7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a

Analysis

max time kernel
202s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2023 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Size

25.9MB
MD5

8e88f7a82ca9535bddace13795813e8e
SHA1

bdf8fb91a3619b97877dc9a10de50e95fa1fe3b5
SHA256

7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a
SHA512

0320db3ef7a33a78efa0cb0875b2a79a6f6e750f23b43139abe48f7c516d5b7e31772fb84c347b66734390efd37bff1b23c0ebd2011d6df1366531a111d1380f
SSDEEP

196608:BmXXTYoIKX52VJjG8Lo7CeJy5k0gYIek5LlKoq8h02MbPOE4:BIlIKX52VE7WA5LlKoq8JMb8

Score

5^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe

Loads dropped DLL 64 IoCs

pid	Process
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
2192	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\InProcServer32	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\InProcServer32	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 32 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance\InitPropertyBag\TargetFolderPath = "C:\\Users\\Admin\\hiveDisk"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\ = "hiveDisk"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance\CLSID = "{0E5AAE11-A475-4c5b-AB00-C66DE400274E}"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance\InitPropertyBag\Attributes = "17"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\ShellFolder\Attributes = "4034920525"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\SortOrderIndex = "66"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\ShellFolder	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\ShellFolder\FolderValueFlags = "552"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\ShellFolder	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\DefaultIcon	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\hive-desktop\\HiveCloudBridge\\Icons\\Drive.ico"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\System.IsPinnedToNamespaceTree = "1"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\InProcServer32	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance\InitPropertyBag	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\InProcServer32	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\ShellFolder\Attributes = "4034920525"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance\InitPropertyBag\TargetFolderPath = "C:\\Users\\Admin\\hiveDisk"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\hive-desktop\\HiveCloudBridge\\Icons\\Drive.ico"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\System.IsPinnedToNamespaceTree = "1"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\InProcServer32\ = "%SystemRoot%\\system32\\shell32.dll"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance\InitPropertyBag	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\Instance\InitPropertyBag\Attributes = "17"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\ShellFolder\FolderValueFlags = "552"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\DefaultIcon	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\ = "hiveDisk"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\WOW6432Node\CLSID\{961BE46E-E22D-4110-A2DD-92CE098EBE31}\SortOrderIndex = "66"	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Hive CloudBridge\C\Users\Admin\hiveDisk\ServerDataV5\1688849860408098:ItemIdentity	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
File created	C:\Users\Admin\AppData\Local\Hive CloudBridge\C\Users\Admin\hiveDisk\ServerDataV5\1688849860408098:LocationData	7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe

C:\Users\Admin\AppData\Local\Temp\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe
"C:\Users\Admin\AppData\Local\Temp\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
- NTFS ADS
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\HiveCloudBridge.dll

Filesize
367KB

MD5
874894201cde2625cb7e27a27a32356c

SHA1
0f2275817e6b784e82d7050eeb1c268f3c54d358

SHA256
c9a238dadb3158f5a0c2aaaae42b5da26bdb6da780b0a6a2301d2d816f72fccd

SHA512
5c8fce1a569ccd53bff01d76e1e2b99343dd08f6767c24647c58baa45d0e29b891fe3cf834c9100da52ed5258218efb8cdfe82de9239f3de23971183c2f7e5af

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\Microsoft.Win32.Primitives.dll

Filesize
8KB

MD5
c09937f68e2e72f86f05797479e173e4

SHA1
b0afbaaa3875542a2578f6d6ca3aaaa50c3b1045

SHA256
b7667eae29090714cab539afb8433ee12e6773563ac773b67cbecaf2bb41c9a8

SHA512
6660382f98bf7cd8f8274785e22da1f4c5c835c2bb812993fdeac866d64873255dbae9f4f3ea5c59347266d6e1e379b9bec689081460e52182586053462842ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Collections.Concurrent.dll

Filesize
48KB

MD5
81323fe98eb0e7d47989896c564dd639

SHA1
82daccc9800b310a75b5418929c12c8e12374bb1

SHA256
f4bf911df2f0e9c8e0679635a3ddbf48e0ec962ba8b06180258b738b77575e51

SHA512
d78eaedfb8220efb6c351cf99568dc80a85ac810b1d368cde44aa5abac3df060a30efbcb780616c512cec939fcb1479f0969408e85b0934c02cf988d41d6900a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Collections.dll

Filesize
27KB

MD5
c69b0202cc53956649e95e3aacb1e58d

SHA1
680f0b6e45837ab5fccf3cfc972e1c1d0115e924

SHA256
39ef2bd6e74523991dd242994f0316fdba1c36c4f1777fd6fab30183b1046576

SHA512
10970b5837032d39fc0132f30d0e40a5ddd3ac9fafd1b7624010d39bfa51d595d10895cf0bc444c59935cd89fa0f09a73ff4723ac1cdfe5361b182ed7e85088c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.ComponentModel.Primitives.dll

Filesize
19KB

MD5
be1d3c5f75f9074fa7bc5cd932b718e3

SHA1
19c89a6aa658c1b80196379811e06424464d92a3

SHA256
d75b9620fc98e635ed1ad82d8ba309fdf8442cf3ce9cb807be314afbf610d079

SHA512
8e6618b2c4a70527df57d20716985dd2d947b48f49a76f03240ad387f9ce8a2d4f98e5c05b6eea609bfa254e270b78d8b3a858b8bee8811b982ddca87e6c2427

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.ComponentModel.dll

Filesize
5KB

MD5
5f8e5b26890865b3a77fe6e58ebd8e85

SHA1
5ffe4a168a60b304e03618bd5a1c072fdd89a664

SHA256
257c7d0abf221767e29d0fb622c2848682b835afeae35ce9640c93d9f309a2d8

SHA512
ced04d77b6eedc5f7e5ef4e38f97c84ef28a8daefbf38370352c026544d34b8521e0eecdba3f75fcc14ca5514fbd1d7df33fe824536f20d743f46f12792d8616

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.IO.FileSystem.AccessControl.dll

Filesize
16KB

MD5
1997bae367f86e53dbe9dd0cf4bdf10b

SHA1
d4e31efc5e4cee1dd3767c16181436677bb5b7e4

SHA256
5cc66c6a2347d09939d777061b9bcc3a9a2bb55d93f8a03799b728b718cfd4c2

SHA512
546c776e5f6d60bbfe98f0964cb7f8bed6308a7c9db8799ae14611b0e400a25dda90dba60c9e8d71350484829298631519dee4b91134bc3826f0d38596ab15dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.IO.FileSystem.DriveInfo.dll

Filesize
16KB

MD5
331b2c746f5e0d8d23ae4b72a845564b

SHA1
4adf1a27d234a82828dd9d72c4973499df6d971c

SHA256
ced4e9a148cc3a2704bb3a6d1e393fa31864aa0da9e3e6752102d46a4fd9dc1a

SHA512
00e14b55a0df5a1edf831c655f4e9ba19a25a7f1daad33749a8efbac9c52383c2543a530b5bdd567f922ff5d5905b90b145f2fa5c38e2f0eee80e48acbc679c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.IO.FileSystem.Watcher.dll

Filesize
26KB

MD5
1b3db28af96e04e7efa3ab5cab413358

SHA1
e900cd1163c71ec602534b6b1ddcf4ce2c802b44

SHA256
c578ccd9a56d29eb914b6ede2127092e5978edb59e3525f6ef17b2dea85fc238

SHA512
8a64cd372d3f5c646f3c84a1ba0ed311fa9c52e6c14f6a97d43fa84c48acb9fa869f0b8f25736e2967af6e13591be37c310d643dcb49248e596cde2421c11eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.IO.Pipes.dll

Filesize
42KB

MD5
0d5b8734b795513ec258319e69aa2ef6

SHA1
eb9bbccc4c7c9f9b917c96605bf30a6586654cf0

SHA256
7e129aa7e87d73e82451a23b2fd03a67d63ab20a08cab4e8a4daa0b404ed4bf4

SHA512
051b9dfcf503b3685e07a70a9c5899ffcc658d8d00626f8f06af23202c8b798c36ea94a60a8d06a2da5ae15778539d86c79b3b6dcd6b1c802abf1e0feb803ba0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Linq.Expressions.dll

Filesize
490KB

MD5
6e5ef1deebe6d470cbaf78118c1143a9

SHA1
c41f7bd884ec68c361f10ba29dd8ac7d30b3001f

SHA256
ee3dca587183987d143f5db9ec767fd51982746a747259c4d0c08a011a18ce0c

SHA512
76c4b5f819ad9231302de1edbabc6092776ba3d2bf08354c21957764d2895a8ed6cc46a66fe7ff5156e8ed69a35ca3932f4d87260f9fc862146e698ac7b6cd81

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Linq.dll

Filesize
72KB

MD5
d38a7302712d3b9f2944b97c17bd46fa

SHA1
562999522af534370582c333b7634c931a9ed3e7

SHA256
8752df977be8766c4ae4f57196e056d4387ccfd35c5c10652ab262802ee3af7f

SHA512
346057466dbb0305e0e82b4c10409f55fc0ac63c099e74906c65d92ecfc953bb4fc5fd2bf81fe41393fb0cfd322e03e2682ba5c765efe09f9f7c236fc1e14385

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Http.dll

Filesize
555KB

MD5
53a0908f7a2a38f99a61217a5eb855ea

SHA1
c53332dadc1b15b8e5a611c3c0f902394fbb62be

SHA256
6a0eee3e80ba377e61a07de7d23426a5650c6163ac6078ff21e1f03c48d34dbe

SHA512
e55a78d261984935f77b995a61d34684876e833fbde4fdef7d4da5a1c6770188f81158748a648c8dcf62042d79521f2c12b56d4b5ebbb5d75454297f9785bf69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Mail.dll

Filesize
145KB

MD5
3488e37131d92f6cb12061f96b53aef1

SHA1
1ff028e2e29dd77402419a94e381d6511b06db6b

SHA256
bf6604041b87ddeae77b651bc49acb1dd741029761e4ae5c3014caa58b7289dc

SHA512
8ab123bf4bdfe86b147dd21ac71e3d2d423770d94ae2d3f7f2e42959f9a7c657a4e82dfe8050aae88178066c7773bc58ce2f069f9c0b902915894e39b94aff55

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.NameResolution.dll

Filesize
31KB

MD5
ac628edcf7503d7a596069fdb0193ac2

SHA1
11ea9278b811f146539614487dc5dec66f51db8e

SHA256
9ea609edc3ab4d94b27372fd640b248be3f20f651efe2aa725eda36bb25c8b91

SHA512
0fe221df67c20ff8c263a36e0a07a03109af1132b424c8b19eae73159769bb2cab2fdaaf0ff7bfc32505652d8169ac46dbdfc95f0b357e9df4eea84d7bd25df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.NetworkInformation.dll

Filesize
33KB

MD5
83bfbb9275fdaf9966c85c347c013ff9

SHA1
48e3fc249a68075a2a8552c246f411e41eb6d465

SHA256
ba389134fadf58df36efc54ddd0da01d3fdcba5a8e94df5be539b853a144a9c0

SHA512
651fac41573359bf9106e550a2b826f0a6fcf4c9bc8c25af03e1eec1db0fcb497a974e9d00cde2a784fd0ae16a8b9d340d16b9cfe554a64a3669f20b046cbf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Primitives.dll

Filesize
67KB

MD5
468a3fc55e01642000acee0b075f378c

SHA1
5c7f5400e0c2dfd5948bef19b39b031db848f15b

SHA256
71a62e2ea3abf557ec5708623ad81fac83e51b49ddfa06e136c27a3364ae1534

SHA512
7871e3edfbd200a4b6d6a3d9825a6370ab40790916df0503f902b65cc674d983a23c41b57600b1f3096e37451ab09534fc866d994c93637af491545b09010646

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Quic.dll

Filesize
92KB

MD5
a566dc6f828e0260c0e0da4dad969d9d

SHA1
3ef6d2ab5b1e7add6006c12b4dfd63ec6fe0d629

SHA256
b615b34bfaaace61f6b82819e4ad421003b8638a5da28e5c14e39a10f59c51ac

SHA512
ef7d264dc50d63c9a2ab607c7db6099d450f5a9fc05c83b66ab09ce2e41b93063c66e5bb62fa4e5e609dcf6ef07d57c0cfcc7601f9a19f308ec9b9af21f2635b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Security.dll

Filesize
173KB

MD5
b127573cb12d4d553a6c561d55e32cea

SHA1
88e8b27d340ddd030ff8c7a0a42bbf4d8875ca77

SHA256
3ad71dbf4b25dd31e2c6b2247c3c907747e139a64609f1398abb33894d15ee4c

SHA512
10b38e5dd64325bff1ff1b5fe0324614c06bb1572911418aab777611a8b76f9c682c4284b436eaa308fba1e19d12ee9e5f4a57ccaa375479378b1b233c463284

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Net.Sockets.dll

Filesize
109KB

MD5
f2a57ef8b46b963b7977c15ba4dbf897

SHA1
535555d555bd82902f7060daf36c9c7b47c1031e

SHA256
a1fd75325b1072381a94dbec91a7919f1acffe56839f20dbe0ebfc9f599450fd

SHA512
0fb3a2c49430596e7be65c503149741a05db2281a690a20808c617496fae1ef6fdb81a2dcbd317fdc9cdbd1a53d85b9e8817a3eab5ebfe8c5ac3d8e595415095

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.ObjectModel.dll

Filesize
29KB

MD5
f378685a9cd096dae1d1d3cb0073a8f1

SHA1
7dacaf279361bc81e24b87d2811135691cc675ac

SHA256
372ca80aa606cf3f77dbd7c2446f34f1e7296f23ed19d3ff1c5f760dcb0a9d1b

SHA512
4d6643a91a5e9e0b877f3e3cbc04eb6dc12d8d81b5e9309756625c227a27467dd6cc84a7f3fcfa36750416550ae0813217a09e0f8a40d4fd6a0cbc24939869d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Private.CoreLib.dll

Filesize
2.5MB

MD5
df037c4fcb2e143e544df62906058694

SHA1
f94e22e88f36cef0be922c36d2ae9292308c0001

SHA256
ded5ad159b042593f22e5af3970a101251475e6d05260e6e2294968f0b5ba2f3

SHA512
dbcf292f71eb76e82d168d77608df541ccb6b64d5fc15c3fd0f21aaf792fa4aa8204acd262f95a6903d593c1d5c12e0def8b8894a233168f1eba58e49659c5ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Private.Uri.dll

Filesize
75KB

MD5
a76d091e4759af1ba34fd90b25d99dbb

SHA1
6badeb9fbd8e216905e392635790b25f4f1234a8

SHA256
17efa5a20ca97f7994701193efd7758aa827c147e94c96ed2cadba4fd1a24553

SHA512
dcae0db95cb8ac92c3786d907736bdb584167399c9656d23172c6ce87a4d0e873d3319be745cf177af7295c8fccac9c9a2a122aac96d30bed4a12b3c5e326584

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Runtime.CompilerServices.Unsafe.dll

Filesize
5KB

MD5
c1e547308016f27679bcceda279e398d

SHA1
403a073ca5fb43e7dd868cf535735bb78b137c49

SHA256
f894ec740edade3bd17e90a3fbcdf918c1ef9c41234b42494ecea5ea4d84c048

SHA512
ed5f96201c4c5ea109d909331f84ab604fd36e7db285bb0b045cdf4852578452bb2c320bf78289bf6f5b14878be58550f98dd7e9cf5dff6bf6b79a8726cea51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Runtime.InteropServices.RuntimeInformation.dll

Filesize
10KB

MD5
b0e7b51ea6e32b6e1954df99e7e55bf6

SHA1
fddd99335165cc7ecb2400d0ed70a3b261c94e82

SHA256
269b9f5239434cb56349bf141cb45753bb3ec7ee3c875db9b74f928247b4bcfc

SHA512
a78dbd0e0aef7d66b54c230ce221a00640d3485485b038f8003167be931e526d8b840a025243826ab79a0c80486348b9a583d55e7aacdc341d5773571765dd3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Runtime.InteropServices.dll

Filesize
7KB

MD5
1d481995e34773c17d7af590cbb915d3

SHA1
dc1c2d542ddc4849a9085c09f944beeabb45e2f1

SHA256
be4816d230e686cf961c22d62e00eb375047908201fda7e73411b00b7679ab08

SHA512
f28da768ad28af2050d039384cb0f84c629f7c2ccbf5f99607867f6b8eb7637c64be9d3856d9e2139f4814127d2b28cee9ec9959d04c5e9cf43a1ca4d7b21e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Claims.dll

Filesize
15KB

MD5
4fc3f15c149085f68ab0f138ba139985

SHA1
60db45338b4c347141b9aecf999bb1119853d5b5

SHA256
73fe08c2a568fef8962d1ba2faeb7165ac8182922b27dc9e9667bb468eb5877e

SHA512
e772d4ad752347ab6f619140fc74c651fb34f48c68589d3da3939ceee1e2b07ff830a3edf1c174e8059323ff68bcfd6ede446e7a2b104402c19b1f420fbb0c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Cryptography.Algorithms.dll

Filesize
98KB

MD5
3f5dfcfb1cec24cc466fe0c23cb83ed9

SHA1
92505430b0a6536cc221fb28d9febac62ac1e587

SHA256
0307a4241e4bbdea814e0b689d8e598b8ad544f98ea705a7da2549174d8d2bc8

SHA512
667037110881bb720326fa3d867ffd8e3a910bcdf1fd07c5898d00cb88edc7f6a752eab0d79b35dd645b942141529bc81d9c04420fad9cc93271740849355f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Cryptography.Primitives.dll

Filesize
36KB

MD5
aafefae8a72a879ddc76bdd193c8f06c

SHA1
2a177ead7a114e7adec3c2e878a60cb5dc79eb02

SHA256
9b969f88010c5556456b27ff86f306c05d51e4e20c7d1225c2d114cc15e40398

SHA512
c840e0bfaa72a4d7288fe4474e27d38e65b59a40c0d7194d46e2bf42f7bd5da73e477750467a1a52be21c0e6eee33f1372f34c4f936b2d33a2f6e88168b8059c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Cryptography.X509Certificates.dll

Filesize
135KB

MD5
c015c6f22fc6ccc962b755308d82c166

SHA1
6cccc476383995a0dc0a5c131c3eeb7de471977e

SHA256
4e1604b4c7d7184be47989d2893b3499233a22b61ac2e0728e59ab1070e71663

SHA512
40ea4f97392985129c976af22487273f4ae3905c22a388d2ed70bbaf603c6925efd5312c41689504ac18f74bd88b0ec3b8e5c98bd00c565a2a414094db5c8e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Security.Principal.Windows.dll

Filesize
50KB

MD5
1929e96aa80adc6c922f5c3d4c4d385c

SHA1
2de667cd0cbe3508e71ea069ba74b683d08ba76f

SHA256
fe9c9cac9ec6688843de8d91af66f6a2e63ee6f0863b26b2916e26c4b2e7a643

SHA512
5b74479850c4dd96c23327d985337fbcbe33fc64c86d014ba6fa088b7a55611a77848ef57fe68f1d905ee434eae8bf7489cfb5d67fdbca59bb1bf8b4c8d3d828

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\7069eeee98f9537fecabec50ba451ec0d74b1c9c247e1f740715f52df2498b9a\wgo5DPITOY0oLqem8J21hJO1CDRT6A0=\System.Threading.dll

Filesize
17KB

MD5
09c570d3fd6c709ad55cf90e5691d007

SHA1
dd1ee219093f2e48797cc9f24ad6a50a07e838d5

SHA256
f922614d39c635d1d18eccc03c82ddb4b10a9988a3eb7c359191dae304e0ea0b

SHA512
2c684422ec97d7a37890897e9bd723501774935b276c65395d0011fa62df8cee0a82a222105dc2fe8f31ee103155e57d50b7f17356ea7bee143f48e78f1439d2

Download Submit
memory/2192-175-0x00007FF6035D0000-0x00007FF603F41000-memory.dmp

Filesize
9.4MB

Download
memory/2192-159-0x00007FF6035D0000-0x00007FF603F41000-memory.dmp

Filesize
9.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads