d261cc4cc40165817ae64ca19140e5c574f36d97c703165256e92e1df02becd0

Resubmissions

25/04/2023, 20:18

230425-y3j7yscg23 10

Sharing

Copy URL

Twitter E-mail

General

Target

Atlas.Playbook.22H2.v0.2.zip
Size

2.5MB
Sample

230425-y3j7yscg23
MD5

a2d23532c10384caf831b20d5918f3a4
SHA1

fdab91979b2664c61d66066e1ab4e846172c28ff
SHA256

d261cc4cc40165817ae64ca19140e5c574f36d97c703165256e92e1df02becd0
SHA512

12670994bf8957d97bf85a5858b7b04cc1d330ad6215b6333af0a3b14890312b39511365302433adb187e8ba638f6fd737efac9541edbc27623f819579415e7d
SSDEEP

49152:22KlMManjcsIZfTMt4ibP1x6ElaJGT3H4uUNkSPKHwgi1y9A+P7YUKkvA6mjeLS:2apnosYf4p1xBlaJGT3B2k6RNIGO7YUo

Score

10^/10

upx

Malware Config

Targets

- Target
  
  Executables/Atlas/4. Troubleshooting/Visual C++ Redistributables/Visual C++ Redistributables AIO Source.url
- Size
  
  62B
- MD5
  
  0eb6db9f1b790efb884c2f0838d76cf9
- SHA1
  
  aa2ec58b483018e314c0f9ddc024ccba5975b141
- SHA256
  
  db3544d211572327160c1c1a274fcb65be389a34261c65d4851515cb5960295b
- SHA512
  
  362e1694148d077e738afd45b41b9db8ccb64b465a6ee898fa9953eed879b6b1f9bdc270ec7e7f9753d8f38096e382ad192ca2c92b3d157676755f632f468b42
Score

1^/10
behavioral1
- Target
  
  Executables/Atlas/Atlas Discord.url
- Size
  
  51B
- MD5
  
  07290ac23be722964f44266192724a84
- SHA1
  
  3ffae2805e99970fc8efb5c678257ddba6f89a05
- SHA256
  
  d75ca0fc16867a46b041630bdf48816ebc6306f00198473602184cc0a44e8f4c
- SHA512
  
  8866ec1c25be1fdac90baf59513e2cf6d58d73c90b3fe24ea3e3ced3b6dc40b8359f9d5b5431cd6783bba70a2bf7ab89d071acce3764bf5d0d0abc4dd18bde93
Score

1^/10
behavioral2
- Target
  
  Executables/Atlas/Atlas Documentation.url
- Size
  
  48B
- MD5
  
  42dbd781d13581101d6602d25c5337f7
- SHA1
  
  88e3e21a538aaff5d7fa6642235635f49541ac90
- SHA256
  
  5c5ee218c5f24980d85b201bb4f1e2ff0542965f3332fb5ac782093bd6877d20
- SHA512
  
  d7d0d3e232d2fb16b3d914cf09fd4af1c5045fba4cc0ea948c0c893265ce2e792643364f3491914d572502b085a736bc51639d63ed33523cdf350e30777c8a26
Score

1^/10
behavioral3
- Target
  
  Executables/Atlas/Atlas Forum.url
- Size
  
  49B
- MD5
  
  82859ed490a7a5494b22b519caf9633b
- SHA1
  
  500010a00cd4ad7ad65174a03ca268432e147f34
- SHA256
  
  db42f1e6071b553d1516586b058602746c6ebb9a788f13185623d01d8f07ccde
- SHA512
  
  b21778366a0d730ba42550cf0f5b33fe7b3a72893373be712955b58f4473a4d241dc59ac74b0e2bb54878e7a2f9cde589a9355ded0baa7be0e46fdf6f05e45a2
Score

1^/10
behavioral4
- Target
  
  Executables/Atlas/Atlas GitHub.url
- Size
  
  57B
- MD5
  
  dda895acf3e4c2bf4217effd65fc29f2
- SHA1
  
  d8de371e34d21183bd197ee20a8e1a2d2042ebdc
- SHA256
  
  cc29e2bc9aab2b173f125cee49c54b844262f48b65dc0f67e2fcf02c25d5cc02
- SHA512
  
  4f3e2a29997cee7a2ed61a247f8c39f185176fe18106ce3f0e50c2ff89eb09249dfe3db3b3735a0f09133fcddfb4f89a181a7f968756e02e951a01c3ce082a96
Score

1^/10
behavioral5
- Target
  
  Executables/Atlas/Atlas Website.url
- Size
  
  43B
- MD5
  
  84fa6740ddca2a3d5c87d99a868e46e0
- SHA1
  
  8d296a4c56f741810ede68a7c614944c7a3988bd
- SHA256
  
  bccb5c173dc745415981edf88d9d31a2e3b853f3dcecdf936c2a36a8928df964
- SHA512
  
  92f3165e1b32b9f0c0f56ab64c915f677978fa4a84c5401ba8ec46406e111509f60816093ccd2320a05381008f48606abc60556d272990d51f5585997762bcff
Score

1^/10
behavioral6
- Target
  
  Executables/AtlasModules/Acknowledgements/Atlas Utilities (filepicker & multichoice).url
- Size
  
  67B
- MD5
  
  6c8f74a0ceecebbe88f912972e9ec3b8
- SHA1
  
  01eb0a79d2d11c4150b6fc4c3a54c551b317428f
- SHA256
  
  350253efe415d7dcfd6dd556e95da3020f64a7f7ba48cf8c8459ddd6b046433d
- SHA512
  
  fa3ed873d0280fda303e8bc009fed954f8987907a16bbb52f8d768a27f05c54b124a418298a6a2458712653b3ec88df1174ed25284348c42778ab011328e6eab
Score

1^/10
behavioral7
- Target
  
  Executables/AtlasModules/Acknowledgements/setSvc GitHub.url
- Size
  
  56B
- MD5
  
  59e7979e74b00bebb7d56e094f2cacc2
- SHA1
  
  d758ed52eed1a4f779bccf6038c8802448ac9761
- SHA256
  
  37f34726649c659fa6038cdfc76259c866b05e473ace0a417b83de5e9dd28c50
- SHA512
  
  b06ab922a507a34631a629b8d69265313382e9cee8487b9688978d7f08aaf7d0039dd4ab1d954ee8240c6901e33bb1b2976b952ace0c1b01942fec784361f699
Score

1^/10
behavioral8
- Target
  
  Executables/AtlasModules/Scripts/Auto-Cleaner.cmd
- Size
  
  1KB
- MD5
  
  385004fc5f168224a63a6ffc89c0b8a2
- SHA1
  
  4d2f8af8bdd7c6212c129b4a73b463b4b2f7acb3
- SHA256
  
  e49d0ad09a63268f89ca78ff02a7453ad98e5e58a4a5bb8db6d64e3a3440a5f6
- SHA512
  
  d30e4449a3ff551a288300026a4a08912e30796a284c03155ff5f16f0756103de16d8eb8c101250963c7570f54cbc6e9bf3229d101a17da40b5d5d5df14d353e
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral9
- Target
  
  Executables/AtlasModules/Scripts/RunAsTI.cmd
- Size
  
  7KB
- MD5
  
  58d3e9a4570d66eb9fcbabf715fa75c1
- SHA1
  
  7981f41f7db56448c803db11856c3c771cb0cf27
- SHA256
  
  b2b1ddb8430533f2a87aa40a4e7d79df76d2b9cf146bfa9652f91d266d7ba690
- SHA512
  
  a5c3ead2bf4883f6eeea268ea73f2907ed5840d69f78d8c74f2695b5ed293290c3ecb7942b3d3bab265a5cd9ca3b31615a0976bd08f0d6f1338dfc5dc03ad767
- SSDEEP
  
  192:1tYHOTnAJxIX3MJwKb7kJkZL0+qxsD9xG6l7AboMlkObV:1tiOTnf3cxvJCxCRKboMlR
Score

1^/10
behavioral10
- Target
  
  Executables/AtlasModules/Scripts/setSvc.cmd
- Size
  
  2KB
- MD5
  
  a7d3e4ffbb7206374740a5e348ca2380
- SHA1
  
  6b15231dbb2444198faf876ce420ebff9961383e
- SHA256
  
  be86445c1f6e88a1c4a1df2c457ced5157c3d712d176011dfaee662403f70b22
- SHA512
  
  4183c4c47720232592d0e73fd57373ff7ef69279f93b65cc208db72d89b427435517acbe62ab34005d7de156b172f492cc78437f3a808318f9c3748718b81390
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral11
- Target
  
  Executables/AtlasModules/Scripts/toggleDev.cmd
- Size
  
  2KB
- MD5
  
  0fc5e92349540a7b7b27e7789bead68b
- SHA1
  
  47ee8a756177cea917ebf48b310f37d5d731a5a1
- SHA256
  
  0907166805d83bde4d169ead6641a3f82c5c6a694d158455f1bb1471a5d33a24
- SHA512
  
  5989bd61248920b57bb106615c39b44cb0a47400a44001beea078d2d56d7892ccb198e8a5c2311e802b4b3103e7c48d40d0a91fbfe4d41fc81ac966aed017f5c
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral12
- Target
  
  Executables/AtlasModules/Tools/filepicker.exe
- Size
  
  145KB
- MD5
  
  d075ecf7e4ae297b50672c392588e368
- SHA1
  
  cfc02b6f52bacdd691722ec50456a90b9d2f24f8
- SHA256
  
  10a9ab81de68a6acebd6e0d393ecc8869a4dae852f78cf9093740ad8752da0de
- SHA512
  
  8df70762db0a3813ee4b73e77f965ca2a33dc5838fcb30f038ed6e66d0b61c4c3f51a2700dbb8a015f5a7d95951d7aa01e426398c3d284b6f7c89639cf30fb06
- SSDEEP
  
  3072:Xdd0KiEvENBYIhnGEhekJ5xNTLD5ZhwmR4lgHAp/W:Xdd15EAiGEjJ1TLD5ZhKBF
Score

3^/10
behavioral13
- Target
  
  Executables/AtlasModules/Tools/multichoice.exe
- Size
  
  1.3MB
- MD5
  
  796f10d094bb0b63d61e6570a9aee52d
- SHA1
  
  81c22bb59a62037f2f7078fb489245ee964e09a4
- SHA256
  
  6ab2ff0163afe0fac4e7506f9a63293421a1880076944339700a59a06578927d
- SHA512
  
  1d6b13ea9ee26bd0f8b680e6f4eb6aa11c1ca7d1f285c76ba7440ea434b8c9eac7adc5bb42bd5c2d2329103a57288e16c41427b2b068cefb4940cecd8c0c7f06
- SSDEEP
  
  24576:RJrzefrwX4O0XGSEBqSE9GMrxzLjWrHIMlrdo7jzTjBHsPFXRad:RwsuGS4W9rRjXQdo7nTj5gFX4d
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral14
- Target
  
  Executables/BACKUP1.cmd
- Size
  
  621B
- MD5
  
  852e6311620a167a9400c3fb41714952
- SHA1
  
  eec1c265b036e5b821bc7967b152aefe95c63113
- SHA256
  
  8f098e1976d6c843afc7e7b1752b936195280ba81d18abc28067ef7c0275bccc
- SHA512
  
  4ed7fbb6557f00eebaba6acd02d82a741287e9333906704879542d82765d72736bdb3eb53ad9d421df0b17ba0adfd9ba7b199a7c32141a9b22eb5e69b93b3baf
Score

1^/10
behavioral15
- Target
  
  Executables/BACKUP2.cmd
- Size
  
  619B
- MD5
  
  a9eeec6c9d7ed30287de139e4bc11b33
- SHA1
  
  de1b5b140b75fe2825f6ff6d47c1403cb84a285c
- SHA256
  
  37ca1306be3dad131933ae00649707d7dade254090aa250a8a72329e8a38d19a
- SHA512
  
  8ae39e476efbd783d451781feb7429e49fde5422156aa9bede4622b71ad0bb085437c3a3db2ec9bc981e250db35378405a41ef72be3eee01102c619e42d7682e
Score

1^/10
behavioral16
- Target
  
  Executables/CONVERTUSERS.cmd
- Size
  
  1KB
- MD5
  
  c3d6c5fcf9e5b2d38ffb8f9e4edda61e
- SHA1
  
  275ce13f5ec6137acd09567fca3829b4a553d75f
- SHA256
  
  dfe4cf6f461658171f5923b7740112aff1130c48189bbbeec1f5d53feb879815
- SHA512
  
  9092053297a5b6527f9849381a91a4aec5ed460e9dc8e3fe96412bdc990fa1fe40cb2c3617b4a600482c6e2cc6c1b1da28285c041b90c469d8f597f2c90ed993
Score

1^/10
behavioral17
- Target
  
  Executables/COPYDESKTOP.cmd
- Size
  
  272B
- MD5
  
  9f363cdcd66c05de634c0680a8b61a4f
- SHA1
  
  121f7c9e4de68198d5f13e3f5d17e02eca53fc8b
- SHA256
  
  05c7b343b863e81283f95a8c83cebce87798b9b9c8fc99f7771496170a96c0c6
- SHA512
  
  a8dcc8c6f4dcfaf7e6a20adae0a50389dceaf72d62c0ab882e8f1fa92338e25d2dd5881e2b6f267b8a64ca5e9263e5c5061555140098d22d3f8c7a8cda311826
Score

1^/10
behavioral18
- Target
  
  Executables/DISABLEPNP.ps1
- Size
  
  1KB
- MD5
  
  2812612410aabaa1ff1d08c56313f6e6
- SHA1
  
  ebb9b57cb28822a1026c0b14028fcf55b653fdd5
- SHA256
  
  066bc85aa9739287d92a69decaa1f74ce4112c2d72cf46a7b4a588d97be4cf03
- SHA512
  
  fec99aba0eff6410234feaf6ef236e6154456e95e0cb88bc63ed179bc840b98ee2611a9039b1ed14d00fa9b212af501c1df81cc82573e763514d02d6085fafa2
Score

1^/10
behavioral19
- Target
  
  Executables/EDGE.cmd
- Size
  
  2KB
- MD5
  
  f72816519ebf6d36a20f81757a4e7c84
- SHA1
  
  a414269462f5e1336f93d491573ac74c5d0aee42
- SHA256
  
  950bb700b28e6fc95131219315658a6edcbef6abf23243f0099f0539ed6f8901
- SHA512
  
  936215e7a92a76a8dd4b3c904781760965713e941c27f5c657045c5a959d954b6e0aa4acef20037c15005c40c06a3740823fb679f967872f53d78f6f06b47646
Score

1^/10
behavioral20
- Target
  
  Executables/FINALIZE.cmd
- Size
  
  10KB
- MD5
  
  65b5ea0e86c52c2919c2cd6f6eb89747
- SHA1
  
  1d959f9373947c04904e59c57e7e695ec0878f89
- SHA256
  
  8d2fa62bf65c4d77677d10d558fd2fb17afcdf19b9408ceac678746d2b92cedc
- SHA512
  
  ca738cd11043c4e6afde9ffb4afda28d1ff56f0dba9359fb5892c2c26153d4444681c4cbafc89ec208ccd866ad58e3cbc1157aca320e69841075afc589bd1e45
- SSDEEP
  
  192:pxSeJHItmmxUXvP519sCHSFvVFC7nl4ILoJ77tR0/bF7MlWWgEVVmgOcMEeRtk3v:pxSeJHIK519VyFvMlUIXWpwxrVJMb
Score

6^/10
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral21
- Target
  
  Executables/MITIGATIONPROMPT.ps1
- Size
  
  1KB
- MD5
  
  af4de2e912178cccd203fd7b32349d52
- SHA1
  
  18416e7f32e2ddf3340759f5f3656232a59e5493
- SHA256
  
  e2dc22b28ae89ce1a41b7760061fc4ba9838bede76d6dc5d78626ae3f53abb4e
- SHA512
  
  6b5418555b8a6075141c9e1945a2f59ead458a0964f50cb1e26805ce46678dfd8ec65a606d62e327a4d1bfcde21d2b8b13cbdf8798c8b9634767942b078bb969
Score

1^/10
behavioral22
- Target
  
  Executables/ONED.cmd
- Size
  
  1KB
- MD5
  
  cec711d5a97da76868926c26c9c009ae
- SHA1
  
  5e24bf73cb882d92b72b5a9fe9bfd014d334630a
- SHA256
  
  1d3873bbddece264a56a6287ce879ee778033f3232978e53cd4868186c78fff5
- SHA512
  
  3a5649f52d103a50a48d6ffabdc304d927c468cc5ce512278461f4f41171d59c31d243f34bb368f737ca9baee442ef8def732e315dc19f442323a2cb271589fb
Score

1^/10
behavioral23
- Target
  
  Executables/PFP.cmd
- Size
  
  3KB
- MD5
  
  1cdee74c0e00beaf339589e39ea3e3c8
- SHA1
  
  520e56b6c883e81e8b8609e43a8d65040965ea44
- SHA256
  
  c43214ef8d9f781147d1781348b0d071d6385619e73629af097c494d57a9f06a
- SHA512
  
  7a891affd1503ed56b88b7dc3638d6805d91724fb2adfb0c539471c931bd5baae8d33774ede5a2c645d90d78695e17c07a478aaf0ec306b19cb414c446c3847a
Score

1^/10
behavioral24
- Target
  
  Executables/POWER.cmd
- Size
  
  6KB
- MD5
  
  bfbb809dea0ad939fa9af484ba27f6e7
- SHA1
  
  189e7b5f5fa10e3722797bd034250674b32c75e4
- SHA256
  
  71cedd088351abdc9c230b3bd70a1f991d126ead5e4140b4936c535352ac64d6
- SHA512
  
  eea305245079f6790851060edd06a9c465d7b1916fdd42ae2597bef585edf0f78ba66dbc94dd522b6490a72f046b3409b3ed7fc91abada42580af7d124c12d3b
- SSDEEP
  
  192:/e+zEifjkzn0ClwyTf5JuT+P8hvLzp83qkOh:GZlnffuSPy
Score

1^/10
behavioral25
- Target
  
  Executables/STARTMENU.cmd
- Size
  
  2KB
- MD5
  
  c031ff4e95a49ec045951e7719fe3430
- SHA1
  
  96dc5c0d9ccf656f5c4097e9e192b5290fe3f1d8
- SHA256
  
  b4856939dcc61ec37e5f5b0d37292486b12dbb0171e28fa08bce19d1498032a0
- SHA512
  
  d65e0a8b937d60385657c6a34599457a60c5e6134788e8d798ad37e75c36147eca83123b1bfbe020f40482759de1087231fe1cb5ece998372906f94605a45002
Score

4^/10
behavioral26
- Target
  
  Executables/UPDHEALTH.cmd
- Size
  
  1KB
- MD5
  
  1b241a1abbaa55fee0cd88e7f9995f38
- SHA1
  
  37bbf721b8d8c8de79364891ea477a024a561fd3
- SHA256
  
  5b91efc5bdb2e642e50ad0c38cea03daeb8717a3905a4b8792ea9e09f13c9200
- SHA512
  
  f1a4000784eb459451a97bdb09e118cda3836a597b5b67ba1bc39fc5f7ddb6cbb26cd43e9e2a3be8203aad75f157a53e6ed4c1de3fe6c6505231b64c392c8868
Score

1^/10
behavioral27
- Target
  
  Executables/WALLPAPER.cmd
- Size
  
  2KB
- MD5
  
  a32722ee00e08c05a3effb3d1215baa9
- SHA1
  
  e480cef2dc06d46d5bb18d20c77cbf750a20ac45
- SHA256
  
  b98263cea6af6eea2d561c840cf14a1c775ec4e6bedeb975833889c51a9fe591
- SHA512
  
  6255ce91f4c1a7c9c325f1e0a0339791ae3ca8891a638def98042da627110524b5c19a1bc66b84121085f211d1162a81f6330e88b0539f5010fda2f0a1a2dd18
Score

4^/10
behavioral28
- Target
  
  Executables/Web/Screen/img100.jpg
- Size
  
  1000KB
- MD5
  
  56adf4ee298c8cfb89111b93a438811b
- SHA1
  
  c2e292c36d3b62da88a769586918598978536650
- SHA256
  
  8cc128c998e63dad4ad4f84500afdbbc202e3023ee25ed190b8f7c1a540455ac
- SHA512
  
  2ffc6888d46ca7d40fa0e265036de96a9f8f2702ad74a54c81cfb052049d9b92b023138822fc54cb67aee1b1a5ba73d7c13d21b2e1f57e2f21fab73114c38f84
- SSDEEP
  
  24576:qNJxdGVE/S+M8XAAkqwksFScVbeGO1cR5JnCHbvzPu2IsFG:qNJxAMc5QwkmScJeDe/abvzVo
Score

3^/10
behavioral29
- Target
  
  Executables/Web/Wallpaper/Windows/atlas-dark.jpg
- Size
  
  13KB
- MD5
  
  49acb9496816f519565e4df7ce171ad3
- SHA1
  
  10e9b5cf85a601a83d5ab8ab2fb34360c6ab23d9
- SHA256
  
  dbe9fc67c1c33307c0076ef7ccbfc00246943d78dce913fc460b223223a18f82
- SHA512
  
  e10e6c84b04242e2debbfcaf302cd9531a7ffb6c6820db02fda93ec041a53d0965551c6dd9fc77ed3f52b437bb7302737fb8337ca176ddacd0888080c8b9f76a
- SSDEEP
  
  48:9/6ppFYUXbnFW/s4A+a9kRDO0fnq+SgV/PNDaVIKljgsjW7T18xg81:9SrSoTJHv9tCSgEjK/Wh
Score

3^/10
behavioral30
- Target
  
  Executables/Web/Wallpaper/Windows/atlas-light.jpg
- Size
  
  12KB
- MD5
  
  8e1fce7ff8e19657080e4e3444f5998c
- SHA1
  
  870e2751d32bed5fd8c329ced9a0c2cc9d12a6bf
- SHA256
  
  03fb04e7069a2bf89a5e8a0278344df3f02f1f96ff4d347d810b2940bac9a152
- SHA512
  
  7be971303211af87088235c7cc66107905cc6436c039e01413d5368e667c04ed3956448ed4a31677e3ad517cae1e9b9d068201653b4643993b3b295d4b999356
- SSDEEP
  
  48:9/6x0aA5DzE9/KDJLxn1AS4Zyey0D/hHZygbsxNWSkFOmUGa/P1RTcPpENv3KD0h:9Sx0a0/D/1j4cey0bba3ezkPnQQ3KYh
Score

3^/10
behavioral31
- Target
  
  playbook.conf
- Size
  
  932B
- MD5
  
  bd8eddeec69fe2b68aff7212e3a5f871
- SHA1
  
  55abc3e8eea9e4efb9e4aca8a9ea06c2ea8c1067
- SHA256
  
  8c6d7aec4f388573dffa282be41ba5034e7e2255ee5b6d807c1616fe9fc9b712
- SHA512
  
  fb3d6e18be4d01bbbacd2c6f737bf887d0d518633515426f6378fcbc83085fcf365ffe83f7946a9d9ec081e83eee925ff6cd0b6654bb61afbabe92a3b75b94b5
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Hidden Files and Directories

T1158

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Suspicious use of NtCreateUserProcessOtherParentProcess

Suspicious use of NtCreateUserProcessOtherParentProcess

UPX packed file

Maps connected drives based on registry

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32