Malware Analysis Report

2024-11-13 17:39

Sample ID 241106-x1vegawdlh
Target 057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf
SHA256 057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf
Tags
guloader discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf

Threat Level: Known bad

The file 057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf was found to be: Known bad.

Malicious Activity Summary

guloader discovery downloader

Guloader,Cloudeye

Guloader family

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Program crash

NSIS installer

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-06 19:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-06 19:19

Reported

2024-11-06 19:22

Platform

win7-20241010-en

Max time kernel

141s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe"

Signatures

Guloader family

guloader

Guloader,Cloudeye

downloader guloader

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\oecus\svante.Eft C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\resources\sankthansaftnerne\clodpoll.saf C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2880 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe
PID 2880 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe
PID 2880 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe
PID 2880 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe
PID 2880 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe
PID 2880 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe
PID 2552 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Windows\SysWOW64\WerFault.exe
PID 2552 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Windows\SysWOW64\WerFault.exe
PID 2552 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Windows\SysWOW64\WerFault.exe
PID 2552 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe C:\Windows\SysWOW64\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe

"C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe"

C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe

"C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 68

Network

Country Destination Domain Proto
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.206:443 drive.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com tcp

Files

C:\Users\Admin\Desktop\peripheries.lnk

MD5 1b5dba842f7f0d5f0a1c9fdfb670bfa8
SHA1 9dd9bf5e0eb756ab8dbdec0869b6b156700fc5bd
SHA256 3cdd4d8bb60d898851735427e4ea085161c09194da3dec593c1868cf59dbcebd
SHA512 f7bb2b820bfb352e769dc5991c13b769cc57d5e7c039cfccc223b90cc3c4068b70606ed210be80cb3441061c6c417bea788c03fb2cfc5ac3c5db7c6f741a59de

C:\Users\Admin\Desktop\peripheries.lnk

MD5 35051d8132b702d06ae92d716daa8325
SHA1 d780139bce873b9cea9f3d067d03dd0e2e43dc28
SHA256 8913c70de6fb9f789eb8c7c214d1ec534b2463173d634b57bb730fb931d04839
SHA512 afa2bc9a7b6aef6d9d10d94bf2530bf17e5681b863ba89e73a19a6181a569d2711b5cabf9bb7efae57a73aab9c7e1d43277a752a7637aa4477455d5de14f3aa6

\Users\Admin\AppData\Local\Temp\nst3850.tmp\System.dll

MD5 cf85183b87314359488b850f9e97a698
SHA1 6b6c790037eec7ebea4d05590359cb4473f19aea
SHA256 3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac
SHA512 fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b

memory/2880-24644-0x0000000002EE0000-0x000000000474B000-memory.dmp

memory/2880-24645-0x0000000002EE0000-0x000000000474B000-memory.dmp

memory/2880-24646-0x0000000077BD1000-0x0000000077CD2000-memory.dmp

memory/2880-24647-0x0000000077BD0000-0x0000000077D79000-memory.dmp

memory/2880-24648-0x0000000002EE0000-0x000000000474B000-memory.dmp

memory/2552-24650-0x0000000077BD0000-0x0000000077D79000-memory.dmp

memory/2552-24649-0x0000000000400000-0x0000000001462000-memory.dmp

memory/2552-24673-0x0000000000400000-0x0000000001462000-memory.dmp

memory/2552-24674-0x0000000000400000-0x0000000001462000-memory.dmp

memory/2552-24676-0x0000000000400000-0x0000000001462000-memory.dmp

memory/2552-24675-0x0000000000400000-0x0000000001462000-memory.dmp

memory/2552-24677-0x0000000000400000-0x0000000001462000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-06 19:19

Reported

2024-11-06 19:26

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe"

Signatures

Guloader family

guloader

Guloader,Cloudeye

downloader guloader

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\oecus\svante.Eft C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\resources\sankthansaftnerne\clodpoll.saf C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe

"C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe"

C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe

"C:\Users\Admin\AppData\Local\Temp\057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3356 -ip 3356

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 1664

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.206:443 drive.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.195:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp

Files

C:\Users\Admin\Desktop\peripheries.lnk

MD5 9cab0663473a9a6a7f89882576d4d96d
SHA1 203d54f70fa848c657d253665069161d834a13d2
SHA256 0bf6bf3ecffd712beeab81906f2ca334961a75d8a73dacfcd7740d43df0cf319
SHA512 f9b1b22cf23afbc38a0b8c2173bce1a76604d6b19bdc18580f9f2bb896465cf0c3e3f127d8943e7a359a94eace323ed36bc2ccba97a069e815bbe50eef91ad94

C:\Users\Admin\Desktop\peripheries.lnk

MD5 9c2c25f5678f37ccb518d4982267af56
SHA1 c2056c5e49bd0a99d9775e38c55d4d168d3413ca
SHA256 3190dc4b00e8eddc98fe87338ec19403cec90de198a99cc1980a5808fd48f691
SHA512 4c34c004240092cb70a4a9cb5080f65e321e5d88b86170a9cbed682f29336259b6bc3e1b07e7e4f75daadef1b79d546ea3891249d71d40748b9675ddbb6c3ae7

C:\Users\Admin\AppData\Local\Temp\nsgA307.tmp\System.dll

MD5 cf85183b87314359488b850f9e97a698
SHA1 6b6c790037eec7ebea4d05590359cb4473f19aea
SHA256 3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac
SHA512 fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b

memory/1396-24644-0x00000000032E0000-0x0000000004B4B000-memory.dmp

memory/1396-24645-0x00000000032E0000-0x0000000004B4B000-memory.dmp

memory/1396-24648-0x0000000010000000-0x0000000010006000-memory.dmp

memory/1396-24647-0x0000000010004000-0x0000000010005000-memory.dmp

memory/1396-24646-0x0000000077A51000-0x0000000077B71000-memory.dmp

memory/1396-24649-0x00000000032E0000-0x0000000004B4B000-memory.dmp

memory/3356-24650-0x0000000000400000-0x0000000001654000-memory.dmp

memory/3356-24651-0x0000000001660000-0x0000000002ECB000-memory.dmp

memory/3356-24652-0x0000000077AD8000-0x0000000077AD9000-memory.dmp

memory/3356-24653-0x0000000077AF5000-0x0000000077AF6000-memory.dmp

memory/3356-24663-0x0000000001660000-0x0000000002ECB000-memory.dmp

memory/3356-24669-0x0000000000401000-0x0000000000404000-memory.dmp

memory/3356-24667-0x0000000000400000-0x0000000001654000-memory.dmp

memory/3356-24668-0x0000000000400000-0x0000000001654000-memory.dmp

memory/3356-24670-0x0000000077A51000-0x0000000077B71000-memory.dmp

memory/3356-24671-0x0000000000400000-0x0000000001654000-memory.dmp

memory/3356-24672-0x0000000000401000-0x0000000000404000-memory.dmp

memory/3356-24673-0x0000000000400000-0x0000000001654000-memory.dmp

memory/3356-24674-0x0000000000400000-0x0000000001654000-memory.dmp

memory/3356-24675-0x0000000000400000-0x0000000001654000-memory.dmp

memory/3356-24676-0x0000000001660000-0x0000000002ECB000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-06 19:19

Reported

2024-11-06 19:23

Platform

win7-20241010-en

Max time kernel

13s

Max time network

19s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 228

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-06 19:19

Reported

2024-11-06 19:26

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

160s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2544 wrote to memory of 1300 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2544 wrote to memory of 1300 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2544 wrote to memory of 1300 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1300 -ip 1300

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 620

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp

Files

N/A