Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/06/2024, 22:07
Behavioral task
behavioral1
Sample
534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe
Resource
win10v2004-20240508-en
General
-
Target
534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe
-
Size
434KB
-
MD5
c22fae3e176165bb781464732ef55aa7
-
SHA1
99aa81cf60e6e880e8a40c44d1046f7d69572ef7
-
SHA256
534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0
-
SHA512
c6da32d2ace083942bb0c76fa348d606560bfe5b103d9f715c0b534ecefbf441a7208265a77778699f40fe30b20b25a931a01332c3f6fbc141961e05f44be962
-
SSDEEP
12288:As3xSP86lNxuHwJhfLsLx69sarBP1pl5faX:AshSPwHwPExobD5fE
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2512-0-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x000b00000001424e-3.dat UPX behavioral1/memory/2512-10-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2348-12-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x00320000000144e4-16.dat UPX behavioral1/memory/2144-26-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2348-25-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x00320000000144f0-30.dat UPX behavioral1/memory/2144-38-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2700-39-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2700-51-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x00080000000146e6-49.dat UPX behavioral1/memory/2564-52-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x000700000001471d-56.dat UPX behavioral1/memory/2564-64-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2500-65-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0007000000014726-69.dat UPX behavioral1/memory/2312-78-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2500-77-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0007000000014857-82.dat UPX behavioral1/memory/2636-91-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2312-90-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0009000000014971-101.dat UPX behavioral1/memory/2636-103-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2240-104-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x000700000001568c-108.dat UPX behavioral1/memory/2240-114-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2000-116-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2632-129-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2000-128-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0006000000015be6-126.dat UPX behavioral1/memory/2632-140-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0006000000015ca6-141.dat UPX behavioral1/memory/1824-142-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0006000000015cba-146.dat UPX behavioral1/memory/1824-155-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0006000000015cd5-159.dat UPX behavioral1/memory/2360-168-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/668-171-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2360-165-0x0000000003B40000-0x0000000003C7B000-memory.dmp UPX behavioral1/files/0x0006000000015ce1-175.dat UPX behavioral1/memory/668-181-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0006000000015ceb-185.dat UPX behavioral1/memory/412-196-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/816-193-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/files/0x0006000000015d07-198.dat UPX behavioral1/memory/412-206-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/1532-207-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/1532-216-0x00000000038D0000-0x0000000003A0B000-memory.dmp UPX behavioral1/memory/1532-219-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/1032-217-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/1032-227-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/1368-229-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/308-239-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/1368-237-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/884-247-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/308-248-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2508-257-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/884-256-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2392-266-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2508-265-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2556-275-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2392-274-0x0000000000400000-0x000000000053B000-memory.dmp UPX behavioral1/memory/2556-283-0x0000000000400000-0x000000000053B000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2348 B7616.exe 2144 JR0RA.exe 2700 YFV66.exe 2564 92AC9.exe 2500 51IK5.exe 2312 471T0.exe 2636 89XG1.exe 2240 4B4K3.exe 2000 4R2N1.exe 2632 22J3A.exe 1824 49458.exe 2360 87566.exe 668 FE6V1.exe 816 LRO73.exe 412 3TC68.exe 1532 05KA8.exe 1032 BC0RP.exe 1368 N501I.exe 308 54AV4.exe 884 0BZ88.exe 2508 3O179.exe 2392 71UW0.exe 2556 Y13G0.exe 2292 4483E.exe 2688 5R445.exe 2476 980EV.exe 2444 OS938.exe 1280 A3GO2.exe 2664 8W0P9.exe 2312 R4EB2.exe 840 HV6RF.exe 2400 71N58.exe 1792 D81RV.exe 2676 6ITLY.exe 1672 488MI.exe 2496 3GP7J.exe 2964 L3Q8B.exe 1916 K2487.exe 1276 F7P43.exe 972 W8K56.exe 2380 E79A0.exe 1384 WC75J.exe 1524 G1824.exe 2524 1SH3D.exe 1872 7YRK9.exe 1804 B9IQD.exe 852 P6915.exe 2352 PRMCF.exe 308 506WW.exe 884 Q1JM5.exe 2332 PD2MO.exe 2576 W8414.exe 2532 I6GHW.exe 2760 2POR6.exe 2820 46Y10.exe 2592 10491.exe 3024 0A46D.exe 2640 K1PUR.exe 2644 28860.exe 2952 5KMDN.exe 1448 86P91.exe 1072 C801E.exe 2028 7LT1A.exe 2668 3F290.exe -
Loads dropped DLL 64 IoCs
pid Process 2512 534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe 2512 534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe 2348 B7616.exe 2348 B7616.exe 2144 JR0RA.exe 2144 JR0RA.exe 2700 YFV66.exe 2700 YFV66.exe 2564 92AC9.exe 2564 92AC9.exe 2500 51IK5.exe 2500 51IK5.exe 2312 471T0.exe 2312 471T0.exe 2636 89XG1.exe 2636 89XG1.exe 2240 4B4K3.exe 2240 4B4K3.exe 2000 4R2N1.exe 2000 4R2N1.exe 2632 22J3A.exe 2632 22J3A.exe 1824 49458.exe 1824 49458.exe 2360 87566.exe 2360 87566.exe 668 FE6V1.exe 668 FE6V1.exe 816 LRO73.exe 816 LRO73.exe 412 3TC68.exe 412 3TC68.exe 1532 05KA8.exe 1532 05KA8.exe 1032 BC0RP.exe 1032 BC0RP.exe 1368 N501I.exe 1368 N501I.exe 308 54AV4.exe 308 54AV4.exe 884 0BZ88.exe 884 0BZ88.exe 2508 3O179.exe 2508 3O179.exe 2392 71UW0.exe 2392 71UW0.exe 2556 Y13G0.exe 2556 Y13G0.exe 2292 4483E.exe 2292 4483E.exe 2688 5R445.exe 2688 5R445.exe 2476 980EV.exe 2476 980EV.exe 2444 OS938.exe 2444 OS938.exe 1280 A3GO2.exe 1280 A3GO2.exe 2664 8W0P9.exe 2664 8W0P9.exe 2312 R4EB2.exe 2312 R4EB2.exe 840 HV6RF.exe 840 HV6RF.exe -
resource yara_rule behavioral1/memory/2512-0-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x000b00000001424e-3.dat upx behavioral1/memory/2512-10-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2348-12-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x00320000000144e4-16.dat upx behavioral1/memory/2144-26-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2348-25-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x00320000000144f0-30.dat upx behavioral1/memory/2144-38-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2700-39-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2700-51-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x00080000000146e6-49.dat upx behavioral1/memory/2564-52-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x000700000001471d-56.dat upx behavioral1/memory/2564-64-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2500-65-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0007000000014726-69.dat upx behavioral1/memory/2312-78-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2500-77-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0007000000014857-82.dat upx behavioral1/memory/2636-91-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2312-90-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0009000000014971-101.dat upx behavioral1/memory/2636-103-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2240-104-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x000700000001568c-108.dat upx behavioral1/memory/2240-114-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2000-116-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2632-129-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2000-128-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0006000000015be6-126.dat upx behavioral1/memory/2632-140-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0006000000015ca6-141.dat upx behavioral1/memory/1824-142-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0006000000015cba-146.dat upx behavioral1/memory/1824-155-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0006000000015cd5-159.dat upx behavioral1/memory/2360-168-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/668-171-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2360-165-0x0000000003B40000-0x0000000003C7B000-memory.dmp upx behavioral1/files/0x0006000000015ce1-175.dat upx behavioral1/memory/668-181-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0006000000015ceb-185.dat upx behavioral1/memory/412-196-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/816-193-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/files/0x0006000000015d07-198.dat upx behavioral1/memory/412-206-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/1532-207-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/1532-216-0x00000000038D0000-0x0000000003A0B000-memory.dmp upx behavioral1/memory/1532-219-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/1032-217-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/1032-227-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/1368-229-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/308-239-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/1368-237-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/884-247-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/308-248-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2508-257-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/884-256-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2392-266-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2508-265-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2556-275-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2392-274-0x0000000000400000-0x000000000053B000-memory.dmp upx behavioral1/memory/2556-283-0x0000000000400000-0x000000000053B000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2512 534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe 2512 534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe 2348 B7616.exe 2348 B7616.exe 2144 JR0RA.exe 2144 JR0RA.exe 2700 YFV66.exe 2700 YFV66.exe 2564 92AC9.exe 2564 92AC9.exe 2500 51IK5.exe 2500 51IK5.exe 2312 471T0.exe 2312 471T0.exe 2636 89XG1.exe 2636 89XG1.exe 2240 4B4K3.exe 2240 4B4K3.exe 2000 4R2N1.exe 2000 4R2N1.exe 2632 22J3A.exe 2632 22J3A.exe 1824 49458.exe 1824 49458.exe 2360 87566.exe 2360 87566.exe 668 FE6V1.exe 668 FE6V1.exe 816 LRO73.exe 816 LRO73.exe 412 3TC68.exe 412 3TC68.exe 1532 05KA8.exe 1532 05KA8.exe 1032 BC0RP.exe 1032 BC0RP.exe 1368 N501I.exe 1368 N501I.exe 308 54AV4.exe 308 54AV4.exe 884 0BZ88.exe 884 0BZ88.exe 2508 3O179.exe 2508 3O179.exe 2392 71UW0.exe 2392 71UW0.exe 2556 Y13G0.exe 2556 Y13G0.exe 2292 4483E.exe 2292 4483E.exe 2688 5R445.exe 2688 5R445.exe 2476 980EV.exe 2476 980EV.exe 2444 OS938.exe 2444 OS938.exe 1280 A3GO2.exe 1280 A3GO2.exe 2664 8W0P9.exe 2664 8W0P9.exe 2312 R4EB2.exe 2312 R4EB2.exe 840 HV6RF.exe 840 HV6RF.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2348 2512 534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe 28 PID 2512 wrote to memory of 2348 2512 534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe 28 PID 2512 wrote to memory of 2348 2512 534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe 28 PID 2512 wrote to memory of 2348 2512 534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe 28 PID 2348 wrote to memory of 2144 2348 B7616.exe 29 PID 2348 wrote to memory of 2144 2348 B7616.exe 29 PID 2348 wrote to memory of 2144 2348 B7616.exe 29 PID 2348 wrote to memory of 2144 2348 B7616.exe 29 PID 2144 wrote to memory of 2700 2144 JR0RA.exe 30 PID 2144 wrote to memory of 2700 2144 JR0RA.exe 30 PID 2144 wrote to memory of 2700 2144 JR0RA.exe 30 PID 2144 wrote to memory of 2700 2144 JR0RA.exe 30 PID 2700 wrote to memory of 2564 2700 YFV66.exe 31 PID 2700 wrote to memory of 2564 2700 YFV66.exe 31 PID 2700 wrote to memory of 2564 2700 YFV66.exe 31 PID 2700 wrote to memory of 2564 2700 YFV66.exe 31 PID 2564 wrote to memory of 2500 2564 92AC9.exe 32 PID 2564 wrote to memory of 2500 2564 92AC9.exe 32 PID 2564 wrote to memory of 2500 2564 92AC9.exe 32 PID 2564 wrote to memory of 2500 2564 92AC9.exe 32 PID 2500 wrote to memory of 2312 2500 51IK5.exe 33 PID 2500 wrote to memory of 2312 2500 51IK5.exe 33 PID 2500 wrote to memory of 2312 2500 51IK5.exe 33 PID 2500 wrote to memory of 2312 2500 51IK5.exe 33 PID 2312 wrote to memory of 2636 2312 471T0.exe 34 PID 2312 wrote to memory of 2636 2312 471T0.exe 34 PID 2312 wrote to memory of 2636 2312 471T0.exe 34 PID 2312 wrote to memory of 2636 2312 471T0.exe 34 PID 2636 wrote to memory of 2240 2636 89XG1.exe 35 PID 2636 wrote to memory of 2240 2636 89XG1.exe 35 PID 2636 wrote to memory of 2240 2636 89XG1.exe 35 PID 2636 wrote to memory of 2240 2636 89XG1.exe 35 PID 2240 wrote to memory of 2000 2240 4B4K3.exe 36 PID 2240 wrote to memory of 2000 2240 4B4K3.exe 36 PID 2240 wrote to memory of 2000 2240 4B4K3.exe 36 PID 2240 wrote to memory of 2000 2240 4B4K3.exe 36 PID 2000 wrote to memory of 2632 2000 4R2N1.exe 37 PID 2000 wrote to memory of 2632 2000 4R2N1.exe 37 PID 2000 wrote to memory of 2632 2000 4R2N1.exe 37 PID 2000 wrote to memory of 2632 2000 4R2N1.exe 37 PID 2632 wrote to memory of 1824 2632 22J3A.exe 38 PID 2632 wrote to memory of 1824 2632 22J3A.exe 38 PID 2632 wrote to memory of 1824 2632 22J3A.exe 38 PID 2632 wrote to memory of 1824 2632 22J3A.exe 38 PID 1824 wrote to memory of 2360 1824 49458.exe 39 PID 1824 wrote to memory of 2360 1824 49458.exe 39 PID 1824 wrote to memory of 2360 1824 49458.exe 39 PID 1824 wrote to memory of 2360 1824 49458.exe 39 PID 2360 wrote to memory of 668 2360 87566.exe 40 PID 2360 wrote to memory of 668 2360 87566.exe 40 PID 2360 wrote to memory of 668 2360 87566.exe 40 PID 2360 wrote to memory of 668 2360 87566.exe 40 PID 668 wrote to memory of 816 668 FE6V1.exe 41 PID 668 wrote to memory of 816 668 FE6V1.exe 41 PID 668 wrote to memory of 816 668 FE6V1.exe 41 PID 668 wrote to memory of 816 668 FE6V1.exe 41 PID 816 wrote to memory of 412 816 LRO73.exe 42 PID 816 wrote to memory of 412 816 LRO73.exe 42 PID 816 wrote to memory of 412 816 LRO73.exe 42 PID 816 wrote to memory of 412 816 LRO73.exe 42 PID 412 wrote to memory of 1532 412 3TC68.exe 43 PID 412 wrote to memory of 1532 412 3TC68.exe 43 PID 412 wrote to memory of 1532 412 3TC68.exe 43 PID 412 wrote to memory of 1532 412 3TC68.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe"C:\Users\Admin\AppData\Local\Temp\534fbe9fea18d4a4ca569cb47da606f0331f1374080f3a0a997317b38c2149c0.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Users\Admin\AppData\Local\Temp\B7616.exe"C:\Users\Admin\AppData\Local\Temp\B7616.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Users\Admin\AppData\Local\Temp\JR0RA.exe"C:\Users\Admin\AppData\Local\Temp\JR0RA.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Users\Admin\AppData\Local\Temp\YFV66.exe"C:\Users\Admin\AppData\Local\Temp\YFV66.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Users\Admin\AppData\Local\Temp\92AC9.exe"C:\Users\Admin\AppData\Local\Temp\92AC9.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Users\Admin\AppData\Local\Temp\51IK5.exe"C:\Users\Admin\AppData\Local\Temp\51IK5.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Users\Admin\AppData\Local\Temp\471T0.exe"C:\Users\Admin\AppData\Local\Temp\471T0.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Users\Admin\AppData\Local\Temp\89XG1.exe"C:\Users\Admin\AppData\Local\Temp\89XG1.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636 -
C:\Users\Admin\AppData\Local\Temp\4B4K3.exe"C:\Users\Admin\AppData\Local\Temp\4B4K3.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\4R2N1.exe"C:\Users\Admin\AppData\Local\Temp\4R2N1.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\22J3A.exe"C:\Users\Admin\AppData\Local\Temp\22J3A.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Users\Admin\AppData\Local\Temp\49458.exe"C:\Users\Admin\AppData\Local\Temp\49458.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1824 -
C:\Users\Admin\AppData\Local\Temp\87566.exe"C:\Users\Admin\AppData\Local\Temp\87566.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Users\Admin\AppData\Local\Temp\FE6V1.exe"C:\Users\Admin\AppData\Local\Temp\FE6V1.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:668 -
C:\Users\Admin\AppData\Local\Temp\LRO73.exe"C:\Users\Admin\AppData\Local\Temp\LRO73.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:816 -
C:\Users\Admin\AppData\Local\Temp\3TC68.exe"C:\Users\Admin\AppData\Local\Temp\3TC68.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:412 -
C:\Users\Admin\AppData\Local\Temp\05KA8.exe"C:\Users\Admin\AppData\Local\Temp\05KA8.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1532 -
C:\Users\Admin\AppData\Local\Temp\BC0RP.exe"C:\Users\Admin\AppData\Local\Temp\BC0RP.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1032 -
C:\Users\Admin\AppData\Local\Temp\N501I.exe"C:\Users\Admin\AppData\Local\Temp\N501I.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1368 -
C:\Users\Admin\AppData\Local\Temp\54AV4.exe"C:\Users\Admin\AppData\Local\Temp\54AV4.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:308 -
C:\Users\Admin\AppData\Local\Temp\0BZ88.exe"C:\Users\Admin\AppData\Local\Temp\0BZ88.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:884 -
C:\Users\Admin\AppData\Local\Temp\3O179.exe"C:\Users\Admin\AppData\Local\Temp\3O179.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2508 -
C:\Users\Admin\AppData\Local\Temp\71UW0.exe"C:\Users\Admin\AppData\Local\Temp\71UW0.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2392 -
C:\Users\Admin\AppData\Local\Temp\Y13G0.exe"C:\Users\Admin\AppData\Local\Temp\Y13G0.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2556 -
C:\Users\Admin\AppData\Local\Temp\4483E.exe"C:\Users\Admin\AppData\Local\Temp\4483E.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2292 -
C:\Users\Admin\AppData\Local\Temp\5R445.exe"C:\Users\Admin\AppData\Local\Temp\5R445.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2688 -
C:\Users\Admin\AppData\Local\Temp\980EV.exe"C:\Users\Admin\AppData\Local\Temp\980EV.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\OS938.exe"C:\Users\Admin\AppData\Local\Temp\OS938.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2444 -
C:\Users\Admin\AppData\Local\Temp\A3GO2.exe"C:\Users\Admin\AppData\Local\Temp\A3GO2.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1280 -
C:\Users\Admin\AppData\Local\Temp\8W0P9.exe"C:\Users\Admin\AppData\Local\Temp\8W0P9.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2664 -
C:\Users\Admin\AppData\Local\Temp\R4EB2.exe"C:\Users\Admin\AppData\Local\Temp\R4EB2.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2312 -
C:\Users\Admin\AppData\Local\Temp\HV6RF.exe"C:\Users\Admin\AppData\Local\Temp\HV6RF.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:840 -
C:\Users\Admin\AppData\Local\Temp\71N58.exe"C:\Users\Admin\AppData\Local\Temp\71N58.exe"33⤵
- Executes dropped EXE
PID:2400 -
C:\Users\Admin\AppData\Local\Temp\D81RV.exe"C:\Users\Admin\AppData\Local\Temp\D81RV.exe"34⤵
- Executes dropped EXE
PID:1792 -
C:\Users\Admin\AppData\Local\Temp\6ITLY.exe"C:\Users\Admin\AppData\Local\Temp\6ITLY.exe"35⤵
- Executes dropped EXE
PID:2676 -
C:\Users\Admin\AppData\Local\Temp\488MI.exe"C:\Users\Admin\AppData\Local\Temp\488MI.exe"36⤵
- Executes dropped EXE
PID:1672 -
C:\Users\Admin\AppData\Local\Temp\3GP7J.exe"C:\Users\Admin\AppData\Local\Temp\3GP7J.exe"37⤵
- Executes dropped EXE
PID:2496 -
C:\Users\Admin\AppData\Local\Temp\L3Q8B.exe"C:\Users\Admin\AppData\Local\Temp\L3Q8B.exe"38⤵
- Executes dropped EXE
PID:2964 -
C:\Users\Admin\AppData\Local\Temp\K2487.exe"C:\Users\Admin\AppData\Local\Temp\K2487.exe"39⤵
- Executes dropped EXE
PID:1916 -
C:\Users\Admin\AppData\Local\Temp\F7P43.exe"C:\Users\Admin\AppData\Local\Temp\F7P43.exe"40⤵
- Executes dropped EXE
PID:1276 -
C:\Users\Admin\AppData\Local\Temp\W8K56.exe"C:\Users\Admin\AppData\Local\Temp\W8K56.exe"41⤵
- Executes dropped EXE
PID:972 -
C:\Users\Admin\AppData\Local\Temp\E79A0.exe"C:\Users\Admin\AppData\Local\Temp\E79A0.exe"42⤵
- Executes dropped EXE
PID:2380 -
C:\Users\Admin\AppData\Local\Temp\WC75J.exe"C:\Users\Admin\AppData\Local\Temp\WC75J.exe"43⤵
- Executes dropped EXE
PID:1384 -
C:\Users\Admin\AppData\Local\Temp\G1824.exe"C:\Users\Admin\AppData\Local\Temp\G1824.exe"44⤵
- Executes dropped EXE
PID:1524 -
C:\Users\Admin\AppData\Local\Temp\1SH3D.exe"C:\Users\Admin\AppData\Local\Temp\1SH3D.exe"45⤵
- Executes dropped EXE
PID:2524 -
C:\Users\Admin\AppData\Local\Temp\7YRK9.exe"C:\Users\Admin\AppData\Local\Temp\7YRK9.exe"46⤵
- Executes dropped EXE
PID:1872 -
C:\Users\Admin\AppData\Local\Temp\B9IQD.exe"C:\Users\Admin\AppData\Local\Temp\B9IQD.exe"47⤵
- Executes dropped EXE
PID:1804 -
C:\Users\Admin\AppData\Local\Temp\P6915.exe"C:\Users\Admin\AppData\Local\Temp\P6915.exe"48⤵
- Executes dropped EXE
PID:852 -
C:\Users\Admin\AppData\Local\Temp\PRMCF.exe"C:\Users\Admin\AppData\Local\Temp\PRMCF.exe"49⤵
- Executes dropped EXE
PID:2352 -
C:\Users\Admin\AppData\Local\Temp\506WW.exe"C:\Users\Admin\AppData\Local\Temp\506WW.exe"50⤵
- Executes dropped EXE
PID:308 -
C:\Users\Admin\AppData\Local\Temp\Q1JM5.exe"C:\Users\Admin\AppData\Local\Temp\Q1JM5.exe"51⤵
- Executes dropped EXE
PID:884 -
C:\Users\Admin\AppData\Local\Temp\PD2MO.exe"C:\Users\Admin\AppData\Local\Temp\PD2MO.exe"52⤵
- Executes dropped EXE
PID:2332 -
C:\Users\Admin\AppData\Local\Temp\W8414.exe"C:\Users\Admin\AppData\Local\Temp\W8414.exe"53⤵
- Executes dropped EXE
PID:2576 -
C:\Users\Admin\AppData\Local\Temp\I6GHW.exe"C:\Users\Admin\AppData\Local\Temp\I6GHW.exe"54⤵
- Executes dropped EXE
PID:2532 -
C:\Users\Admin\AppData\Local\Temp\2POR6.exe"C:\Users\Admin\AppData\Local\Temp\2POR6.exe"55⤵
- Executes dropped EXE
PID:2760 -
C:\Users\Admin\AppData\Local\Temp\46Y10.exe"C:\Users\Admin\AppData\Local\Temp\46Y10.exe"56⤵
- Executes dropped EXE
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\10491.exe"C:\Users\Admin\AppData\Local\Temp\10491.exe"57⤵
- Executes dropped EXE
PID:2592 -
C:\Users\Admin\AppData\Local\Temp\0A46D.exe"C:\Users\Admin\AppData\Local\Temp\0A46D.exe"58⤵
- Executes dropped EXE
PID:3024 -
C:\Users\Admin\AppData\Local\Temp\K1PUR.exe"C:\Users\Admin\AppData\Local\Temp\K1PUR.exe"59⤵
- Executes dropped EXE
PID:2640 -
C:\Users\Admin\AppData\Local\Temp\28860.exe"C:\Users\Admin\AppData\Local\Temp\28860.exe"60⤵
- Executes dropped EXE
PID:2644 -
C:\Users\Admin\AppData\Local\Temp\5KMDN.exe"C:\Users\Admin\AppData\Local\Temp\5KMDN.exe"61⤵
- Executes dropped EXE
PID:2952 -
C:\Users\Admin\AppData\Local\Temp\86P91.exe"C:\Users\Admin\AppData\Local\Temp\86P91.exe"62⤵
- Executes dropped EXE
PID:1448 -
C:\Users\Admin\AppData\Local\Temp\C801E.exe"C:\Users\Admin\AppData\Local\Temp\C801E.exe"63⤵
- Executes dropped EXE
PID:1072 -
C:\Users\Admin\AppData\Local\Temp\7LT1A.exe"C:\Users\Admin\AppData\Local\Temp\7LT1A.exe"64⤵
- Executes dropped EXE
PID:2028 -
C:\Users\Admin\AppData\Local\Temp\3F290.exe"C:\Users\Admin\AppData\Local\Temp\3F290.exe"65⤵
- Executes dropped EXE
PID:2668 -
C:\Users\Admin\AppData\Local\Temp\014P9.exe"C:\Users\Admin\AppData\Local\Temp\014P9.exe"66⤵PID:2956
-
C:\Users\Admin\AppData\Local\Temp\D48EN.exe"C:\Users\Admin\AppData\Local\Temp\D48EN.exe"67⤵PID:3008
-
C:\Users\Admin\AppData\Local\Temp\5FHPD.exe"C:\Users\Admin\AppData\Local\Temp\5FHPD.exe"68⤵PID:1440
-
C:\Users\Admin\AppData\Local\Temp\T1I2D.exe"C:\Users\Admin\AppData\Local\Temp\T1I2D.exe"69⤵PID:1364
-
C:\Users\Admin\AppData\Local\Temp\9U909.exe"C:\Users\Admin\AppData\Local\Temp\9U909.exe"70⤵PID:1304
-
C:\Users\Admin\AppData\Local\Temp\3M130.exe"C:\Users\Admin\AppData\Local\Temp\3M130.exe"71⤵PID:996
-
C:\Users\Admin\AppData\Local\Temp\05D9M.exe"C:\Users\Admin\AppData\Local\Temp\05D9M.exe"72⤵PID:2132
-
C:\Users\Admin\AppData\Local\Temp\4W7QS.exe"C:\Users\Admin\AppData\Local\Temp\4W7QS.exe"73⤵PID:1764
-
C:\Users\Admin\AppData\Local\Temp\1WPU0.exe"C:\Users\Admin\AppData\Local\Temp\1WPU0.exe"74⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\XQGFO.exe"C:\Users\Admin\AppData\Local\Temp\XQGFO.exe"75⤵PID:1172
-
C:\Users\Admin\AppData\Local\Temp\9KO73.exe"C:\Users\Admin\AppData\Local\Temp\9KO73.exe"76⤵PID:1936
-
C:\Users\Admin\AppData\Local\Temp\2O43Z.exe"C:\Users\Admin\AppData\Local\Temp\2O43Z.exe"77⤵PID:1724
-
C:\Users\Admin\AppData\Local\Temp\KHKV6.exe"C:\Users\Admin\AppData\Local\Temp\KHKV6.exe"78⤵PID:1368
-
C:\Users\Admin\AppData\Local\Temp\CBG51.exe"C:\Users\Admin\AppData\Local\Temp\CBG51.exe"79⤵PID:672
-
C:\Users\Admin\AppData\Local\Temp\2GQXM.exe"C:\Users\Admin\AppData\Local\Temp\2GQXM.exe"80⤵PID:320
-
C:\Users\Admin\AppData\Local\Temp\I862F.exe"C:\Users\Admin\AppData\Local\Temp\I862F.exe"81⤵PID:868
-
C:\Users\Admin\AppData\Local\Temp\D06E0.exe"C:\Users\Admin\AppData\Local\Temp\D06E0.exe"82⤵PID:884
-
C:\Users\Admin\AppData\Local\Temp\4JKYV.exe"C:\Users\Admin\AppData\Local\Temp\4JKYV.exe"83⤵PID:2720
-
C:\Users\Admin\AppData\Local\Temp\D97Z5.exe"C:\Users\Admin\AppData\Local\Temp\D97Z5.exe"84⤵PID:2576
-
C:\Users\Admin\AppData\Local\Temp\50261.exe"C:\Users\Admin\AppData\Local\Temp\50261.exe"85⤵PID:2456
-
C:\Users\Admin\AppData\Local\Temp\3GTP6.exe"C:\Users\Admin\AppData\Local\Temp\3GTP6.exe"86⤵PID:2296
-
C:\Users\Admin\AppData\Local\Temp\930R6.exe"C:\Users\Admin\AppData\Local\Temp\930R6.exe"87⤵PID:2820
-
C:\Users\Admin\AppData\Local\Temp\U7H6O.exe"C:\Users\Admin\AppData\Local\Temp\U7H6O.exe"88⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\75337.exe"C:\Users\Admin\AppData\Local\Temp\75337.exe"89⤵PID:2500
-
C:\Users\Admin\AppData\Local\Temp\FSO2V.exe"C:\Users\Admin\AppData\Local\Temp\FSO2V.exe"90⤵PID:2776
-
C:\Users\Admin\AppData\Local\Temp\8NBB7.exe"C:\Users\Admin\AppData\Local\Temp\8NBB7.exe"91⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\EZRNG.exe"C:\Users\Admin\AppData\Local\Temp\EZRNG.exe"92⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\124VS.exe"C:\Users\Admin\AppData\Local\Temp\124VS.exe"93⤵PID:1740
-
C:\Users\Admin\AppData\Local\Temp\Q8W19.exe"C:\Users\Admin\AppData\Local\Temp\Q8W19.exe"94⤵PID:2528
-
C:\Users\Admin\AppData\Local\Temp\N339N.exe"C:\Users\Admin\AppData\Local\Temp\N339N.exe"95⤵PID:1636
-
C:\Users\Admin\AppData\Local\Temp\62R69.exe"C:\Users\Admin\AppData\Local\Temp\62R69.exe"96⤵PID:2320
-
C:\Users\Admin\AppData\Local\Temp\IKO79.exe"C:\Users\Admin\AppData\Local\Temp\IKO79.exe"97⤵PID:2940
-
C:\Users\Admin\AppData\Local\Temp\JZ893.exe"C:\Users\Admin\AppData\Local\Temp\JZ893.exe"98⤵PID:1284
-
C:\Users\Admin\AppData\Local\Temp\M7U35.exe"C:\Users\Admin\AppData\Local\Temp\M7U35.exe"99⤵PID:1440
-
C:\Users\Admin\AppData\Local\Temp\131MM.exe"C:\Users\Admin\AppData\Local\Temp\131MM.exe"100⤵PID:1104
-
C:\Users\Admin\AppData\Local\Temp\59C5T.exe"C:\Users\Admin\AppData\Local\Temp\59C5T.exe"101⤵PID:2960
-
C:\Users\Admin\AppData\Local\Temp\V0SG6.exe"C:\Users\Admin\AppData\Local\Temp\V0SG6.exe"102⤵PID:948
-
C:\Users\Admin\AppData\Local\Temp\57920.exe"C:\Users\Admin\AppData\Local\Temp\57920.exe"103⤵PID:1252
-
C:\Users\Admin\AppData\Local\Temp\87014.exe"C:\Users\Admin\AppData\Local\Temp\87014.exe"104⤵PID:1660
-
C:\Users\Admin\AppData\Local\Temp\62QDF.exe"C:\Users\Admin\AppData\Local\Temp\62QDF.exe"105⤵PID:2168
-
C:\Users\Admin\AppData\Local\Temp\327I8.exe"C:\Users\Admin\AppData\Local\Temp\327I8.exe"106⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\TRIS5.exe"C:\Users\Admin\AppData\Local\Temp\TRIS5.exe"107⤵PID:1936
-
C:\Users\Admin\AppData\Local\Temp\C8K9O.exe"C:\Users\Admin\AppData\Local\Temp\C8K9O.exe"108⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\D5JK1.exe"C:\Users\Admin\AppData\Local\Temp\D5JK1.exe"109⤵PID:572
-
C:\Users\Admin\AppData\Local\Temp\LAPW5.exe"C:\Users\Admin\AppData\Local\Temp\LAPW5.exe"110⤵PID:1756
-
C:\Users\Admin\AppData\Local\Temp\B65C6.exe"C:\Users\Admin\AppData\Local\Temp\B65C6.exe"111⤵PID:1932
-
C:\Users\Admin\AppData\Local\Temp\V627R.exe"C:\Users\Admin\AppData\Local\Temp\V627R.exe"112⤵PID:2712
-
C:\Users\Admin\AppData\Local\Temp\Y2LIN.exe"C:\Users\Admin\AppData\Local\Temp\Y2LIN.exe"113⤵PID:2224
-
C:\Users\Admin\AppData\Local\Temp\HRX05.exe"C:\Users\Admin\AppData\Local\Temp\HRX05.exe"114⤵PID:2144
-
C:\Users\Admin\AppData\Local\Temp\21DZM.exe"C:\Users\Admin\AppData\Local\Temp\21DZM.exe"115⤵PID:2616
-
C:\Users\Admin\AppData\Local\Temp\GU113.exe"C:\Users\Admin\AppData\Local\Temp\GU113.exe"116⤵PID:2208
-
C:\Users\Admin\AppData\Local\Temp\ZTSOA.exe"C:\Users\Admin\AppData\Local\Temp\ZTSOA.exe"117⤵PID:1736
-
C:\Users\Admin\AppData\Local\Temp\T7X03.exe"C:\Users\Admin\AppData\Local\Temp\T7X03.exe"118⤵PID:2444
-
C:\Users\Admin\AppData\Local\Temp\JC0B7.exe"C:\Users\Admin\AppData\Local\Temp\JC0B7.exe"119⤵PID:3024
-
C:\Users\Admin\AppData\Local\Temp\1PBXY.exe"C:\Users\Admin\AppData\Local\Temp\1PBXY.exe"120⤵PID:1904
-
C:\Users\Admin\AppData\Local\Temp\8Z36L.exe"C:\Users\Admin\AppData\Local\Temp\8Z36L.exe"121⤵PID:2816
-
C:\Users\Admin\AppData\Local\Temp\X6GR8.exe"C:\Users\Admin\AppData\Local\Temp\X6GR8.exe"122⤵PID:2952
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-