meduza

Sharing

Copy URL

Twitter E-mail

General

Target

Crosshair-X.rar
Size

22.5MB
Sample

241110-k3s8zatjex
MD5

550d99966f776df5a4bcaf5fbeda7eb8
SHA1

2f38b80de6b9968b8d5a8974e99188f310a63577
SHA256

ea6d08a9b5f2f4dc3b8f6eecfa39cc2b0c29fe33b84fbc57460e8cf2efaeea30
SHA512

694d876065e9ff55720a61188d54ca9d0f3a2d76bc9d014bce5fbffe26c5e12aba55a50080c660d23867797f25713de5164e736fbd4b06bcafc2dfdd14b0a71e
SSDEEP

393216:C+HbwC742kXV0z4e3lHJuPLApQXKjDedMvQV1O9YJao4/F/8RTQ/jbsb/:VH97nkl0z4kuTSQXKjuMvA1CYYok8RT3

Score

10^/10

Malware Config

Extracted

Family

meduza

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
665
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Targets

- Target
  
  Crosshair-X/.eslintrc.js
- Size
  
  1KB
- MD5
  
  fb71d76bdf761e6546f654210437a945
- SHA1
  
  11c66d27f5235879b103c2ca0cbdf30bae7dc073
- SHA256
  
  879ef141f617f950d748509e94f05e6a8d872eb349d2dd994ac47d8e46b4bc46
- SHA512
  
  bf157cddd1fbfe76e194a4fd36f5c1507cc495f5866797613491a76fc34848fab64685351c485381d60f7cb2ef95c9d88cc114f69e589bc3cebffdb402d9ff63
Score

3^/10

execution
behavioral1
- Target
  
  Crosshair-X/.github/workflows/crossover-ci.yml
- Size
  
  4KB
- MD5
  
  d97a0eb3d15595c19415a6263737ff31
- SHA1
  
  a87d0e9f45119a80de94f8bea233a877aed8ec7c
- SHA256
  
  cd6e9f71ad2e40ff09bb8a5a7764e5b416394500cf67f7d594b005f29f3d275b
- SHA512
  
  b6b8e13e32ba29b45e077e213184432a29e3ec20f2a68c8fd90e5ab8c4544ac8fce888754133994958dfa0c2594c96ed81e25b6f8be6fbd731a68e1987c5dce1
- SSDEEP
  
  48:n5KANiw69mXqt0dyP5keIIRG5EVL/xmMzPUKWJzjgOE3Lt6dyWnn7ibOkylxnR6T:5yuyDc+WnnrrzyvquN
Score

3^/10

execution
behavioral2
- Target
  
  Crosshair-X/Crosshair-X.exe
- Size
  
  3.6MB
- MD5
  
  979f82f61cbec2d6a3612f31c48c1e68
- SHA1
  
  dd201171c887c24563736d759e80ff4a804f6058
- SHA256
  
  25bb8fb4cf7b57c2b1cea335f113ade65f33b5e797f1f5ce973ad4a9fd0d9cf6
- SHA512
  
  93d52fbd30adce86789bda8b76361ee902f2813bf35d399c1ca3b6f035a7c300d2323b732b5926ffb4567043170a07465dd1f9a57e28bcaa2ec6d5169bc90cb5
- SSDEEP
  
  24576:bw317sPycp8nCB3Cfk4B48vPEcGF5fKn3PT2lr/lmqeHsJpHLm5RUefngd1t0XQ1:bByPnICXr4Kf82ElmT7HA4pP8
Score

10^/10

meduza collection discovery spyware stealer
- Meduza
  Meduza is a crypto wallet and info stealer written in C++.
  stealer meduza
- Meduza Stealer payload
- Meduza family
  meduza
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  Crosshair-X/index.js
- Size
  
  859B
- MD5
  
  55be8b0ebb46aac7328636c61863f76e
- SHA1
  
  364ee737196aa2fd58ab5bcf620e781c8fe0b93f
- SHA256
  
  b7398611a3cd78de6a79e546e84c5585d185a7658b61661b5051aabcf1495782
- SHA512
  
  69f31881108e9354720099799daf822814c12867d7d1d0b504b3f087f3ade7060c2d4b639f3bf030f54d942f721f3d3231da54e91f2612a1288035bc78526c8d
Score

3^/10

execution
behavioral4
- Target
  
  Crosshair-X/src/config/config.js
- Size
  
  1KB
- MD5
  
  2265a4a1c029a3ab964075320b235db5
- SHA1
  
  2cb408f709e15da4a18d4b5c3291b1a2746eff24
- SHA256
  
  ebaa4064e5af2f206ba445b7f4ad3257c431a04d5ad914e0486a4b309d9ffb5f
- SHA512
  
  a03949b5e1ce58296a0b06751f7b66472191dc0b26dfd7ecc6486085c684a64ed973b69cdfe043ab3d8f4182e65cbc6108a7f8978338fcbe859986f08b9a1c23
Score

3^/10

execution
behavioral5
- Target
  
  Crosshair-X/src/config/exit-codes.js
- Size
  
  199B
- MD5
  
  ad7efa05dd922f07823fb1e8e34c8baf
- SHA1
  
  6ef02b4689b525ef91e8025c6b5398043d1bc561
- SHA256
  
  41938482318d151c48a4bf602749417ef6b949c12b74d597d5028ee9d387728c
- SHA512
  
  44ff43adc9cb02cd13520466f051659b7e8327697d2306e8371ad71e137e566426eaf7b0a055541643541e786c8b99016ab1acd559ec1e655810226ade7470df
Score

3^/10

execution
behavioral6
- Target
  
  Crosshair-X/src/config/index.js
- Size
  
  225B
- MD5
  
  2713cfb0f081a4539857c7284346eb94
- SHA1
  
  924501cb9cb9f8fab18d4b70e19efc28efdab99d
- SHA256
  
  476cc845951e34390462857b7baea8db023c51677fcd2e3c811034f5c2ffe801
- SHA512
  
  e0cc489f379cd9b0ca34f5bfbf31312bd1b924a49d28357922036a546502677fcc2e9294d0df8eab441c94b59e849942fa6dacbdc12471dc95ea330576f059da
Score

3^/10

execution
behavioral7
- Target
  
  Crosshair-X/src/config/keycode.js
- Size
  
  1KB
- MD5
  
  9db85691b11141eb6b1785577b6560f7
- SHA1
  
  8f8ab58d0431764aca80a13bad424e5e18473737
- SHA256
  
  d3678e159d022a31101424b67310bb1214c9821e65a334fd96c8c91ad2a49267
- SHA512
  
  496a21cb636cfb7fc1849680cf398574d6031b1f0b6da6baa21e9d5021009752c4432c7799a312e27fc849f34e38db751444ed1548ea8d5842e9ca3485f84405
Score

3^/10

execution
behavioral8
- Target
  
  Crosshair-X/src/config/utils.js
- Size
  
  2KB
- MD5
  
  d8c71e177dfc2efa7edc840c9d3f7820
- SHA1
  
  4b2640ba421286cba4fddf937ed1efb51e0d23ae
- SHA256
  
  f369586c32555fd41d74fc88bcbe8fb115620868024953640df0f1ce2e631a56
- SHA512
  
  752de35f8bdbaa3e277ceae2cd33ef08aea190e29b35d4a09bcac1895cc3064aa688ad855294af315f90052d91b44f9d6a1446021a7e818aa492e16a34237fe6
Score

3^/10

execution
behavioral9
- Target
  
  Crosshair-X/src/index.js
- Size
  
  59B
- MD5
  
  3d8c8146ff2a9bd339b3cc2c17e74689
- SHA1
  
  f5a1c5ec3dc7003e768ba4141e7594dd8c3bb0bf
- SHA256
  
  d2b763897de705514596ff6fdf9ae0c14df93c669fb0326376f8e4001f8125ee
- SHA512
  
  30ba5d602e7f32c5154a7bc3d250d472f8a81957d500e403a5d63402d069cd2eacfbaef75b6e418e2474f6cadeb534e7117b88ba0e0d666cf81069316ca948ef
Score

3^/10

execution
behavioral10
- Target
  
  Crosshair-X/src/main.js
- Size
  
  5KB
- MD5
  
  94589e1c635e6b074d1a66161744b06e
- SHA1
  
  2f94279c8fe24921bca0640bbf829760a3daa4a5
- SHA256
  
  2d6cc7a54d734810261b2a5fbcec0dc98b74e7892b50f6f83444ba8e3eeb9413
- SHA512
  
  c3df673cb174ef76f5b876a7541f617828d50c550cf52759a6178c13ea412a61e4599b7d7bc0bd1c5f6a076585c3e34d9eef81f0e0cb1f6bf2581a1b1aa4dd11
- SSDEEP
  
  96:QH56m/Y5AkCuu4YsdB64/pgXA3oAxpfyUbeMI3ILEWM2cRs2g7HIWyIMaAvpJXp/:QH5NBke+dB64/VxpdaMYmEWjcBgT0J9z
Score

3^/10

execution
behavioral11
- Target
  
  Crosshair-X/src/main/alert.js
- Size
  
  874B
- MD5
  
  40f1544be6b46244182125fc7f78f479
- SHA1
  
  ba731f2362b07f83eb82aaaae7e87e64e1a2b4a9
- SHA256
  
  76e06de746fdc777787593550a6b63806afa715adaf8d088ab7896ec0499bb6b
- SHA512
  
  a83c72307005c3f5dcb5a17656b1cd182d9aab91342520b8ce0ca8b5704c98c61fafe172ff115d4148ad06e3247352c3ef9267229fb6a0c902bb56c5b27a0160
Score

3^/10

execution
behavioral12
- Target
  
  Crosshair-X/src/main/auto-launch.js
- Size
  
  603B
- MD5
  
  63e8d675ee56dd7295f62ad16a8ef04f
- SHA1
  
  0c586a2d6d1433920464b26829921394b3e227aa
- SHA256
  
  c134b364d6ead8e04eceedee530c45bbcda6648a5cbec0ccb19f6d006b33e723
- SHA512
  
  eccc29e0cd87a16cb78afd1ae4e222ffd338106c1ae315053ac64e995bfb6a5ee189e73eab77afa453691c84e889d7116a703362af1a408fdf3fd2b04f03412a
Score

3^/10

execution
behavioral13
- Target
  
  Crosshair-X/src/main/auto-update.js
- Size
  
  2KB
- MD5
  
  09bf6f1facc8b25ec64d79c3fe672aa0
- SHA1
  
  4813ed74dcca69eb837c6a389e7c026cc5eba8af
- SHA256
  
  0d310385fe25a709f4d4e783eddc3a286f67ebc2c9b18abb2e20e7c2cf352c50
- SHA512
  
  8dae117cf9acbd9b5891c306e7aadaeb279368983687e1eb227021ae4cb747c2a71571c860319cc7f3a335e528d6de646e4d4ec5623f5dc35060520ec44c7a4d
Score

3^/10

execution
behavioral14
- Target
  
  Crosshair-X/src/main/crossover.js
- Size
  
  13KB
- MD5
  
  2143c6ef00969bd38018dcb0a7900a00
- SHA1
  
  0c5c9c1da68731572d5522aaae26d66fbc006956
- SHA256
  
  c4442f63ab12102d4d5437f559d329cd6b08920dd26d1aaa9f34c679d507734f
- SHA512
  
  22daa50fb93da0546b9a78f4f8967531d6dbb0585459e1070155da849f06237fe4ad8ca8a6d982b9af6abdcdc2ef9aeba59ae3536a7f972f51c3bffd6ce104c5
- SSDEEP
  
  384:g+EwejbpbDL+t7laP5t9yjxoAJ7F/uSvpHuU0kqAH+5Tj2ADqSRd6a3IPD:edeto+7FWSvpHpJW0
Score

3^/10

execution
behavioral15
- Target
  
  Crosshair-X/src/main/dialog.js
- Size
  
  3KB
- MD5
  
  e4429519f10e34a16582531506e50c47
- SHA1
  
  a5f858a64574213795f0808cf6faf275d5223ebd
- SHA256
  
  d9d5726a5c670e7b6fba31021e9bb8d66f4efbeeb27545a9209903e8b035b8bf
- SHA512
  
  e65a3d2a5294992d5a244d0d0d1721208c6f6354704378db62432f9f38f0195c9a3e718d326335d582bdc231be71da9bf1d65104f9942bb411b4f58f7a1f3e2e
Score

3^/10

execution
behavioral16
- Target
  
  Crosshair-X/src/main/dock.js
- Size
  
  463B
- MD5
  
  d28ebbe672c06a602131ed0f94cd33ad
- SHA1
  
  2457d34738137e68aabc5837712e221a65263937
- SHA256
  
  0d74c69bfc07a5cf8b7010b5be06aa1dc609fc23946a428b158d2bb29c7510e2
- SHA512
  
  b35b5fbfb1dac316629e6b2894782e6bbcd89e9ce3f5f8235a772f65b1da8ad668870e266e97e4e7826683869bc23e39a4e02d3387bd32cc79b004759be0b917
Score

3^/10

execution
behavioral17
- Target
  
  Crosshair-X/src/main/error-handling.js
- Size
  
  1KB
- MD5
  
  62e57c5e07437e0b146f6993b0c2ac8b
- SHA1
  
  d2468ce30b53f31d43a4e0a3a922938945f01f11
- SHA256
  
  5bd6ff7e448124f3b9f6f4cf3a6f674b34f32e8dd26c39c59ecf17e2e3ea3734
- SHA512
  
  9d8cb54038cd3b0a95cc903588039412655150c0c3db2e94d9c5bf27b07eb178db8ed76ed1bb62a478d14bac729698d21aab4a68531951e39d8ea9ed002473ca
Score

3^/10

execution
behavioral18
- Target
  
  Crosshair-X/src/main/helpers.js
- Size
  
  1KB
- MD5
  
  d18a9b94118198ae7aa77eb9bc458820
- SHA1
  
  de65eb451a39993c1474c94556f99a660116ed20
- SHA256
  
  afd63c848d8f38855963fc246fe9ed7b48858d1a5357b7c05be352ce1532dc04
- SHA512
  
  469d9a6669c5948c4b35cbcbc3c86a4fd25e12abb11e7f161cdec152ea60e30bf8deb78717361500edd0790a861085a096ecf8799328e7f26ffea1f809fc444e
Score

3^/10

execution
behavioral19
- Target
  
  Crosshair-X/src/main/init.js
- Size
  
  1KB
- MD5
  
  0ea8543488a720d635e07d1eaf6a1930
- SHA1
  
  ed4028195cccb8609dae260dbe689c5594dd0715
- SHA256
  
  52a87bed45d6ff6cd5717ba796c93a321aa0af9b78962dda49cf3c9e4e976fa1
- SHA512
  
  bcf3267c3baa0029678ab45499a47e6fe83074df1e7471f664691fbe0260aefb284cb61a02af4456cd66befcc275b58b0a69db87083f587f67c3c3aff50c7fc1
Score

3^/10

execution
behavioral20
- Target
  
  Crosshair-X/src/main/iohook.js
- Size
  
  7KB
- MD5
  
  e967969cdd76637057c7904650694935
- SHA1
  
  107b2874765af47f536dde4f33271e7a7b23df10
- SHA256
  
  ac00acede8bf8e90118cee959cab251be8bdf729f6284c8ec22a760300ffaedd
- SHA512
  
  8cf2c154879f512c6c825f21747af5fe60c37c2d79c2d11f508741c33713f29ad4b48097b6d3fc45e5379aa1637c10ad6b28218f1fcb57afe2734357792e6318
- SSDEEP
  
  192:c5gtS0spQ925OIXEFxW/0iDX3CoFYboUpeVBSs:c5GKWSO7xWciDQbtpeas
Score

3^/10

execution
behavioral21
- Target
  
  Crosshair-X/src/main/ipc.js
- Size
  
  2KB
- MD5
  
  d7b9195476324b5356ed7b6f746e74f2
- SHA1
  
  a65047a4437643f24844d873fa452f46fb8656d3
- SHA256
  
  84cf9498491733678c537d8a2e520e39d9cdd81dd357825baa7d289c1692d22d
- SHA512
  
  08e54228a9a19968d6f4d03402c8624534654f47edf5d880f4ce2e1e4b2c0c28e2be6599e2fae06d211095dc3b54b151c158a1236bb53800b509d643166566d1
Score

3^/10

execution
behavioral22
- Target
  
  Crosshair-X/src/main/keyboard.js
- Size
  
  866B
- MD5
  
  8cae941820974a5a2e58b6876da74df6
- SHA1
  
  dff344a000641000efd9f4c91b9cc4162b486261
- SHA256
  
  e4d4d6c8e5349c6645206cc774c93cd7c4c3a07255513949cf69dcfe3487bad9
- SHA512
  
  51d13b75d2e4a3cae2d35a7d7b4ea70a45cd7ef1790e26f3693c93042f98ab3aaca81dc82e2c9c61505e483816439812d2a68450a7c1c5bd1db88810267ed9c9
Score

3^/10

execution
behavioral23
- Target
  
  Crosshair-X/src/main/log.js
- Size
  
  60B
- MD5
  
  7b063f9797ae0aadd26f0176b0120331
- SHA1
  
  bc8b7bcab8b670355184bdbfd9152f756dc80a75
- SHA256
  
  429baab8de5f40a4a056a44b65611d8e86e1463a7c8f70ee6551e22aa3f4d489
- SHA512
  
  6b6432773dc213f42e4bd97292a4531555c62489e6288d97cc391131df023268b6462fc492b1bcdcc8047993dcf0fcbff96a2c5c633a15d4603049eb1caa4cd5
Score

3^/10

execution
behavioral24
- Target
  
  Crosshair-X/src/main/menu.js
- Size
  
  3KB
- MD5
  
  42a4eb0a6806dc0f8dff2af2c93464a5
- SHA1
  
  390d6e3929ba3d7d1018cc6df749e0fba4217bee
- SHA256
  
  9a5deaf351fd603a65e449e9c3e405e3b0b8a337c2585882c45f834e4d465fa3
- SHA512
  
  138ccef72658e78ca06583ff5ff293d55cf542ccf5690d7b76754831730835fa6c951ad2cd52ad655d497679c46ee69fb8db88a16016d13d1246b83df70808fb
Score

3^/10

execution
behavioral25
- Target
  
  Crosshair-X/src/main/notification.js
- Size
  
  344B
- MD5
  
  41d535aa4cec8427f421ab683faffc49
- SHA1
  
  5d46671dbe17224eca6eed70f67e439c2ec3e9ed
- SHA256
  
  28f47077ad64de30a34f79d2c94dd9ca3f05eef8c0de5f0ae626c23c121e8a03
- SHA512
  
  a0b3db1379f273709beb3b99a146ed638a6137571966c7c2cb2e2e0abefd1120fa476e1967036b19a8c78ef60efa916ec34cc405be2b13632da31dfe00df99cb
Score

3^/10

execution
behavioral26
- Target
  
  Crosshair-X/src/main/paths.js
- Size
  
  489B
- MD5
  
  b70392f9b088e8dd59cc812cd6c8388a
- SHA1
  
  1df0e66668dbc045d1883353e648821c1aefcec7
- SHA256
  
  e7299bd18610111906d40c16a5149b0c90bddc7214d142ced2cb0aa64748d697
- SHA512
  
  6e8dc3c4f76abc5d8a78e423ed999ec0b1c7b9fbbdc6d8f96aac1e7eecb9309851dc9bb34b02edb56d79958eb809d63577746499de7cfd16242ab5a328358f85
Score

3^/10

execution
behavioral27
- Target
  
  Crosshair-X/src/main/preferences.js
- Size
  
  17KB
- MD5
  
  410212bee2b37a963265c5b904f223a7
- SHA1
  
  d4c653404c6efb60159434dab3d10d16dda8a31c
- SHA256
  
  d610d03c91d9a21906d67b90ce4d2a183e925821e43c028909cd8d56dfe65b16
- SHA512
  
  d430e7ef238c1b486554494676f9c60bf491d1649d2ddc994dcca659926318118a13e9b2346019e7a61d919890cf91c1f8dd7191b3bcb112070af0cb06631cfc
- SSDEEP
  
  384:jUJKLHJuhtbIT0jYX6ddDBD2pw3keWoa4Lxl53XNVXeoxvSh5j1vttAKA+bq3o9d:jhHcbK046ddDBDIw3keWoa4Lxl53XNV6
Score

3^/10

execution
behavioral28
- Target
  
  Crosshair-X/src/main/register.js
- Size
  
  3KB
- MD5
  
  905526c67f3e99832420730cb098c2e3
- SHA1
  
  86d1aa84f87437540cea1f672f8c67f2bedab9fc
- SHA256
  
  8e7530a5af5ab3d903de4479e334f90b80e682011b8a0e7f97cc9f1dd6b0c28b
- SHA512
  
  bc2f0879ce1eacfac18c9bffd4f94ab09575dba8bc76c4cbbe2bd364f98c9c0b7a9994e91f0449e0d7540f04cb0099d3ad681c9c6e07e1c33f8d05f252fbdbc2
Score

3^/10

execution
behavioral29
- Target
  
  Crosshair-X/src/main/reset.js
- Size
  
  1KB
- MD5
  
  b4bc1fcfd134fc1b67f3bf283757dd22
- SHA1
  
  b392d0f0969aa813d5fd0438601c2329d3e14f4e
- SHA256
  
  b975c03a18b6407e8e0e9c973d6fc7f3c26fef12671ddd61c2549bda6cc6476c
- SHA512
  
  b35d6e6420182863e7a781d03b96603a2020f399b675708262701f60aee24f41193caf5653ef229dda0011c5025c6d582dfad8548f970247db2bde2ec6926662
Score

3^/10

execution
behavioral30
- Target
  
  Crosshair-X/src/main/save.js
- Size
  
  786B
- MD5
  
  a2d4b1945373bb8db6e57b47d75b77b5
- SHA1
  
  8987c69c380280a85628f5b812389bade25c0513
- SHA256
  
  00a18b8e9e95f12de2b1943c1ff3a5591e10cb87eff4577fd512c4f65e540569
- SHA512
  
  38522547adc70560a45d0c8a1f740944f31ab48d7eee48a1c60eeaf25525204e70b017743ba40b655966cd04c90dc19f4e5d228f9a50ac9c39f578f8b9f45dc7
Score

3^/10

execution
behavioral31
- Target
  
  Crosshair-X/src/main/set.js
- Size
  
  3KB
- MD5
  
  1782ef8435dc4739c876ead1c9653878
- SHA1
  
  99130bae1f5ea5111f349ab120b82a54278881d4
- SHA256
  
  a9414f33afb70819ba9adb28d8def97c0a8790aaff2b585c4bdbe482a5ba8fd2
- SHA512
  
  6e390ad9629147deed366dbade5b16f9707411fe82ab2d8910e558b6ab58a4b8837ad0b999811c5d0756fc3776ee62e9e6751d510688fe5a76e600e1f87d0f36
Score

3^/10

execution
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Meduza Stealer payload

Meduza family

Checks computer location settings

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Checks installed software on the system

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32