| 13231 |
2021-10-07 14:56
|
Swift Copy pdf.exe 604ff60ab55652c44862fad411f633b1
Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE Malware download Nanocore VirusTotal Malware c&c powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed |
|
3
norly519.ddns.net(185.244.30.198) - mailcious
37.235.1.174 - mailcious
185.244.30.198 - mailcious
|
2
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET MALWARE Possible NanoCore C2 60B
|
|
14.6 |
|
36 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13232 |
2021-10-07 15:00
|
Swift Copy pdf.exe 604ff60ab55652c44862fad411f633b1
Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
13.0 |
|
36 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13233 |
2021-10-07 15:05
|
Swift Copy pdf.exe 604ff60ab55652c44862fad411f633b1
Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS crashed |
|
3
norly519.ddns.net(185.244.30.198) - mailcious
37.235.1.174 - mailcious
185.244.30.198 - mailcious
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
14.6 |
|
36 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13234 |
2021-10-07 15:14
|
Swift Copy pdf.exe 604ff60ab55652c44862fad411f633b1
Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS |
|
3
norly519.ddns.net(185.244.30.198) - mailcious
37.235.1.174 - mailcious
185.244.30.198 - mailcious
|
1
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
14.4 |
|
36 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13235 |
2021-10-07 15:22
|
 Swift Copy pdf.exe 604ff60ab55652c44862fad411f633b1
Generic Malware Antivirus DNS AntiDebug AntiVM PE File PE32 .NET EXE Malware download Nanocore VirusTotal Malware c&c powershell Buffer PE AutoRuns PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW human activity check Windows ComputerName DNS Cryptographic key DDNS |
|
3
norly519.ddns.net(185.244.30.198) - mailcious
37.235.1.174 - mailcious
185.244.30.198 - mailcious
|
2
ET MALWARE Possible NanoCore C2 60B
ET POLICY DNS Query to DynDNS Domain *.ddns .net
|
|
14.4 |
|
36 |
조광섭
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13236 |
2021-10-07 15:41
|
 256789876542TRT.exe cbc8ee3ae199445efb1591120d428e6b
PWS .NET framework NPKI Generic Malware Antivirus SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Check virtual network interfaces suspicious process WriteConsoleW IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key DDNS Software crashed |
2
http://checkip.dyndns.org/
https://freegeoip.app/xml/175.208.134.150
|
4
freegeoip.app(172.67.188.154)
checkip.dyndns.org(193.122.6.168)
216.146.43.71
172.67.188.154
|
4
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
ET POLICY External IP Lookup - checkip.dyndns.org
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY DynDNS CheckIp External IP Address Server Response
|
|
16.2 |
|
22 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13237 |
2021-10-07 15:51
|
 wmzr_2021-09-28_12-08.exe 54de310a8f0a06c0141f2c00ee587736
Malicious Library DGA DNS Socket Create Service SMTP Sniff Audio Escalate priviledges KeyLogger Code injection Internet API ScreenShot Downloader AntiDebug AntiVM PE File PE32 OS Processor Check VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Checks debugger buffers extracted unpack itself AppData folder malicious URLs Windows Remote Code Execution DNS keylogger |
|
1
|
|
|
13.8 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13238 |
2021-10-07 15:51
|
 wmzr.exe cbf81c03578922e3b7137fbfd87c76c4
Malicious Library DGA DNS Socket Create Service SMTP Sniff Audio Escalate priviledges KeyLogger Code injection Internet API ScreenShot Downloader AntiDebug AntiVM PE File PE32 Malware download NetWireRC VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself AppData folder malicious URLs BitRAT Windows ComputerName Remote Code Execution DNS keylogger |
|
1
|
2
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)
ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
|
|
13.0 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13239 |
2021-10-07 15:52
|
 eInvoice-20210805_200426_60083... ba6701b6fd76a5e17047d3f1e4aee69b
UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware PDB unpack itself DNS |
|
1
|
|
|
3.2 |
M |
50 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13240 |
2021-10-07 16:07
|
 Setup.exe 329acf4d6a5e735c1fd3b3fc6c77d3f3
Gen2 RAT PWS .NET framework Trojan_PWS_Stealer Lazarus Family Emotet Generic Malware Themida Packer Credential User Data Malicious Packer Malicious Library ASPack Antivirus UPX Anti_VM SQLite Cookie DGA DNS Socket Create Service Sniff Audio Escalate pr Browser Info Stealer FTP Client Info Stealer VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates shortcut Creates executable files ICMP traffic exploit crash unpack itself Windows utilities Disables Windows Security Checks Bios Collect installed applications Detects VMWare Check virtual network interfaces suspicious process AppData folder malicious URLs suspicious TLD sandbox evasion WriteConsoleW VMware anti-virtualization IP Check installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution Firmware DNS Cryptographic key Software crashed |
35
http://37.0.8.119/base/api/statistics.php
http://www.iyiqian.com/ - rule_id: 2326
http://ip-api.com/json/
http://www.cjnovone.top/Home/Index/lkdinl
http://staticimg.youtuuee.com/api/?sid=250987&key=3c2ebc73d6c5696c2df2697ed28e81cb - rule_id: 5258
http://37.0.8.119/service/communication.php
http://wdv.federguda.ru/
http://vdc.federguda.ru/
http://45.133.1.182/proxies.txt
http://staticimg.youtuuee.com/api/fbtime - rule_id: 5258
http://apps.identrust.com/roots/dstrootcax3.p7c
http://45.133.1.107/download/NiceProcessX64.bmp
http://www.dhonr.com/askhelp59/askinstall59.exe
http://37.0.8.119/base/api/getData.php
http://wd4.federguda.ru/
https://cdn.discordapp.com/attachments/891006172130345095/895390592790585394/06okt06_02.bmp
https://cdn.discordapp.com/attachments/882087629896691744/889793647678201876/Service.bmp
https://cdn.discordapp.com/attachments/891728137040318569/895391070249168936/Clipper.exe
https://cdn.discordapp.com/attachments/891006172130345095/894266719101673553/ruzki2_03_01.bmp
https://cdn.discordapp.com/attachments/891006172130345095/895319462339809300/passat06_03.bmp
https://iplogger.org/1GWfv7
https://cdn.discordapp.com/attachments/888710398742761495/894291419529883678/Setup12.exe
https://cdn.discordapp.com/attachments/891006172130345095/895389549474226196/ruzkiNew06_01.bmp
https://cdn.discordapp.com/attachments/882087629896691744/894082741681942548/mega.bmp
https://cdn.discordapp.com/attachments/891006172130345095/895406609847681064/NewProject06_02.bmp
https://cdn.discordapp.com/attachments/891021838312931420/895238855698051082/PL_Client.bmp
https://cdn.discordapp.com/attachments/891006172130345095/895390806406475836/Super06_01.bmp
https://cdn.discordapp.com/attachments/891006172130345095/895387059806666782/WindowsDefender06_01.bmp
https://62sb.ckauni.ru/
https://ipinfo.io/widget
https://cdn.discordapp.com/attachments/893177342426509335/895312569403863080/097C1D2C.jpg
https://cdn.discordapp.com/attachments/893177342426509335/895312567243771944/640E29E4.jpg
https://cdn.discordapp.com/attachments/891006172130345095/895390702912028782/610pal06_01.bmp
https://cdn.discordapp.com/attachments/891006172130345095/895563118879600671/real07_01.bmp
https://dc-repository.com/sfx_123_209.exe
|
58
ip-api.com(208.95.112.1)
ipinfo.io(34.117.59.81)
yandex.ru(5.255.255.55)
apps.identrust.com(52.217.17.123)
www.cjnovone.top(188.225.87.175)
www.dhonr.com(103.155.93.196) - malware
www.marketingonline.com(69.16.213.208) - malware
iplogger.org(88.99.66.31) - mailcious
mas.to(88.99.75.82)
twitter.com(104.244.42.129)
dc-repository.com(104.21.17.129)
telegram.org(149.154.167.99)
cdn.discordapp.com(162.159.134.233) - malware
tuq.ckauni.ru(81.177.141.85)
www.iyiqian.com(103.155.92.58) - mailcious
auto-repair-solutions.bar()
vdc.federguda.ru(81.177.141.85)
ckauni.ru(81.177.141.85)
privacy-toolz-for-you-3000.top() - malware
wd4.federguda.ru(81.177.141.85)
www.listincode.com(144.202.76.47) - mailcious
guidereviews.bar() - mailcious
wdv.federguda.ru(81.177.141.85)
onepremiumstore.bar()
tambisup.com(2.57.90.16) - mailcious
premium-s0ftwar3875.bar(35.205.61.67)
62sb.ckauni.ru(81.177.141.85)
staticimg.youtuuee.com(45.136.151.102) - mailcious
144.76.183.53 - mailcious
2.56.59.42 - mailcious
91.206.15.183 - mailcious
84.38.189.175 - mailcious
103.155.92.58 - mailcious
149.154.167.99
81.177.141.85 - mailcious
88.99.66.31 - mailcious
77.88.55.66
45.133.1.107
2.57.90.16 - mailcious
88.99.75.82
34.117.59.81
104.244.42.65 - suspicious
45.133.1.182 - malware
45.14.49.184 - mailcious
35.205.61.67 - mailcious
69.16.213.208 - malware
188.225.87.175 - mailcious
208.95.112.1
212.193.30.113
45.136.151.102 - mailcious
162.159.129.233 - malware
172.67.176.198
52.216.169.10
144.202.76.47 - mailcious
52.216.10.10
37.0.8.119
185.215.113.121
103.155.93.196 - malware
|
12
SURICATA Applayer Mismatch protocol both directions
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
ET DNS Query to a *.top domain - Likely Hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET INFO TLS Handshake Failure
ET POLICY External IP Lookup ip-api.com
ET DNS Query for .to TLD
ET DROP Spamhaus DROP Listed Traffic Inbound group 25
ET INFO HTTP Request to a *.top domain
|
3
http://www.iyiqian.com/
http://staticimg.youtuuee.com/api/
http://staticimg.youtuuee.com/api/
|
29.6 |
M |
44 |
guest
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13241 |
2021-10-07 16:33
|
 sfx_123_209.exe 7b2ea8fcffd2ce8548c4be3e42dcb60f
Malicious Library UPX DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code injection HTTP Internet API FTP ScreenShot Http API Steal credential Downloader P2P persistence Hijack Network AntiDebug AntiVM PE File PE32 OS Processor C PDB suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder malicious URLs AntiVM_Disk WriteConsoleW VM Disk Size Check Windows ComputerName |
|
|
|
|
6.4 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13242 |
2021-10-07 16:44
|
 Clipper.exe a76095f2d5727733b3ca4bd8a51349a2
RAT PWS .NET framework Generic Malware Antivirus AntiDebug AntiVM PE File PE32 .NET EXE powershell suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName DNS Cryptographic key |
|
1
|
|
|
11.0 |
|
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13243 |
2021-10-07 16:44
|
 Setup12.exe f80a018bd3f70c14370944063f413f73
RAT Gen2 Emotet Generic Malware UPX Malicious Library ASPack PE File PE32 .NET EXE PE64 OS Processor Check Browser Info Stealer VirusTotal Malware suspicious privilege MachineGuid Malicious Traffic Check memory Checks debugger Creates shortcut Creates executable files unpack itself Check virtual network interfaces AntiVM_Disk IP Check VM Disk Size Check installed browsers check Browser ComputerName DNS |
3
http://staticimg.youtuuee.com/api/fbtime - rule_id: 5258
http://staticimg.youtuuee.com/api/?sid=264745&key=b0e4ab29eda1494875bb14e22a119cc5 - rule_id: 5258
http://ip-api.com/json/
|
11
guidereviews.bar() - mailcious
onepremiumstore.bar()
auto-repair-solutions.bar()
premium-s0ftwar3875.bar(35.205.61.67)
ip-api.com(208.95.112.1)
staticimg.youtuuee.com(45.136.151.102) - mailcious
162.0.214.42 - phishing
35.205.61.67 - mailcious
162.0.210.44 - mailcious
208.95.112.1
45.136.151.102 - mailcious
|
1
ET POLICY External IP Lookup ip-api.com
|
2
http://staticimg.youtuuee.com/api/
http://staticimg.youtuuee.com/api/
|
9.8 |
M |
46 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13244 |
2021-10-07 16:44
|
 askinstall59.exe 335dce5db5fc26c48202cdfa6aa27e52
AgentTesla Gen2 Trojan_PWS_Stealer BitCoin browser info stealer Credential User Data Generic Malware Google Chrome Malicious Packer Malicious Library SQLite Cookie DGA DNS Socket Create Service Sniff Audio Escalate priviledges KeyLogger Code Browser Info Stealer VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Checks debugger WMI Creates executable files ICMP traffic exploit crash unpack itself Windows utilities suspicious process malicious URLs WriteConsoleW installed browsers check Tofsee Windows Exploit Browser ComputerName Remote Code Execution DNS crashed |
4
http://www.cjnovone.top/Home/Index/lkdinl - rule_id: 6119
http://www.iyiqian.com/ - rule_id: 2326
https://iplogger.org/1GWfv7
https://www.listincode.com/ - rule_id: 2327
|
8
www.listincode.com(144.202.76.47) - mailcious
www.iyiqian.com(103.155.92.58) - mailcious
www.cjnovone.top(188.225.87.175) - mailcious
iplogger.org(88.99.66.31) - mailcious
103.155.92.58 - mailcious
88.99.66.31 - mailcious
144.202.76.47 - mailcious
188.225.87.175 - mailcious
|
3
ET DNS Query to a *.top domain - Likely Hostile
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO HTTP Request to a *.top domain
|
3
http://www.cjnovone.top/Home/Index/lkdinl
http://www.iyiqian.com/
https://www.listincode.com/
|
11.6 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 13245 |
2021-10-07 17:00
|
 mega.bmp 477b1b2a2779f1a1d6e7ff42a5eb9772
AgentTesla Emotet Gen2 Trojan_PWS_Stealer RAT Gen1 BitCoin browser info stealer Credential User Data Generic Malware Google Chrome Malicious Library Malicious Packer SQLite Cookie UPX DGA DNS Socket Create Service Sniff Audio Escalate pr Browser Info Stealer Malware download VirusTotal Malware AutoRuns suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files exploit crash unpack itself Windows utilities Disables Windows Security Check virtual network interfaces suspicious process AppData folder malicious URLs AntiVM_Disk sandbox evasion WriteConsoleW IP Check VM Disk Size Check installed browsers check Tofsee Interception Windows Exploit Browser ComputerName DNS crashed Downloader |
28
http://37.0.8.119/base/api/statistics.php - rule_id: 6120
http://www.iyiqian.com/ - rule_id: 2326
http://safialinks.com/Widgets/FolderShare.exe
http://194.145.227.159/pub.php?pub=two
http://186.2.171.3/seemorebty/il.php?e=CsOtXVBhUjDrvtRgizng8F7v - rule_id: 4715
http://45.133.1.182/proxies.txt
http://37.0.8.119/service/communication.php - rule_id: 6118
http://ukcom.pw/adsli/md7_7dfj.exe
http://apps.identrust.com/roots/dstrootcax3.p7c
http://safialinks.com/xJRtjaHLw25uhP75sj4j5SDQa3dAyG/BestCPM/Soft_Manager_Cpm.exe
http://www.nqhobby.com/askinstall58.exe
http://45.133.1.107/download/NiceProcessX64.bmp
http://37.0.8.119/base/api/getData.php - rule_id: 6117
http://www.nqhobby.com/askhelp58/askinstall58.exe
http://install-cb.ru/CalcCryptoInstalww.exe
http://safialinks.com/Installer_Provider/ShareFolder.exe
http://threesmallhills.com/pub3.exe
http://www.cjnovone.top/Home/Index/lkdinl - rule_id: 6119
https://iplogger.org/14Jup7
https://cdn.discordapp.com/attachments/882087629896691744/890166075864543242/installer_2021-09-21_16-31.bmp
https://www.listincode.com/ - rule_id: 2327
https://cdn.discordapp.com/attachments/891021838312931420/895238855698051082/PL_Client.bmp
https://connectini.net/Series/SuperNitou.php - rule_id: 1975
https://cdn.discordapp.com/attachments/882087629896691744/890166081547825162/LivelyScreenRecLy2109.bmp
https://cdn.discordapp.com/attachments/882087629896691744/894083102190764052/Cube_WW14.bmp
https://ipinfo.io/widget
https://dc-repository.com/sfx_123_207.exe
https://publishersharef.s3.eu-north-1.amazonaws.com/Sharefolder.exe
|
45
www.listincode.com(144.202.76.47) - mailcious
www.iyiqian.com(103.155.92.58) - mailcious
futurepreneurs.eu(92.61.46.213)
www.nqhobby.com(103.155.93.196)
iplis.ru(88.99.66.31) - mailcious
cdn.discordapp.com(162.159.129.233) - malware
publishersharef.s3.eu-north-1.amazonaws.com(52.95.171.32)
iplogger.org(88.99.66.31) - mailcious
connectini.net(162.0.210.44) - mailcious
ipinfo.io(34.117.59.81)
twitter.com(104.244.42.129)
dc-repository.com(172.67.176.198)
telegram.org(149.154.167.99)
apps.identrust.com(52.217.90.163)
ukcom.pw(111.90.146.149)
yandex.ru(77.88.55.60)
safialinks.com(162.0.214.42)
threesmallhills.com(94.142.140.35)
www.cjnovone.top(188.225.87.175) - mailcious
install-cb.ru(37.140.192.230)
186.2.171.3 - mailcious
194.145.227.159
2.56.59.42 - mailcious
162.159.135.233 - malware
104.244.42.1 - suspicious
92.61.46.213
149.154.167.99
37.140.192.230
88.99.66.31 - mailcious
162.0.210.44 - mailcious
45.133.1.107
94.142.140.35
111.90.146.149
34.117.59.81
52.216.26.67
77.88.55.60
45.133.1.182 - malware
188.225.87.175 - mailcious
52.95.170.52
103.155.92.58 - mailcious
162.0.214.42 - phishing
172.67.176.198
144.202.76.47 - mailcious
37.0.8.119 - mailcious
103.155.93.196 - malware
|
16
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Mismatch protocol both directions
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)
ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET DNS Query to a *.pw domain - Likely Hostile
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET INFO HTTP Request to a *.pw domain
ET INFO Packed Executable Download
ET INFO EXE - Served Attached HTTP
ET DNS Query to a *.top domain - Likely Hostile
ET INFO HTTP Request to a *.top domain
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
|
|
24.2 |
M |
45 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|