Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
88s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
28/10/2022, 22:46
General
-
Target
0bfa13354b7275c2a59bca21abe6468d44f42c5a9cd576ff567ac4148401de0f.exe
-
Size
98KB
-
MD5
0ad2e80a73b9010ccb0f5bff56f7f170
-
SHA1
c48f459b4145ed98b5a0327e9c6cb031ad186e0a
-
SHA256
0bfa13354b7275c2a59bca21abe6468d44f42c5a9cd576ff567ac4148401de0f
-
SHA512
35afc9ea860139f8f51a32d925fdb0a7fe35d30f2dd02d6f8e4f0e5a35c32c873fd00e2d3709e3f348a236733ea6cfcd2f68fce91bfdb5c712b27490332baf60
-
SSDEEP
1536:WX+gYl+YrNyyjRaseP855hSOStqE1QZ+:dgZuAyjRascOMqE1o+
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0bfa13354b7275c2a59bca21abe6468d44f42c5a9cd576ff567ac4148401de0f.exe"C:\Users\Admin\AppData\Local\Temp\0bfa13354b7275c2a59bca21abe6468d44f42c5a9cd576ff567ac4148401de0f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iqfcikbd.exeC:\Windows\system32\Iqfcikbd.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ifckab32.exeC:\Windows\system32\Ifckab32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iqhpok32.exeC:\Windows\system32\Iqhpok32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ijadgqgb.exeC:\Windows\system32\Ijadgqgb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jcihpfnc.exeC:\Windows\system32\Jcihpfnc.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jjcqmp32.exeC:\Windows\system32\Jjcqmp32.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jopieg32.exeC:\Windows\system32\Jopieg32.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jjembp32.exeC:\Windows\system32\Jjembp32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jobfkg32.exeC:\Windows\system32\Jobfkg32.exe10⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jmffdkpn.exeC:\Windows\system32\Jmffdkpn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jmicjknk.exeC:\Windows\system32\Jmicjknk.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jmkpoj32.exeC:\Windows\system32\Jmkpoj32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mhhcdpgd.exeC:\Windows\system32\Mhhcdpgd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mdodia32.exeC:\Windows\system32\Mdodia32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mmghbfci.exeC:\Windows\system32\Mmghbfci.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mhmmoo32.exeC:\Windows\system32\Mhmmoo32.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mmiegf32.exeC:\Windows\system32\Mmiegf32.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mhoido32.exeC:\Windows\system32\Mhoido32.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Magnndhm.exeC:\Windows\system32\Magnndhm.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mibbbg32.exeC:\Windows\system32\Mibbbg32.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nkboljlj.exeC:\Windows\system32\Nkboljlj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Npogdqka.exeC:\Windows\system32\Npogdqka.exe23⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Niglmfab.exeC:\Windows\system32\Niglmfab.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ndmpjoah.exeC:\Windows\system32\Ndmpjoah.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ngklfjpl.exeC:\Windows\system32\Ngklfjpl.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmedcd32.exeC:\Windows\system32\Nmedcd32.exe27⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Nilehemm.exeC:\Windows\system32\Nilehemm.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ophjjobg.exeC:\Windows\system32\Ophjjobg.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Oahgdbjj.exeC:\Windows\system32\Oahgdbjj.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opmceo32.exeC:\Windows\system32\Opmceo32.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oiehndeb.exeC:\Windows\system32\Oiehndeb.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Opopknlo.exeC:\Windows\system32\Opopknlo.exe4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oihedd32.exeC:\Windows\system32\Oihedd32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odmiam32.exeC:\Windows\system32\Odmiam32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnenjbif.exeC:\Windows\system32\Pnenjbif.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Phkagk32.exeC:\Windows\system32\Phkagk32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnhjpa32.exeC:\Windows\system32\Pnhjpa32.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pdbbllop.exeC:\Windows\system32\Pdbbllop.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pjokdbmg.exeC:\Windows\system32\Pjokdbmg.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ppicam32.exeC:\Windows\system32\Ppicam32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkngoedj.exeC:\Windows\system32\Pkngoedj.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pahpkp32.exeC:\Windows\system32\Pahpkp32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Phbhhjcd.exeC:\Windows\system32\Phbhhjcd.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkqddebh.exeC:\Windows\system32\Pkqddebh.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pnoppqak.exeC:\Windows\system32\Pnoppqak.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdihmk32.exeC:\Windows\system32\Pdihmk32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Adponj32.exeC:\Windows\system32\Adponj32.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aqgobkhd.exeC:\Windows\system32\Aqgobkhd.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ajodkp32.exeC:\Windows\system32\Ajodkp32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Agcdedno.exeC:\Windows\system32\Agcdedno.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abhibmmd.exeC:\Windows\system32\Abhibmmd.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akamkc32.exeC:\Windows\system32\Akamkc32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Anoign32.exeC:\Windows\system32\Anoign32.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Adiadh32.exeC:\Windows\system32\Adiadh32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bnafmnaf.exeC:\Windows\system32\Bnafmnaf.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bkeffbpp.exeC:\Windows\system32\Bkeffbpp.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bqboni32.exeC:\Windows\system32\Bqboni32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bjkcgodg.exeC:\Windows\system32\Bjkcgodg.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bqeldi32.exeC:\Windows\system32\Bqeldi32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bgodqcca.exeC:\Windows\system32\Bgodqcca.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bbdhnlcg.exeC:\Windows\system32\Bbdhnlcg.exe33⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bgaqfb32.exeC:\Windows\system32\Bgaqfb32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bjpmbn32.exeC:\Windows\system32\Bjpmbn32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ceeapg32.exeC:\Windows\system32\Ceeapg32.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckoilage.exeC:\Windows\system32\Ckoilage.exe37⤵
-
C:\Windows\SysWOW64\Cnmehlgi.exeC:\Windows\system32\Cnmehlgi.exe38⤵
-
C:\Windows\SysWOW64\Cqlbdhfl.exeC:\Windows\system32\Cqlbdhfl.exe39⤵
-
C:\Windows\SysWOW64\Cgfjabmi.exeC:\Windows\system32\Cgfjabmi.exe40⤵
-
C:\Windows\SysWOW64\Cnpbnl32.exeC:\Windows\system32\Cnpbnl32.exe41⤵
-
C:\Windows\SysWOW64\Cqnojg32.exeC:\Windows\system32\Cqnojg32.exe42⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Ckcbgp32.exeC:\Windows\system32\Ckcbgp32.exe43⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dgomgq32.exeC:\Windows\system32\Dgomgq32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dniedk32.exeC:\Windows\system32\Dniedk32.exe45⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dagapf32.exeC:\Windows\system32\Dagapf32.exe46⤵
-
C:\Windows\SysWOW64\Dhfchp32.exeC:\Windows\system32\Dhfchp32.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Djdodk32.exeC:\Windows\system32\Djdodk32.exe48⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ebndkhmj.exeC:\Windows\system32\Ebndkhmj.exe49⤵
-
C:\Windows\SysWOW64\Eihlhb32.exeC:\Windows\system32\Eihlhb32.exe50⤵
-
C:\Windows\SysWOW64\Enedpi32.exeC:\Windows\system32\Enedpi32.exe51⤵
-
C:\Windows\SysWOW64\Eijimb32.exeC:\Windows\system32\Eijimb32.exe52⤵
-
C:\Windows\SysWOW64\Elieim32.exeC:\Windows\system32\Elieim32.exe53⤵
-
C:\Windows\SysWOW64\Engaei32.exeC:\Windows\system32\Engaei32.exe54⤵
-
C:\Windows\SysWOW64\Eeajbc32.exeC:\Windows\system32\Eeajbc32.exe55⤵
-
C:\Windows\SysWOW64\Ebejlg32.exeC:\Windows\system32\Ebejlg32.exe56⤵
-
C:\Windows\SysWOW64\Elmodmmb.exeC:\Windows\system32\Elmodmmb.exe57⤵
-
C:\Windows\SysWOW64\Ejpopi32.exeC:\Windows\system32\Ejpopi32.exe58⤵
-
C:\Windows\SysWOW64\Eajgmckj.exeC:\Windows\system32\Eajgmckj.exe59⤵
-
C:\Windows\SysWOW64\Ehdoincf.exeC:\Windows\system32\Ehdoincf.exe60⤵
-
C:\Windows\SysWOW64\Ejbkeibj.exeC:\Windows\system32\Ejbkeibj.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fbjcgfbl.exeC:\Windows\system32\Fbjcgfbl.exe62⤵
-
C:\Windows\SysWOW64\Fehpcbap.exeC:\Windows\system32\Fehpcbap.exe63⤵
-
C:\Windows\SysWOW64\Fhflomad.exeC:\Windows\system32\Fhflomad.exe64⤵
-
C:\Windows\SysWOW64\Fblplfqj.exeC:\Windows\system32\Fblplfqj.exe65⤵
-
C:\Windows\SysWOW64\Fhiidm32.exeC:\Windows\system32\Fhiidm32.exe66⤵
-
C:\Windows\SysWOW64\Fkgeqh32.exeC:\Windows\system32\Fkgeqh32.exe67⤵
-
C:\Windows\SysWOW64\Femina32.exeC:\Windows\system32\Femina32.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fhkejm32.exeC:\Windows\system32\Fhkejm32.exe69⤵
-
C:\Windows\SysWOW64\Foenggdk.exeC:\Windows\system32\Foenggdk.exe70⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Facjcbco.exeC:\Windows\system32\Facjcbco.exe71⤵
-
C:\Windows\SysWOW64\Fklnlhjp.exeC:\Windows\system32\Fklnlhjp.exe72⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fbcfmejb.exeC:\Windows\system32\Fbcfmejb.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fimojo32.exeC:\Windows\system32\Fimojo32.exe74⤵
-
C:\Windows\SysWOW64\Flkkfk32.exeC:\Windows\system32\Flkkfk32.exe75⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gojgbf32.exeC:\Windows\system32\Gojgbf32.exe76⤵
-
C:\Windows\SysWOW64\Gahcna32.exeC:\Windows\system32\Gahcna32.exe77⤵
-
C:\Windows\SysWOW64\Glngkjop.exeC:\Windows\system32\Glngkjop.exe78⤵
-
C:\Windows\SysWOW64\Goldgfnc.exeC:\Windows\system32\Goldgfnc.exe79⤵
-
C:\Windows\SysWOW64\Gakpcamg.exeC:\Windows\system32\Gakpcamg.exe80⤵
-
C:\Windows\SysWOW64\Ghdhpk32.exeC:\Windows\system32\Ghdhpk32.exe81⤵
-
C:\Windows\SysWOW64\Glpdajmm.exeC:\Windows\system32\Glpdajmm.exe82⤵
-
C:\Windows\SysWOW64\Gbjlnd32.exeC:\Windows\system32\Gbjlnd32.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gehijp32.exeC:\Windows\system32\Gehijp32.exe84⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Glbafjkj.exeC:\Windows\system32\Glbafjkj.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Goambe32.exeC:\Windows\system32\Goambe32.exe86⤵
-
C:\Windows\SysWOW64\Gaoioq32.exeC:\Windows\system32\Gaoioq32.exe87⤵
-
C:\Windows\SysWOW64\Ghiakkqo.exeC:\Windows\system32\Ghiakkqo.exe88⤵
-
C:\Windows\SysWOW64\Gkhngfpb.exeC:\Windows\system32\Gkhngfpb.exe89⤵
-
C:\Windows\SysWOW64\Gboficpd.exeC:\Windows\system32\Gboficpd.exe90⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ghlnajol.exeC:\Windows\system32\Ghlnajol.exe91⤵
-
C:\Windows\SysWOW64\Hkjkmfnp.exeC:\Windows\system32\Hkjkmfnp.exe92⤵
-
C:\Windows\SysWOW64\Hcabnc32.exeC:\Windows\system32\Hcabnc32.exe93⤵
-
C:\Windows\SysWOW64\Hepojo32.exeC:\Windows\system32\Hepojo32.exe94⤵
-
C:\Windows\SysWOW64\Hhnkfj32.exeC:\Windows\system32\Hhnkfj32.exe95⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hohccddf.exeC:\Windows\system32\Hohccddf.exe96⤵
-
C:\Windows\SysWOW64\Hccodc32.exeC:\Windows\system32\Hccodc32.exe97⤵
-
C:\Windows\SysWOW64\Hebkpn32.exeC:\Windows\system32\Hebkpn32.exe98⤵
-
C:\Windows\SysWOW64\Hhphlj32.exeC:\Windows\system32\Hhphlj32.exe99⤵
-
C:\Windows\SysWOW64\Hlldmhcp.exeC:\Windows\system32\Hlldmhcp.exe100⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hojpidbc.exeC:\Windows\system32\Hojpidbc.exe101⤵
-
C:\Windows\SysWOW64\Haileo32.exeC:\Windows\system32\Haileo32.exe102⤵
-
C:\Windows\SysWOW64\Hipdfm32.exeC:\Windows\system32\Hipdfm32.exe103⤵
-
C:\Windows\SysWOW64\Hkaqnegg.exeC:\Windows\system32\Hkaqnegg.exe104⤵
-
C:\Windows\SysWOW64\Hommnc32.exeC:\Windows\system32\Hommnc32.exe105⤵
-
C:\Windows\SysWOW64\Hlqmhh32.exeC:\Windows\system32\Hlqmhh32.exe106⤵
-
C:\Windows\SysWOW64\Hcjedbfg.exeC:\Windows\system32\Hcjedbfg.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Heiaqm32.exeC:\Windows\system32\Heiaqm32.exe108⤵
-
C:\Windows\SysWOW64\Ioaficlk.exeC:\Windows\system32\Ioaficlk.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iapbenko.exeC:\Windows\system32\Iapbenko.exe110⤵
-
C:\Windows\SysWOW64\Ijgjglla.exeC:\Windows\system32\Ijgjglla.exe111⤵
-
C:\Windows\SysWOW64\Ikhgnd32.exeC:\Windows\system32\Ikhgnd32.exe112⤵
-
C:\Windows\SysWOW64\Icoopa32.exeC:\Windows\system32\Icoopa32.exe113⤵
-
C:\Windows\SysWOW64\Ihlghhpi.exeC:\Windows\system32\Ihlghhpi.exe114⤵
-
C:\Windows\SysWOW64\Iofpdb32.exeC:\Windows\system32\Iofpdb32.exe115⤵
-
C:\Windows\SysWOW64\Ijkdbk32.exeC:\Windows\system32\Ijkdbk32.exe116⤵
-
C:\Windows\SysWOW64\Iljpnf32.exeC:\Windows\system32\Iljpnf32.exe117⤵
-
C:\Windows\SysWOW64\Iohljb32.exeC:\Windows\system32\Iohljb32.exe118⤵
-
C:\Windows\SysWOW64\Iaghfm32.exeC:\Windows\system32\Iaghfm32.exe119⤵
-
C:\Windows\SysWOW64\Ijnqgk32.exeC:\Windows\system32\Ijnqgk32.exe120⤵
-
C:\Windows\SysWOW64\Iokipacq.exeC:\Windows\system32\Iokipacq.exe121⤵
- Drops file in System32 directory
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-