| 48511 |
2020-07-20 14:08
|
index.doc b60e35e93dbbbc16b3e578ec6645c562
VirusTotal Malware unpack itself |
|
|
|
|
2.2 |
M |
37 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48512 |
2020-07-20 14:06
|
23d3382.hta d8c6560478cca57bb84a2c37228c44bf
Malware Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces malicious URLs human activity check Tofsee Interception ComputerName DNS |
5
http://www.hajjinfo-org.tar-gz.net/plugins/15984/11992/true/true/
http://swupmf.adobe.com/manifest/60/win/reader9rdr-en_US.upd
http://swupmf.adobe.com/manifest/60/win/AdobeUpdater.upd
http://www.hajjinfo-org.tar-gz.net/cgi/8ee4d36866/15984/11992/28673f34/file.hta
https://cdn-m1l.net/202/n0gbg3QzgawhZHfdd8e5v2uXl2Q6dymqpyraEjMN/15984/11992/1b31ea0f
|
3
169.239.128.142
185.225.19.64
23.212.12.57
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible HTA Application Download
|
|
6.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48513 |
2020-07-20 14:01
|
http://agoty.org/wp-content/up... b60e35e93dbbbc16b3e578ec6645c562
VirusTotal Malware Code Injection exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed |
2
http://agoty.org/wp-content/uploads/1569700949_aQmJGB6jChk2g_6711054_esaD78/e0n1mn2x_6ygf_41wR_vLbhodeZ/05uoy_108vytsx7/
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
|
2
109.74.200.201
216.58.220.110
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
M |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48514 |
2020-07-20 13:44
|
index.doc b60e35e93dbbbc16b3e578ec6645c562
VirusTotal Malware |
|
1
teredo.ipv6.microsoft.com()
|
|
|
1.0 |
M |
37 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48515 |
2020-07-20 13:41
|
23d3382.hta d8c6560478cca57bb84a2c37228c44bf
Code Injection RWX flags setting unpack itself Windows utilities Windows |
|
|
|
|
2.2 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48516 |
2020-07-20 13:39
|
index.doc b60e35e93dbbbc16b3e578ec6645c562
Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee DNS |
5
http://www.szhealthshield.com/websiteguide/k82i/
https://digitalcon7.net/wp-snapshots/0Wn/
https://exam.ylsbmeirong.com/data/tjEyH973/
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
https://update.googleapis.com/service/update2?cup2key=10:616390958&cup2hreq=a32c267c8d5d3ad228c9b82cbf2e70cb8d8956df84658eec24e35e7161705363
|
8
104.18.37.221
104.247.221.104
122.114.105.25
172.217.161.46
172.217.161.67
177.144.135.2
207.246.99.156
5.61.27.215
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.0 |
M |
37 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48517 |
2020-07-20 13:33
|
23d3382.hta d8c6560478cca57bb84a2c37228c44bf
Malware Code Injection Malicious Traffic unpack itself Windows utilities malicious URLs Tofsee Windows DNS |
2
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
https://update.googleapis.com/service/update2?cup2key=10:3853635478&cup2hreq=92a7148437394b58f7ec4abd157fc4e0117c52535a660c1e0d7b4db923123f53
|
2
172.217.175.35
172.217.26.46
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48518 |
2020-07-20 13:23
|
index.doc b60e35e93dbbbc16b3e578ec6645c562
Vulnerability VirusTotal Malware Malicious Traffic unpack itself Tofsee Windows DNS |
7
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://redirector.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://www.szhealthshield.com/websiteguide/k82i/
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
http://r4---sn-3u-bh2lk.gvt1.com/edgedl/release2/chrome/AIVpFp8WHZ7NkXF3-7GiVZ8_84.0.4147.89/84.0.4147.89_83.0.4103.116_chrome_updater.exe?cms_redirect=yes&mh=1m&mip=175.208.134.150&mm=28&mn=sn-3u-bh2lk&ms=nvh&mt=1595218635&mv=m&mvi=4&pl=18&shardbypass=yes
https://digitalcon7.net/wp-snapshots/0Wn/
https://exam.ylsbmeirong.com/data/tjEyH973/
https://clients2.google.com/service/check2?crx3=true&appid=%7B430FD4D0-B729-4F61-AA34-91526481799D%7D&appversion=1.3.35.452&applang=&machine=1&version=1.3.35.452&userid=&osversion=6.1&servicepack=Service%20Pack%201
https://update.googleapis.com/service/update2?cup2key=10:3142658371&cup2hreq=cf2f3cb8d5a7301ab26b66dff96030933f9fec2c53bb1447c1790d5bd89e87b0
|
10
104.247.221.104
122.114.105.25
172.217.161.78
172.217.175.35
172.217.25.238
172.67.154.24
177.144.135.2
207.246.99.156
5.61.27.215
59.18.30.143
|
3
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
ET INFO EXE - Served Attached HTTP
|
|
6.0 |
M |
37 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48519 |
2020-07-20 13:09
|
http://www.nalara1220.o-r.kr c032bb944d6fba21799bd5a4df5b6122
Dridex Malware Code Injection Creates executable files RWX flags setting exploit crash unpack itself Windows utilities malicious URLs Tofsee Windows Exploit DNS crashed |
11
http://www.nalara1220.o-r.kr/main.jpg
http://www.nalara1220.o-r.kr/CSS/css/lightslider.css
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
http://www.nalara1220.o-r.kr/
http://www.nalara1220.o-r.kr/main.jsp
http://www.nalara1220.o-r.kr/intro/bizintro_soca2.jpg
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://www.nalara1220.o-r.kr/favicon.ico
http://www.nalara1220.o-r.kr/CSS/js/lightslider.js
http://www.nalara1220.o-r.kr/CSS/mainC.css
http://www.nalara1220.o-r.kr/intro/bizintro_soca1.jpg
|
3
117.18.232.200
172.217.31.170
35.226.40.154
|
3
ET INFO TLS Handshake Failure
ET JA3 Hash - Possible Malware - Unknown traffic associated with Dridex
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
4.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48520 |
2020-07-20 12:35
|
https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1
VirusTotal Malware Code Injection Check memory Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk Firewall state off VM Disk Size Check Tofsee Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
|
2
|
1
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
7.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48521 |
2020-07-20 12:29
|
https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
8
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
http://client.winamp.com/update/client_session.php?v=5.8&ID=D5548C8400A9A44289C9EA33A2D39242&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://client.winamp.com/update/latest-version.php?v=5.8&ID=D5548C8400A9A44289C9EA33A2D39242&lang=en-US
http://client.winamp.com/update?v=5.8&ID=D5548C8400A9A44289C9EA33A2D39242&lang=en-US
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://client.winamp.com/update?v=5.8&ID=D5548C8400A9A44289C9EA33A2D39242&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
|
4
117.18.232.200
172.217.175.100
31.12.71.55
5.39.58.66
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
14.8 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48522 |
2020-07-20 11:40
|
https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
8
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exe
http://client.winamp.com/update?v=5.8&ID=1F9966D88DF3CC43A45B0C947D56821D&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://client.winamp.com/update?v=5.8&ID=1F9966D88DF3CC43A45B0C947D56821D&lang=en-US
http://client.winamp.com/update/latest-version.php?v=5.8&ID=1F9966D88DF3CC43A45B0C947D56821D&lang=en-US
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://client.winamp.com/update/client_session.php?v=5.8&ID=1F9966D88DF3CC43A45B0C947D56821D&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
|
4
117.18.232.200
172.217.161.36
31.12.71.55
5.39.58.66
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP
|
|
15.4 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48523 |
2020-07-20 11:31
|
https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1
VirusTotal Malware Code Injection Check memory Creates executable files exploit crash unpack itself Windows utilities AppData folder malicious URLs Tofsee Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
|
2
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
6.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48524 |
2020-07-20 11:21
|
https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1
VirusTotal Malware suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted heapspray Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities AppData folder malicious URLs AntiVM_Disk sandbox evasion Firewall state off VM Disk Size Check human activity check installed browsers check Tofsee Ransomware Interception Windows Exploit Browser ComputerName DNS crashed |
7
http://client.winamp.com/update/latest-version.php?v=5.8&ID=352446B6ED81984596E691C8B7F66100&lang=en-US
http://client.winamp.com/update/client_session.php?v=5.8&ID=352446B6ED81984596E691C8B7F66100&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
http://client.winamp.com/update?v=5.8&ID=352446B6ED81984596E691C8B7F66100&lang=en-US
http://client.winamp.com/update?v=5.8&ID=352446B6ED81984596E691C8B7F66100&st1=0&st2=0&st3=0&st4=0&st5=0&st6=0&st7=0&st8=0&st9=0&st10=0&st11=0&st12=-1&st13=0&st14=0&st15=0&st16=0&st17=0&st18=0&st19=0&st20=0&st21=0&st22=0&st23=0&st24=0&st25=0&st26=0&lang=en-US
https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
|
5
106.10.250.10
117.18.232.200
172.217.175.68
31.12.71.55
5.39.58.66
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
15.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48525 |
2020-07-20 11:14
|
https://download.nullsoft.com/... 3017f921a6c42a267842cc8bae9384c1
VirusTotal Malware Code Injection Check memory Creates executable files RWX flags setting exploit crash unpack itself Windows utilities AppData folder malicious URLs Windows Exploit DNS crashed |
3
http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
https://download.nullsoft.com/winamp/client/winamp58_3660_beta_full_en-us.exe
https://download.nullsoft.com/winamp/misc/winamp58_3660_beta_full_en-us.exe
|
2
|
|
|
7.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|