314ebae4b7fc2a469b7de3aea6246db22cc31f2e7ee443b6126cee0b8a10566a

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2023, 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86c6b589396bd7069c39b4dc6578b1ad.rtf
Size

45KB
MD5

86c6b589396bd7069c39b4dc6578b1ad
SHA1

f74ab2fadf5bd8b3ceed9cb2909f1920435d414f
SHA256

314ebae4b7fc2a469b7de3aea6246db22cc31f2e7ee443b6126cee0b8a10566a
SHA512

76a0f63f04f668f7a9d26389ec589bf7a9d28b55736839f7e26a2d4c4f69fd17c725f9baa749bee4dcee5dc46295086864cd0ccfb319c5cb421819a38fec839d
SSDEEP

768:YFx0XaIsnPRIa4fwJMGlMZVCA5iZv+nbV9XdGSgudgutrbdYd2b+y:Yf0Xvx3EMGEiZ2bDMFudguNbdYde

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{56178AD3-871F-4DC9-9DAF-BE26DE6A1129}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2776	WINWORD.EXE
2776	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3868	svchost.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2776	WINWORD.EXE
2776	WINWORD.EXE
2776	WINWORD.EXE
2776	WINWORD.EXE
2776	WINWORD.EXE
2776	WINWORD.EXE
2776	WINWORD.EXE
2776	WINWORD.EXE

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\86c6b589396bd7069c39b4dc6578b1ad.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:1860

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2500

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3868

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsuE85C.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
fcae1ab1e3e6966fc0045c376aa8a37b

SHA1
550ec346d96ed646a38eea919e2fb9d57fbea44b

SHA256
d6adf5bb0b4441fe2f11cee14b7e148237342b94b68e55d89de42adf6a7ef031

SHA512
9cf71a5d6be32417b72532e0e00fdcf048b7aa1db778d2ec6eca306c2f11812a0cc9516d5c6c5ad0e182a8caa3bcecfbbbae6a47aa69ed0327cad6ca2997ac4e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
c8fbb15e3f4a388a5441f666df47dbb0

SHA1
92a40448af323bb3dada837cb81b23a73b13d767

SHA256
c4cc1bc74477d83f724725997d7c87ae8a609cf58bde73102399733fae185805

SHA512
0068d0fcd90bbf748b6e64f82b308a66f1d3c7a3ad1e738f96743e176e2a58dad16a2e5026988e74df125c85df95076e9cfe81f727b6b7e9a5beb259398511e0

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
369aeaf7dc80fbd68234fe33662ece91

SHA1
a45cdf4eb4e53e7e70fdd315863a17839b32deb1

SHA256
091f27536bb91a64adcc45d8b666154a7ca571b7e4a5eeb8bbca1b218c39936a

SHA512
b5f9027619e45a89721f6791d1623189962b609a15732677a783f09ad325615f15da49e7aaa390d50031dcb1f0dda6ca4f6178c4fa6fb2a8a2cfc9d6c802d060

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ec53bb66908896dc4ea4292c38977c61

SHA1
1b7ce3f71ad0b077ab716b72ccc3edf1fe5a1600

SHA256
8e18ed8d55acfc9a79ff93f26495e1a43ed376fda597e96410cc4a6b3f038113

SHA512
2fe1f8b92467df3b1b092d2df3579f97ead28da1f0e388671c88769a41911d257b22aa51d62cc33883337ff8b1c7e46bc7f522f11a48c6cca00d902a31fdb17b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
89b6bd1ff2e99413044af9eafba4c8a0

SHA1
5487150e21d1efcec9188b009953a0e73bc7f99a

SHA256
e7e2ed24684d1565272a7ba1fee935f3b3629b30369e48283f46a8026b7a5cb9

SHA512
cc8a5284242bc03b8e5310e219897e0ae8085653272eac6c53ea1e3f611c71826f6f682fcb1d4f4b4afe6d9a9e1c7dd3938d138b5b4794db933669dcac43548d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
4074b60bfc971e1054d01483ae1a07c2

SHA1
6017f67f702c65c38f16930c145786789b904acf

SHA256
74407686067ca9c4c7073526380a17cc436fe757cccd6eddb8f4c8158d7a6a37

SHA512
ac2cc1e516fcccbe273e5319b1fd762269bb861686910bb958122438a28f53c6df340249367f2c42a0081e7e8382c8c711cc55495e487c089c8f94e4ad96c360

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
21e087a72f6108ae9bc34612986b5ffa

SHA1
7b6b21e08cfcf4827da6774ff53bc2957c08c044

SHA256
e9a3ff8131f47f4637f2bf4d98b626613e85bb219852e90d3d489d1056027a5c

SHA512
4eb5851efa3cad756e251f3a5d0dc1adfe5c0e318582e9d568c1a479ac18cf77365e7f3f864f069fe34eda86bc0c79745aa211e871cb81e4db3d7233cc4b8342

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
3e6a69e2b46c55ee6478a722b3baceb9

SHA1
7fb8fc7ef426477d7a76431e28f54306a9f707e4

SHA256
d468fd6672950cfb883312cbc6f30ce65b5216802e908003a2b8e8e8b23a987f

SHA512
ff4c46ac0845c2251a5bda0568c1c30270dc31bef15848e736a384bfe1359ca7024b2861fe88358b0edfd218f65d9eecb6f1712ff05635ef5490b86d9751e961

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
19d70e07ebaa6fed354aa8f27d8bc0ca

SHA1
c5b2ee19df026a1750ffaef4279c5fe3a3b02c2c

SHA256
c159c1443b35b5d827c4498ad0a512f45c2729a91c35a7baa34fdb5c1c5895c2

SHA512
5a72bb8d29f130114f7aac97e68c959d6983b7c3e10f5612a1608b89f77dec83c2bbd38ff1ff4627c3cc7fbdf254b0daa00616d6be11dd4cfbc073250942dc9f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
c59c08f2393f7284660d1638427f3504

SHA1
f24e3762fb8bc8d89561971389e83c1148fb1106

SHA256
81ca36eeacc7714314308b7a6d5dd82c72a7cdaca8b8b4c9339bfcb2b26afe4e

SHA512
8a07e91f6e0dbf8ee576bdf756c5a793696c4d1ba857f324f497105262a90027af697c5001935869927655ed537c8c07c1808cfa5f710c2469e0a7b0e5385fb6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
4d30f64c9da630b1a423cfa675ac42ba

SHA1
9efd4115a82f2fee856d7d150aead003ccae94d9

SHA256
6a1f1d8e493e98fd6bd20c7ae588178b4ee5edaafafe6e977e07b1bd34501f17

SHA512
9dae22ea2379d308620d8f59752c02f668fa566f5377363071a8f2c9174c2e86a1c2750f23f3eba139cbfcd96cd71183bafc584f8e5fc56d8d2be48bcb6e7b81

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
28be0e423271d8ef9ca315899b090792

SHA1
545ead49b05ee7b882e5a89fa1d253bf2f411c51

SHA256
a91da5e39747f409e9cdc007a4d0814e34dc3e1db8c6580ff4cf3760437508e1

SHA512
e650b322265f55c803de425b150143a16e2247eac62afb6215e3b9418b2b924e24a0baa3daa7620316bd7a2372d3fcacb5a6d621279614bf01f24f536aae0e4e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
f8b2bb981cf2cf62e969f3c6962171f1

SHA1
1d61d6c0bfc300c73010681eefde4ba3f53a35bc

SHA256
2369b2a7bea05c0711a91d2d4d792be235dc7b6e1f71bb30b28bf887ec881663

SHA512
7ca80b793923cdc0c40c1001b0624eb40f71b13207e85db22b2a9c984434e9c5c45dcf4769241c38f9810a33d96b51e35782662d0182fd227caf65a2aa27f45d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
1e87a73477901d0ce6371e48177bedfa

SHA1
405a4c4207c36d825df1d7b509c4f69bd498e87f

SHA256
7c39b1c5b6c7d01c0263e56daf2b4e3eb9c9a8a5a8a5b50f2ded2b56991e377e

SHA512
97a76e043e7e1f60416d0f2e45c964e5e357c4268fba1b8e6ca99776aceb52bccc5e44584e50b18be1b2fcdeba5dc3c2e5b63f9f7e4f24ae884a941f3be4fa51

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
78f3ad18572a06d88c04ff1c3c164cd2

SHA1
5e74d8c535ee0ab7b2cb7f376553715bdcbc593a

SHA256
708f69f710516ceaa13d3bd86e78e3f1ab1db863fc3560e303157f91e9716a6d

SHA512
5548642986d4f3868ace853f365a4d8d766016721871916675b9db49053b12812cdfc41ab4e38f14587443ab961ff2d9c71253eda331947026e84ef129df6944

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
0f30546265ee16ad215f770c82bee06a

SHA1
46efd60c29b53155d7960872c4d820e12103678b

SHA256
f6e17b123ae2680f622b2c448ffe0feebdc3b36c69e6cac11f694fe575890422

SHA512
560995b5de198f58dd7fc49651e52d5e8a9fbb1210afd4872eaee51c44fc49b63bd4b3d8755c63319504b9ab2cadc6432d56f7d74e302c4dbd51d2b475ac91fa

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
2e16ed7d9ffd9a7c21f3798dd38dd43c

SHA1
8fb1e7d1a6b9b3640b956dc05c2162a7600a19c1

SHA256
69f127aabf0234ad3098ce50d5023f3527fab4482d3f20fb44ff5b93ba55c258

SHA512
4ef67aae35d3c1f534441d97bc0b6511702fcba6143769e9d93e125dbebf041d2bb8790f66e787582ed736264a9554fdd48fe3eb67fe9c1cf4d374026320a7dc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
d3031203f816383629bd60a1398347b6

SHA1
97e820fb4af61f9236450b1b749a3ef61147b0b0

SHA256
009ac9072ef37fbb2187e01fa77922653c71daabf23adcf706eb449149f2bc8f

SHA512
b79ba8346dc8d7478e0625544397292202ff551b5fe4e9051c88982afb8baab407d4eb4a2fc99dfe7d1229d576985cc7f48955633e6ebc1386a26f53c6a920da

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
35141c07d5a9aca67aac77ae1c2a8600

SHA1
69b01c282a50967b5e4894d8125403dab7e821e9

SHA256
67c59265356595aac1bf097c4e89bdc8b13852d088de1f5ce07197438d9a5fea

SHA512
99c2ff27d33c1534caa4b57dff2d9799eea334a5530c7c8a77e254a9735ad012251cb3783d271d4fb19a9aed3756159e0b299470ca008e70307819673a04c651

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
460a8fec9f9bc5d288da8039474e0b92

SHA1
d6166ec3e41382cfba6c01efb84ad51c939e41a6

SHA256
b5509cc527dbb528892aa552e15e89e609b36d100016006f69f3651b877674bc

SHA512
b4ff379616c3a6043931f47920e3a4018dcd959515a32b821bc83b32be229678f52c376e162f056548f1a31d0d0981040dd9f516cbd4ab4095e691b3d638b7c3

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
5f60246ef7dd74bac3da38d393f3d2b7

SHA1
e5229189739731d79a714e8a765aef491f4b491a

SHA256
314ad9e095c0880166602549c8d04df0e932dfc9ef7dd1d1fd9995a46bc623ad

SHA512
0e9901f740ac78f1cd085d11a5d6920b1b613d6dd9bf54bb3f13f6a18357f14f7f626a02d07af5d1af9c4926629fd0bc50242aef48936831db8a25652d285ce8

Download Submit
memory/2776-149-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-141-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-159-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-163-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-157-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-154-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-153-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-152-0x00007FFBDC0B0000-0x00007FFBDC0C0000-memory.dmp

Filesize
64KB

Download
memory/2776-151-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-150-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-148-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-133-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-147-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-146-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-145-0x00007FFBDC0B0000-0x00007FFBDC0C0000-memory.dmp

Filesize
64KB

Download
memory/2776-144-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-143-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-140-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-142-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-158-0x0000015774E60000-0x0000015774EA2000-memory.dmp

Filesize
264KB

Download
memory/2776-139-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-138-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-135-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-673-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-672-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-674-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-675-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-676-0x0000015774E60000-0x0000015774EA2000-memory.dmp

Filesize
264KB

Download
memory/2776-677-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/2776-136-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-137-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/2776-134-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3868-712-0x000002452B540000-0x000002452B550000-memory.dmp

Filesize
64KB

Download
memory/3868-731-0x0000024533880000-0x0000024533881000-memory.dmp

Filesize
4KB

Download
memory/3868-733-0x00000245338B0000-0x00000245338B1000-memory.dmp

Filesize
4KB

Download
memory/3868-734-0x00000245338B0000-0x00000245338B1000-memory.dmp

Filesize
4KB

Download
memory/3868-735-0x00000245339C0000-0x00000245339C1000-memory.dmp

Filesize
4KB

Download
memory/3868-696-0x000002452B440000-0x000002452B450000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads