| 166 |
2023-07-27 10:30
|
 photo340.exe f0c28816a58f907591e5e014e049024a
Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL .NET EXE PE64 Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files RWX flags setting unpack itself Windows utilities Disables Windows Security Collect installed applications Check virtual network interfaces suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Kelihos Tofsee Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader |
5
http://77.91.124.47/anon/an.exe
http://77.91.124.47/new/fotod250.exe
http://77.91.68.61/rock/index.php - rule_id: 35495
http://77.91.68.248/fuzz/raman.exe
http://77.91.124.47/new/foto5566.exe
|
7
files.catbox.moe(108.181.20.35) - malware
77.91.68.61 - malware
108.181.20.35 - mailcious
77.91.124.84 - mailcious
77.91.124.47 - malware
77.91.68.248 - malware
141.94.192.217
|
19
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET MALWARE Possible Kelihos.F EXE Download Common Structure
ET INFO Dotted Quad Host DLL Request
ET INFO Packed Executable Download
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://77.91.68.61/rock/index.php
|
17.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 167 |
2023-07-27 10:32
|
 fotod250.exe afed523b82c39015e5e8eb6f55906537
Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
1
http://77.91.68.61/rock/index.php - rule_id: 35495
|
2
77.91.68.61 - malware
77.91.124.84 - mailcious
|
12
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Dotted Quad Host DLL Request
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://77.91.68.61/rock/index.php
|
15.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 168 |
2023-07-27 10:34
|
 foto5566.exe 1608f0e5d9b277a7ba7fb25f736b8c74
Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
1
http://77.91.68.61/rock/index.php - rule_id: 35495
|
2
77.91.68.61 - malware
77.91.124.84 - mailcious
|
11
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
ET INFO Dotted Quad Host DLL Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://77.91.68.61/rock/index.php
|
15.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 169 |
2023-07-27 10:36
|
 foto5566.exe 310049edb1a276ebf198060d9cd3bc5d
Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
1
http://77.91.68.61/rock/index.php - rule_id: 35495
|
2
77.91.68.61 - malware
77.91.124.84 - mailcious
|
11
ET INFO Dotted Quad Host DLL Request
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
1
http://77.91.68.61/rock/index.php
|
15.6 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 170 |
2023-07-27 10:40
|
 an.exe 691a54b032d616e5f9303557ffd49add
Gen1 Emotet UPX Malicious Library CAB PE64 PE File .NET EXE PE32 VirusTotal Malware AutoRuns PDB Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder Tofsee Windows Remote Code Execution Cryptographic key |
|
2
files.catbox.moe(108.181.20.35) - malware
108.181.20.35 - mailcious
|
2
ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
5.4 |
M |
11 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 171 |
2023-07-30 09:05
|
 new.EXE c36f10074bd560df1341aeb405b23641
Gen1 Emotet UPX Malicious Library Malicious Packer CAB PE64 PE File OS Processor Check VirusTotal Malware AutoRuns PDB Creates executable files WriteConsoleW Windows Remote Code Execution |
|
|
|
|
3.4 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 172 |
2023-07-31 07:42
|
 Tumeg.exe e5655066c86f74f6b444f66f3222ce07
Gen1 Emotet UPX Malicious Library Antivirus CAB PE File PE32 VirusTotal Malware AutoRuns PDB Check memory Creates executable files unpack itself Windows utilities AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution |
|
|
|
|
4.6 |
|
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 173 |
2023-08-01 08:09
|
 photo443.exe e248dada31a4ae88394b5c8363218701
Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.61/rock/Plugins/cred64.dll - rule_id: 35515
http://77.91.68.61/rock/Plugins/clip64.dll - rule_id: 35516
http://77.91.68.61/rock/index.php - rule_id: 35495
|
2
77.91.68.61 - malware
77.91.124.156 - mailcious
|
12
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET INFO Dotted Quad Host DLL Request
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET MALWARE Redline Stealer Activity (Response)
ET INFO Packed Executable Download
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
3
http://77.91.68.61/rock/Plugins/cred64.dll
http://77.91.68.61/rock/Plugins/clip64.dll
http://77.91.68.61/rock/index.php
|
16.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 174 |
2023-08-04 09:09
|
 lega.exe 253dcfc72aa745e063bc035a1e93daab
Gen1 Emotet UPX Malicious Library CAB PE File PE32 Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Check memory Checks debugger WMI Creates executable files unpack itself Disables Windows Security Collect installed applications AntiVM_Disk VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
|
2
45.33.6.223
77.91.124.156 - mailcious
|
5
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
|
|
11.4 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 175 |
2023-08-07 08:36
|
 fotod250.exe 08141df58f30575861b2c703dc47c3a9
Gen1 Emotet Amadey SmokeLoader RedLine Infostealer RedLine stealer UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer .NET framework(MSIL) Confuser .NET AntiDebug AntiVM CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader |
7
http://77.91.68.1/smo/du.exe
http://77.91.68.61/rock/index.php - rule_id: 35495
http://77.91.68.1/new/foto5566.exe
http://77.91.68.61/rock/Plugins/clip64.dll - rule_id: 35516
http://77.91.68.1/new/fotod250.exe
http://77.91.68.61/rock/Plugins/cred64.dll - rule_id: 35515
http://77.91.68.3/fuzz/faman.exe
|
4
77.91.68.61 - malware
77.91.68.3 - malware
77.91.68.1 - malware
77.91.124.156 - mailcious
|
15
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET INFO Executable Download from dotted-quad Host
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET MALWARE Redline Stealer Activity (Response)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Dotted Quad Host DLL Request
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
|
3
http://77.91.68.61/rock/index.php
http://77.91.68.61/rock/Plugins/clip64.dll
http://77.91.68.61/rock/Plugins/cred64.dll
|
18.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 176 |
2023-08-07 08:36
|
 foto5566.exe c5f81f9b7d05d70a0a105b06fc16ce31
Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
3
http://77.91.68.61/rock/Plugins/cred64.dll - rule_id: 35515
http://77.91.68.61/rock/Plugins/clip64.dll - rule_id: 35516
http://77.91.68.61/rock/index.php - rule_id: 35495
|
2
77.91.68.61 - malware
77.91.124.156 - mailcious
|
11
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET INFO Dotted Quad Host DLL Request
ET MALWARE Redline Stealer Activity (Response)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
|
3
http://77.91.68.61/rock/Plugins/cred64.dll
http://77.91.68.61/rock/Plugins/clip64.dll
http://77.91.68.61/rock/index.php
|
16.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 177 |
2023-08-08 09:16
|
 foto4060.exe 154cfd11c188d2d5b6b2aef4c5b36f13
Gen1 Emotet Amadey RedLine Infostealer RedLine stealer Browser Login Data Stealer SmokeLoader UPX Malicious Library Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Confuser .NET Malicious Packer CAB PE File PE32 OS Processor Check DLL .NET EXE Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check human activity check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed Downloader |
8
http://193.233.254.61/loghub/master
http://77.91.68.1/smo/du.exe - rule_id: 35705
http://77.91.68.61/rock/index.php - rule_id: 35495
http://77.91.68.61/rock/Plugins/clip64.dll - rule_id: 35516
http://77.91.68.1/new/fotod360.exe
http://77.91.68.1/new/foto4060.exe
http://77.91.68.61/rock/Plugins/cred64.dll - rule_id: 35515
http://77.91.68.3/fuzz/faman.exe - rule_id: 35706
|
5
77.91.68.61 - malware
77.91.68.3 - malware
193.233.254.61
77.91.124.156 - mailcious
77.91.68.1 - malware
|
16
ET INFO Executable Download from dotted-quad Host
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET INFO Dotted Quad Host DLL Request
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
|
5
http://77.91.68.1/smo/du.exe
http://77.91.68.61/rock/index.php
http://77.91.68.61/rock/Plugins/clip64.dll
http://77.91.68.61/rock/Plugins/cred64.dll
http://77.91.68.3/fuzz/faman.exe
|
17.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 178 |
2023-08-08 09:19
|
 fotod360.exe de76c534160e914236dd0a7a0e9cb68f
Gen1 Emotet Amadey UPX Malicious Library Admin Tool (Sysinternals etc ...) Malicious Packer CAB PE File PE32 OS Processor Check DLL Browser Info Stealer RedLine Malware download Amadey FTP Client Info Stealer Malware Microsoft AutoRuns PDB suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities Disables Windows Security Collect installed applications suspicious process AppData folder AntiVM_Disk WriteConsoleW VM Disk Size Check installed browsers check Stealer Windows Update Browser ComputerName Remote Code Execution DNS Cryptographic key Software crashed |
4
http://77.91.68.61/rock/Plugins/cred64.dll - rule_id: 35515
http://193.233.254.61/loghub/master
http://77.91.68.61/rock/Plugins/clip64.dll - rule_id: 35516
http://77.91.68.61/rock/index.php - rule_id: 35495
|
3
77.91.68.61 - malware
77.91.124.156 - mailcious
193.233.254.61
|
13
ET INFO Microsoft net.tcp Connection Initialization Activity
ET MALWARE Redline Stealer TCP CnC Activity
ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)
ET MALWARE Redline Stealer TCP CnC - Id1Response
ET MALWARE Redline Stealer Activity (Response)
ET INFO Dotted Quad Host DLL Request
ET INFO Packed Executable Download
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
ET MALWARE Amadey CnC Check-In
ET MALWARE Win32/Amadey Bot Activity (POST) M2
|
3
http://77.91.68.61/rock/Plugins/cred64.dll
http://77.91.68.61/rock/Plugins/clip64.dll
http://77.91.68.61/rock/index.php
|
16.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 179 |
2023-08-12 18:57
|
 photo551.exe 16ca62cfbd303242d39ccc6084c1e6f7
Gen1 Emotet UPX Malicious Library CAB PE File PE32 AutoRuns PDB suspicious privilege Check memory Checks debugger Creates executable files unpack itself Windows utilities Disables Windows Security suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Update Remote Code Execution |
|
|
|
|
7.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 180 |
2023-08-18 07:41
|
 foto4055.exe 3e829ce0029df6886e3e865dc44860b0
Gen1 Emotet Malicious Library UPX PE File CAB PE32 AutoRuns PDB Check memory Creates executable files unpack itself Windows utilities suspicious process AntiVM_Disk WriteConsoleW VM Disk Size Check Windows Remote Code Execution |
|
|
|
|
4.2 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|