Overview
overview
10Static
static
3Setup.exe
windows7-x64
10Setup.exe
windows7-x64
10Setup.exe
windows10-1703-x64
10Setup.exe
windows10-2004-x64
10Setup.exe
windows11-21h2-x64
Chrome.exe
windows10-2004-x64
10Chrome.exe
windows7-x64
10Chrome.exe
windows10-1703-x64
10Chrome.exe
windows10-2004-x64
10Chrome.exe
windows11-21h2-x64
10Setup.exe
windows10-2004-x64
3Setup.exe
windows7-x64
3Setup.exe
windows10-1703-x64
10Setup.exe
windows10-2004-x64
3Setup.exe
windows11-21h2-x64
3Analysis
-
max time kernel
195s -
max time network
229s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
26-04-2024 15:47
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240215-en
windows7-x64
13 signatures
1800 seconds
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win7-20231129-en
windows7-x64
13 signatures
1800 seconds
Behavioral task
behavioral3
Sample
Setup.exe
Resource
win10-20240404-en
windows10-1703-x64
13 signatures
1800 seconds
Behavioral task
behavioral4
Sample
Setup.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
15 signatures
1800 seconds
Behavioral task
behavioral5
Sample
Setup.exe
Resource
win11-20240419-en
windows11-21h2-x64
13 signatures
1800 seconds
Behavioral task
behavioral6
Sample
Chrome.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
10 signatures
1800 seconds
Behavioral task
behavioral7
Sample
Chrome.exe
Resource
win7-20240419-en
windows7-x64
10 signatures
1800 seconds
Behavioral task
behavioral8
Sample
Chrome.exe
Resource
win10-20240404-en
windows10-1703-x64
10 signatures
1800 seconds
Behavioral task
behavioral9
Sample
Chrome.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
10 signatures
1800 seconds
Behavioral task
behavioral10
Sample
Chrome.exe
Resource
win11-20240419-en
windows11-21h2-x64
10 signatures
1800 seconds
Behavioral task
behavioral11
Sample
Setup.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral12
Sample
Setup.exe
Resource
win7-20240215-en
windows7-x64
1 signatures
1800 seconds
Behavioral task
behavioral13
Sample
Setup.exe
Resource
win10-20240404-en
windows10-1703-x64
9 signatures
1800 seconds
Behavioral task
behavioral14
Sample
Setup.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral15
Sample
Setup.exe
Resource
win11-20240412-en
windows11-21h2-x64
1 signatures
1800 seconds
General
-
Target
Setup.exe
-
Size
22.5MB
-
MD5
a4e313952f14d899867d53c80335dce3
-
SHA1
7703d0a9725dea829dd023d9575322ccae81319c
-
SHA256
9e60d8f8d14a520f023015e9b7e1254756a0bbebe294707cd705f5262b2e07b5
-
SHA512
018a2cc0841fd568d2fe3ade35f708dcb06d9ce148a3c085ccdcb70ab51999f7167b57f5c45c665758cfc72371a5bac002425241d3d89639382fc706a325059e
-
SSDEEP
393216:7qwr6Kwzs3OQs5rmJdW96tBbcQR+yu/tKWao+L37GcrKCUcrfuqIC:7qwFwzs+Q6ridk+hcQR+yusk+LLxrKCv
Malware Config
Extracted
Family
nanocore
Version
1.2.2.0
C2
haxorbaba.duckdns.org:1604
Mutex
68d0d384-24c7-4c4a-b00a-25fe172797c1
Attributes
-
activate_away_mode
true
- backup_connection_host
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2016-05-25T14:42:31.650976636Z
-
bypass_user_account_control
false
-
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
3994
-
connection_port
1604
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
68d0d384-24c7-4c4a-b00a-25fe172797c1
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
haxorbaba.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2536 Chrome.exe 2568 Chrome.exe 2516 Chrome.exe 1148 Chrome.exe 2656 Chrome.exe 2384 Chrome.exe 3056 Chrome.exe 1596 Chrome.exe 2620 Chrome.exe 1444 Chrome.exe 1888 Chrome.exe 1616 Chrome.exe 2284 Chrome.exe 1336 Chrome.exe 2336 Chrome.exe 2080 Chrome.exe 1428 Chrome.exe 700 Chrome.exe 448 Chrome.exe 2156 Chrome.exe 1800 Chrome.exe 1524 Chrome.exe 3020 Chrome.exe 2108 Chrome.exe 1568 Chrome.exe 2076 Chrome.exe 1540 Chrome.exe 1900 Chrome.exe 2916 Chrome.exe 2264 Chrome.exe 2556 Chrome.exe 2476 Chrome.exe 2880 Chrome.exe 2432 Chrome.exe 2864 Chrome.exe 2944 Chrome.exe 2524 Chrome.exe 1804 Chrome.exe 2620 Chrome.exe 1368 Chrome.exe 2184 Chrome.exe 1164 Chrome.exe 1840 Chrome.exe 1276 Chrome.exe 2452 Chrome.exe 1212 Chrome.exe 1480 Chrome.exe 2256 Chrome.exe 588 Chrome.exe 1508 Chrome.exe 2708 Chrome.exe 1984 Chrome.exe 908 Chrome.exe 2948 Chrome.exe 2008 Chrome.exe 2440 Chrome.exe 2044 Chrome.exe 1568 Chrome.exe 1724 Chrome.exe 1516 Chrome.exe 2776 Chrome.exe 2588 Chrome.exe 2556 Chrome.exe 2416 Chrome.exe -
Loads dropped DLL 64 IoCs
pid Process 1724 Setup.exe 1724 Setup.exe 2264 Setup.exe 2264 Setup.exe 2504 Setup.exe 2504 Setup.exe 2536 Chrome.exe 2568 Chrome.exe 1148 Chrome.exe 2764 Setup.exe 2764 Setup.exe 3056 Chrome.exe 2348 Setup.exe 2348 Setup.exe 2620 Chrome.exe 1692 Setup.exe 1692 Setup.exe 1888 Chrome.exe 1040 Setup.exe 1040 Setup.exe 2284 Chrome.exe 2088 Setup.exe 2088 Setup.exe 2336 Chrome.exe 2040 Setup.exe 2040 Setup.exe 1428 Chrome.exe 588 Setup.exe 588 Setup.exe 448 Chrome.exe 1984 Setup.exe 1984 Setup.exe 1800 Chrome.exe 1332 Setup.exe 1332 Setup.exe 3020 Chrome.exe 1912 Setup.exe 1912 Setup.exe 1568 Chrome.exe 2292 Setup.exe 2292 Setup.exe 1540 Chrome.exe 1536 Setup.exe 1536 Setup.exe 2916 Chrome.exe 3064 Setup.exe 3064 Setup.exe 2556 Chrome.exe 2504 Setup.exe 2504 Setup.exe 2880 Chrome.exe 2764 Setup.exe 2764 Setup.exe 2864 Chrome.exe 2152 Setup.exe 2152 Setup.exe 2524 Chrome.exe 2568 Setup.exe 2568 Setup.exe 2620 Chrome.exe 1620 Setup.exe 1620 Setup.exe 2184 Chrome.exe 2240 Setup.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DDP Subsystem = "C:\\Program Files (x86)\\DDP Subsystem\\ddpss.exe" Chrome.exe -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Chrome.exe -
Suspicious use of SetThreadContext 64 IoCs
description pid Process procid_target PID 2536 set thread context of 2516 2536 Chrome.exe 34 PID 2568 set thread context of 2656 2568 Chrome.exe 35 PID 1148 set thread context of 2384 1148 Chrome.exe 37 PID 3056 set thread context of 1596 3056 Chrome.exe 40 PID 2620 set thread context of 1444 2620 Chrome.exe 42 PID 1888 set thread context of 1616 1888 Chrome.exe 45 PID 2284 set thread context of 1336 2284 Chrome.exe 50 PID 2336 set thread context of 2080 2336 Chrome.exe 53 PID 1428 set thread context of 700 1428 Chrome.exe 56 PID 448 set thread context of 2156 448 Chrome.exe 61 PID 1800 set thread context of 1524 1800 Chrome.exe 64 PID 3020 set thread context of 2108 3020 Chrome.exe 67 PID 1568 set thread context of 2076 1568 Chrome.exe 70 PID 1540 set thread context of 1900 1540 Chrome.exe 73 PID 2916 set thread context of 2264 2916 Chrome.exe 76 PID 2556 set thread context of 2476 2556 Chrome.exe 79 PID 2880 set thread context of 2432 2880 Chrome.exe 82 PID 2864 set thread context of 2944 2864 Chrome.exe 85 PID 2524 set thread context of 1804 2524 Chrome.exe 88 PID 2620 set thread context of 1368 2620 Chrome.exe 91 PID 2184 set thread context of 1164 2184 Chrome.exe 94 PID 1840 set thread context of 1276 1840 Chrome.exe 97 PID 2452 set thread context of 1212 2452 Chrome.exe 100 PID 1480 set thread context of 2256 1480 Chrome.exe 103 PID 588 set thread context of 1508 588 Chrome.exe 106 PID 2708 set thread context of 1984 2708 Chrome.exe 109 PID 908 set thread context of 2948 908 Chrome.exe 112 PID 2008 set thread context of 2440 2008 Chrome.exe 115 PID 2044 set thread context of 1568 2044 Chrome.exe 118 PID 1724 set thread context of 1516 1724 Chrome.exe 121 PID 2776 set thread context of 2588 2776 Chrome.exe 124 PID 2556 set thread context of 2416 2556 Chrome.exe 127 PID 2364 set thread context of 628 2364 Chrome.exe 130 PID 2632 set thread context of 1148 2632 Chrome.exe 133 PID 1496 set thread context of 1620 1496 Chrome.exe 136 PID 2172 set thread context of 540 2172 Chrome.exe 139 PID 1256 set thread context of 1192 1256 Chrome.exe 142 PID 392 set thread context of 1228 392 Chrome.exe 145 PID 1104 set thread context of 1552 1104 Chrome.exe 148 PID 380 set thread context of 1636 380 Chrome.exe 151 PID 760 set thread context of 2020 760 Chrome.exe 154 PID 2560 set thread context of 1544 2560 Chrome.exe 157 PID 2600 set thread context of 2556 2600 Chrome.exe 160 PID 2364 set thread context of 1660 2364 Chrome.exe 163 PID 2620 set thread context of 1548 2620 Chrome.exe 166 PID 2172 set thread context of 1048 2172 Chrome.exe 169 PID 1680 set thread context of 2176 1680 Chrome.exe 172 PID 1840 set thread context of 1580 1840 Chrome.exe 175 PID 2060 set thread context of 1648 2060 Chrome.exe 178 PID 488 set thread context of 2080 488 Chrome.exe 181 PID 1640 set thread context of 760 1640 Chrome.exe 184 PID 2560 set thread context of 1704 2560 Chrome.exe 285 PID 2868 set thread context of 1520 2868 Chrome.exe 190 PID 3068 set thread context of 2860 3068 Chrome.exe 193 PID 1316 set thread context of 2844 1316 Chrome.exe 196 PID 2724 set thread context of 2476 2724 Chrome.exe 199 PID 1256 set thread context of 2432 1256 Chrome.exe 202 PID 2988 set thread context of 1804 2988 Chrome.exe 205 PID 1336 set thread context of 2972 1336 Chrome.exe 208 PID 3016 set thread context of 936 3016 Chrome.exe 211 PID 2044 set thread context of 2300 2044 Chrome.exe 214 PID 2188 set thread context of 1540 2188 Chrome.exe 217 PID 2560 set thread context of 2624 2560 Chrome.exe 220 PID 2440 set thread context of 2428 2440 Chrome.exe 223 -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\DDP Subsystem\ddpss.exe Chrome.exe File opened for modification C:\Program Files (x86)\DDP Subsystem\ddpss.exe Chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 1764 schtasks.exe 2708 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe 2516 Chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2516 Chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2568 Chrome.exe Token: SeDebugPrivilege 2536 Chrome.exe Token: SeDebugPrivilege 1148 Chrome.exe Token: SeDebugPrivilege 3056 Chrome.exe Token: SeDebugPrivilege 2620 Chrome.exe Token: SeDebugPrivilege 1888 Chrome.exe Token: SeDebugPrivilege 2284 Chrome.exe Token: SeDebugPrivilege 2336 Chrome.exe Token: SeDebugPrivilege 1428 Chrome.exe Token: SeDebugPrivilege 448 Chrome.exe Token: SeDebugPrivilege 2516 Chrome.exe Token: SeDebugPrivilege 1800 Chrome.exe Token: SeDebugPrivilege 3020 Chrome.exe Token: SeDebugPrivilege 1568 Chrome.exe Token: SeDebugPrivilege 1540 Chrome.exe Token: SeDebugPrivilege 2916 Chrome.exe Token: SeDebugPrivilege 2556 Chrome.exe Token: SeDebugPrivilege 2880 Chrome.exe Token: SeDebugPrivilege 2864 Chrome.exe Token: SeDebugPrivilege 2524 Chrome.exe Token: SeDebugPrivilege 2620 Chrome.exe Token: SeDebugPrivilege 2184 Chrome.exe Token: SeDebugPrivilege 1840 Chrome.exe Token: SeDebugPrivilege 2452 Chrome.exe Token: SeDebugPrivilege 1480 Chrome.exe Token: SeDebugPrivilege 588 Chrome.exe Token: SeDebugPrivilege 2708 Chrome.exe Token: SeDebugPrivilege 908 Chrome.exe Token: SeDebugPrivilege 2008 Chrome.exe Token: SeDebugPrivilege 2044 Chrome.exe Token: SeDebugPrivilege 1724 Chrome.exe Token: SeDebugPrivilege 2776 Chrome.exe Token: SeDebugPrivilege 2556 Chrome.exe Token: SeDebugPrivilege 2364 Chrome.exe Token: SeDebugPrivilege 2632 Chrome.exe Token: SeDebugPrivilege 1496 Chrome.exe Token: SeDebugPrivilege 2172 Chrome.exe Token: SeDebugPrivilege 1256 Chrome.exe Token: SeDebugPrivilege 392 Chrome.exe Token: SeDebugPrivilege 1104 Chrome.exe Token: SeDebugPrivilege 380 Chrome.exe Token: SeDebugPrivilege 760 Chrome.exe Token: SeDebugPrivilege 2560 Chrome.exe Token: SeDebugPrivilege 2600 Chrome.exe Token: SeDebugPrivilege 2364 Chrome.exe Token: SeDebugPrivilege 2620 Chrome.exe Token: SeDebugPrivilege 2172 Chrome.exe Token: SeDebugPrivilege 1680 Chrome.exe Token: SeDebugPrivilege 1840 Chrome.exe Token: SeDebugPrivilege 2060 Chrome.exe Token: SeDebugPrivilege 488 Chrome.exe Token: SeDebugPrivilege 1640 Chrome.exe Token: SeDebugPrivilege 2560 Chrome.exe Token: SeDebugPrivilege 2868 Chrome.exe Token: SeDebugPrivilege 3068 Chrome.exe Token: SeDebugPrivilege 1316 Chrome.exe Token: SeDebugPrivilege 2724 Chrome.exe Token: SeDebugPrivilege 1256 Chrome.exe Token: SeDebugPrivilege 2988 Chrome.exe Token: SeDebugPrivilege 1336 Chrome.exe Token: SeDebugPrivilege 3016 Chrome.exe Token: SeDebugPrivilege 2044 Chrome.exe Token: SeDebugPrivilege 2188 Chrome.exe Token: SeDebugPrivilege 2560 Chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1724 wrote to memory of 2264 1724 Setup.exe 28 PID 1724 wrote to memory of 2264 1724 Setup.exe 28 PID 1724 wrote to memory of 2264 1724 Setup.exe 28 PID 1724 wrote to memory of 2264 1724 Setup.exe 28 PID 1724 wrote to memory of 2264 1724 Setup.exe 28 PID 1724 wrote to memory of 2264 1724 Setup.exe 28 PID 1724 wrote to memory of 2264 1724 Setup.exe 28 PID 1724 wrote to memory of 2536 1724 Setup.exe 29 PID 1724 wrote to memory of 2536 1724 Setup.exe 29 PID 1724 wrote to memory of 2536 1724 Setup.exe 29 PID 1724 wrote to memory of 2536 1724 Setup.exe 29 PID 2264 wrote to memory of 2504 2264 Setup.exe 77 PID 2264 wrote to memory of 2504 2264 Setup.exe 77 PID 2264 wrote to memory of 2504 2264 Setup.exe 77 PID 2264 wrote to memory of 2504 2264 Setup.exe 77 PID 2264 wrote to memory of 2504 2264 Setup.exe 77 PID 2264 wrote to memory of 2504 2264 Setup.exe 77 PID 2264 wrote to memory of 2504 2264 Setup.exe 77 PID 2264 wrote to memory of 2568 2264 Setup.exe 86 PID 2264 wrote to memory of 2568 2264 Setup.exe 86 PID 2264 wrote to memory of 2568 2264 Setup.exe 86 PID 2264 wrote to memory of 2568 2264 Setup.exe 86 PID 2504 wrote to memory of 2764 2504 Setup.exe 80 PID 2504 wrote to memory of 2764 2504 Setup.exe 80 PID 2504 wrote to memory of 2764 2504 Setup.exe 80 PID 2504 wrote to memory of 2764 2504 Setup.exe 80 PID 2504 wrote to memory of 2764 2504 Setup.exe 80 PID 2504 wrote to memory of 2764 2504 Setup.exe 80 PID 2504 wrote to memory of 2764 2504 Setup.exe 80 PID 2504 wrote to memory of 1148 2504 Setup.exe 33 PID 2504 wrote to memory of 1148 2504 Setup.exe 33 PID 2504 wrote to memory of 1148 2504 Setup.exe 33 PID 2504 wrote to memory of 1148 2504 Setup.exe 33 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2536 wrote to memory of 2516 2536 Chrome.exe 34 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2568 wrote to memory of 2656 2568 Chrome.exe 35 PID 2764 wrote to memory of 2348 2764 Setup.exe 36 PID 2764 wrote to memory of 2348 2764 Setup.exe 36 PID 2764 wrote to memory of 2348 2764 Setup.exe 36 PID 2764 wrote to memory of 2348 2764 Setup.exe 36 PID 2764 wrote to memory of 2348 2764 Setup.exe 36 PID 2764 wrote to memory of 2348 2764 Setup.exe 36 PID 2764 wrote to memory of 2348 2764 Setup.exe 36 PID 1148 wrote to memory of 2384 1148 Chrome.exe 37 PID 1148 wrote to memory of 2384 1148 Chrome.exe 37 PID 1148 wrote to memory of 2384 1148 Chrome.exe 37 PID 1148 wrote to memory of 2384 1148 Chrome.exe 37 PID 1148 wrote to memory of 2384 1148 Chrome.exe 37 PID 1148 wrote to memory of 2384 1148 Chrome.exe 37
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"5⤵
- Loads dropped DLL
PID:2348 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"6⤵
- Loads dropped DLL
PID:1692 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"7⤵
- Loads dropped DLL
PID:1040 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"8⤵
- Loads dropped DLL
PID:2088 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"9⤵
- Loads dropped DLL
PID:2040 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"10⤵
- Loads dropped DLL
PID:588 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"11⤵
- Loads dropped DLL
PID:1984 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"12⤵
- Loads dropped DLL
PID:1332 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"13⤵
- Loads dropped DLL
PID:1912 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"14⤵
- Loads dropped DLL
PID:2292 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"15⤵
- Loads dropped DLL
PID:1536 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"16⤵
- Loads dropped DLL
PID:3064 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"17⤵
- Loads dropped DLL
PID:2504 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"18⤵
- Loads dropped DLL
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"19⤵
- Loads dropped DLL
PID:2152 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"20⤵
- Loads dropped DLL
PID:2568 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"21⤵
- Loads dropped DLL
PID:1620 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"22⤵
- Loads dropped DLL
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"23⤵PID:2820
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"24⤵PID:996
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"25⤵PID:1628
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"26⤵PID:1236
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"27⤵PID:448
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"28⤵PID:780
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"29⤵PID:684
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"30⤵PID:1704
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"31⤵PID:2188
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"32⤵PID:2548
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"33⤵PID:2848
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"34⤵PID:2036
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"35⤵PID:2540
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"36⤵PID:2444
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"37⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"38⤵PID:1840
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"39⤵PID:904
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"40⤵PID:1764
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"41⤵PID:3008
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"42⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"43⤵PID:1704
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"44⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"45⤵PID:2404
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"46⤵PID:2568
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"47⤵PID:2240
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"48⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"49⤵PID:2032
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"50⤵PID:2956
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"51⤵PID:1968
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"52⤵PID:1740
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"53⤵PID:2920
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"54⤵PID:1524
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"55⤵PID:1940
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"56⤵PID:2244
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"57⤵PID:2820
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"58⤵PID:2452
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"59⤵PID:588
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"60⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"61⤵PID:1424
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"62⤵PID:2916
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"63⤵PID:2484
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"64⤵PID:2492
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"65⤵PID:2316
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"66⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"67⤵PID:1536
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"68⤵PID:2172
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"69⤵PID:576
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"70⤵PID:1052
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"71⤵PID:2704
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"72⤵PID:1764
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"73⤵PID:960
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"74⤵PID:1324
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"75⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"76⤵PID:2600
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"77⤵PID:2472
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"78⤵PID:692
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"79⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"80⤵PID:2140
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"81⤵PID:1444
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"82⤵PID:2708
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"83⤵PID:1052
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"84⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"85⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"86⤵PID:2992
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"87⤵PID:2524
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"88⤵PID:2824
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"89⤵PID:1516
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"90⤵PID:1576
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"91⤵PID:1868
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"92⤵PID:876
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"93⤵PID:1580
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"94⤵PID:836
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"95⤵PID:1268
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"96⤵PID:2672
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"97⤵PID:1908
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"98⤵PID:1936
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"99⤵PID:2572
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"100⤵PID:2472
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"101⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"102⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"103⤵PID:2988
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"104⤵PID:2164
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"105⤵PID:2208
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"106⤵PID:380
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"107⤵PID:2948
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"108⤵PID:2428
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"109⤵PID:2868
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"110⤵PID:1468
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"111⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"112⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"113⤵PID:688
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"114⤵PID:1572
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"115⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"116⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"117⤵PID:2040
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"118⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"119⤵PID:2388
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"120⤵PID:1644
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"121⤵PID:1956
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-