912a41bb99bf148d92d6f6f464a691f68ed32e923

SHA512
bc824d07cd7dae77efa0c50e2c01f8a3fab2ca7743bb48f1e23f00bef6a911021b003ece0e2b5a9fb019673ca66d3fc451a089924c4863460bdb0cb51aa7bc21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
4d263d0f372bf8271211009829711758

SHA1
837634348551f9ddec44c16156770e564eeb2e0a

SHA256
cb92b25aad5455188567d6bb5c5e5144e24f0a83d324b64a08aafce6aa11a7ab

SHA512
0adf19f62cdea8c7f90d24d79cb03805d28a3823f1e57c5e684d6d2eb1ec83a97c6bda28d4edbf053a820b1c088f40fba65fdb01074dad994090baeacafaede7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8412498ae1b43cbc949a25e30458696f

SHA1
4008a32ba6701f87473976bbf7ecc18c142b1677

SHA256
dea8ef20ab4a6e6c96a533e10e5a25b4395e708a05a357a9044657d26c458359

SHA512
0e171e097d27a6080b8644ea951c18b51c6307442b635ff19be858464f36a6eb4956ed8ae0e788901611c9334374bab1bf9ad74003b612ee5bd1efaa54f6d4ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
444f17a07224c620ab3f369f0d0989d5

SHA1
bf2b34a828aecf98f98ca044f0c0073ee2ba3812

SHA256
e8eb32e8e1438a140181c8ce469892a2224e5f46df5ec251db2098be04039da2

SHA512
f7c2a3c955192a2e6649eeab80ceaa1727b2a3129f63d04d925269aac733a0e4db00aed42cc0f148fb452ca70bf52d7ddcc18a7c924e51adf22231005e082ec3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
9aadd1a7e6b142e06f1453158c73286d

SHA1
f855ace53c4df10298b034b0618b6ddf7b2530af

SHA256
c6e547eda29b79621a26e3f51a34babb373d33a74ac82c7632cefedcf9654780

SHA512
e2cd4760b4d3eb2dc6c12245433cc4ba1a4de4dcf156e5ea8916f5bb99575b28e094b89702e09490f3ad6791e69774118688eeb49fc4074538a695d752543ce2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
f699c1ce9be3ce08cf800d21321bd41d

SHA1
4d7c5421969acc5e22daa97c7eaaf552f15cfd5b

SHA256
f1df8c7d16f4f5e1230a489401da4881c4280e912343464b4488771d82ec737a

SHA512
aaf2dc20b3f104cce3301a6a2cfd37fa680b1924b020142515c3ba0ce7c15ba143f6f108e08751af18a7890eaacea00ac3dbd6dfce473f01718da00cf694a53c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
c4b89c616a0f5899963af771beae50a1

SHA1
8a77a171fe0c22ece36414eceea13da96411a58f

SHA256
616d0245ab36a90c6234555698443850964b9a2f197045a25216c13fc24d5012

SHA512
dd5baeb8d2981ab41deb2cbb3956ac6069ff30a8505528817f4be502eeabadcbd7688ea7a1a77c0e426c2029727473239e4053c8e052aec346f428e96cfe4a54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8fd00758fcf3b3bac614d530757c9a5b

SHA1
8eef175f427326f10a19a7d906b25e00ccadeffa

SHA256
52f074f19a25232db1076ac07c7201e9018b65f889a1fbd1b7494f9fa72e225d

SHA512
ffbef266cdad7f7b0847d76f3b8681a8b26b3c066b4716b2bd7f21d43346102e79e6c83d011d81102e1b9ba16e10437424c07f5cc3cf17e337adc88c2702f5d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
e364e443cce5c3d627791d0710a670a1

SHA1
ee1c5dbc89f209f13ff16caf1d318e485b9400af

SHA256
503cdc8e43ab7595a4a5c8319ac3ce87c74ee6813e9d131a5959437f0cd95baa

SHA512
29ec9885e9a4c6ea4bfba6d0ca8c156b6abdade9552fbb9e31121304df20c431d2166faa24ec82bbbe8b811e4c9f9514e6ef9a4752d0dba0dadd7508f244c114

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
488bea32ef057795f8910b1fc93d6c73

SHA1
41b78b2ce49f4bbc1388182a72d265fe202b5a28

SHA256
5343a092bc2e619f876261e844115607dc1dfb5618ab50567201a0564d6e85f4

SHA512
be7c791bcfef8a3124c306420c341ac8d837c303a25e5f7c7463fd3175f2c170e52d323bb9a91707b02f66a51367fc36d268a6bae62a7621bb97da23843462f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6d5276b9c5dd24f95d310998e2b0e5ce

SHA1
e54375c15d008cb2a3768a26147bf6230ed8d405

SHA256
13c7ef43b6457cb84836acfc6922618fe726f93d6cd732b81593228326c42c99

SHA512
356347fdbdf479949d97dfa18d84f06ea845e94af117dbbc652807a38e6043e8cb9fa052ae53fdc180ff8b031b3c4c55fb4a7708a3dbe183b9c3430daadec119

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
b87067eace00d02490821c331f4a397f

SHA1
8330fdb60e2ef6f1e9987e8b773d5691747f4439

SHA256
9ec395a6ad490cb2b22cb0f212afab22dbb844d0f6d282bca6014fb463d99bed

SHA512
e9737813df9f652221a0ff0566677c2379afd14500fc16595118453c6acf7ca37e717c2c73091e67f11fd3415be20fafba2a4b0f1ad53a68720ef4b209789aed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
82469261539e1063fe5bb4da6ebe57d6

SHA1
b27a267ddf92699d37dc028e5fc2f504a4b24b16

SHA256
dee14feb86560bda4e14379edb36a9cb4022018837d2686f5cf092d658d6d05b

SHA512
2d429d0725c310b1f06a99df91550fec74749c53c6189deb24205d64eaa973f2e279d79699f5d70b26cf86d5542395b4969d2f49d0a6ffadd76ebe91efaa8748

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
2d024e225c7924debebbb65d5226d89d

SHA1
45f2f88890feff291648f23b0c61d48dbd0baabd

SHA256
8b49bce4d00d7456c7b5b16d92900c534110894ac8d8caffe216d05290a5f50f

SHA512
4740ae44c0cd9dd079bf7517411a7ee771496450740d4a7b8e0f623820d995a8b5348562ed835c7f0e1229816d1e0a33d4d1452963e12847b8e1d940033ee597

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
348676433fa2e095becf07775c71120d

SHA1
5c874f53735f8181571679c2a6fc9c86487ffd44

SHA256
d3c6e15a0da252c194dc9954df99fc0cc15b6776516100c4f8c2b9d2f4eb069e

SHA512
8f5dd2f5ae03d2fc45114db2c30839912ea4e6aa70ad1b23e70f8b49d86910fb7ad2345ca9a4ef3f71d1432617e8e7d561cf502a251a9ea5320fdb50c42fb3df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
6c4f481de3af725ac8f0af5d1f9fd76c

SHA1
65cea2af80af7171675ec88ff2ea424bb6678b52

SHA256
dda747aff44e400220fcabaa7705f0c40aae9fff2a32df52f9862df0edecfdf8

SHA512
4e07a776fb385b138ea5ef9b6a88ad027f3855d4c9ca22f063e16c66f9ee4aeb75934c306b653d1bb40f6a1c6b1fb3a6f5369a0be647d1e83a5191a87904c010

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
e6301d15f90316d31f129327d66fddd5

SHA1
715e7d417fe9eb8aba5a62846ca9c342095bbd15

SHA256
a405149196459dfa10ec8e33315ba0c10a8100b53d625d46ec99754485498b52

SHA512
3f4c1e441df77f0c379b5c874859057a6c9058cf3345cbb9538f0dfc5c0348a2fa18d903262f90858e5532cbe0d6347ccbdce816f4f79ae0e3ddd966977a651b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
1574d2ac59dc3e14ffa0728cc54eb36b

SHA1
926fcd7967ec0e486fd18ebbb857c3401e2275ce

SHA256
23baf48494048943ac6ecbe0fd6b3cd46403b92adba6aa645e4403eff88315d7

SHA512
cd6160073c9c5f4dd92658c0439183a878baa267b5674d9aece7c8881ffdd22b82c4367da145b0adb4d19177cc8f30d41b1929efd2d6a46bdf3bf27e026a6ead

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1KB

MD5
8b5e7fd3924d608e89efb14e0ac44f24

SHA1
f16f1fa823c4f80bb5added373ec12422a08ce16

SHA256
2f9f9eefd8b3b0ddc3cbb47ed4f44d55989c8a0d7e977d8cb415051a3725c1e3

SHA512
5a7bcbc782df5456b39edb461f959a62d4948c927dff1f3586357dbbf8940e8fe14fbdde04836b672da81cf5d5034a8d17042bd997ff3fe99baf861421b76f02

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk

Filesize
1019B

MD5
fd7cf7a020cdc482d308ed0122afa4f1

SHA1
5c01df4a7c5365fa89eed2ee95176f73654dfdd7

SHA256
2fb775154191b6b0a215d0ea16c5e0095763533767d9f22b78d4c55507a42ceb

SHA512
7e5abb6731f78673955a27834a881d9d6494d52d6efe54bf6ac06f23ea940996ed431731b8076850b211f1367a3d2c1155fe8f66faf62b285b12a834193f602e

Download Submit
C:\Windows\SysWOW64\HelpMe.exe

Filesize
471KB

MD5
a15ad7cfaec745fc4f0697b15947d726

SHA1
2556c8b78c9f30ec67090832316ef2703d82dc82

SHA256
f34efba6c582964c07cd0f0ce0c25a8958a13c068abbeda274ea27f1429324f1

SHA512
d6622e99a7d656254a03640490f7e07483fa8b981e7dbd05e5f40d3ada8974464e2e0ff6e44a1d58ee2a67c2aae46da73c89bafdfc3be905e66aad336a528bcb

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1168293393-3419776239-306423207-1000\desktop.ini.exe

Filesize
381KB

MD5
dcd9f3075c92188273a3c302f74f5cd5

SHA1
2a6e1bc425c7452a76fcc480d6c134e9bbf4586b

SHA256
d72c18a69fc33dfd7a49d4d907000065024eaa40f67876ad3e4e3adc1f2c33e4

SHA512
57e30d8a026a51e75f1646b634379f1bec4d37ce20900978512a228436a7a0c3dc386c633cd150fd54618008b3d2870ae5ac17b7ef459bdf327a839da9cd2078

Download Submit
F:\AUTORUN.INF

Filesize
145B

MD5
ca13857b2fd3895a39f09d9dde3cca97

SHA1
8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

SHA256
cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

SHA512
55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

Download Submit
F:\AutoRun.exe

Filesize
7KB

MD5
39cd2e3e281bbaae28ba5469827f5db7

SHA1
17d40766dbaac897fdc50a9787c3913349b442ca

SHA256
fdea1341585d11ac48f4b16b915ea724fa90efaa669a1e69345002e2a18e7d9e

SHA512
7cfcf80c0bd4e78d4a06a6082acb73e59b9a06be7662a792986ad472e00f9da533167e137096d6ead0760ee42413af766bb54cc7d3456b224fc2185ff81b8aa3

Download Submit
memory/1960-0-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/1960-7354-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2872-5-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads