Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
05/10/2023, 15:14
General
-
Target
2023-08-27_7a288dce0ef56ac45793b649e4aa0145_mafia_JC.exe
-
Size
488KB
-
MD5
7a288dce0ef56ac45793b649e4aa0145
-
SHA1
e0732aedcf4c01ef3111cf2337a9f7e546663733
-
SHA256
ab77bf0646276ebe3a92322708c1cefdf58ab591de14a4188873c853aade0b41
-
SHA512
8c61be3c9fa84b90cd7a1c3c50bc6919862c078bedb34f4156de54dddd67713c6fecb89d73709052988abe7d12e82ad7696d3f989afde7ed4b47056f3e5dab6e
-
SSDEEP
12288:/U5rCOTeiD5Zxck78178AEcMNoEled5BZOGk3NZ:/UQOJDqkI12jCL5ffk3N
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_7a288dce0ef56ac45793b649e4aa0145_mafia_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_7a288dce0ef56ac45793b649e4aa0145_mafia_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3F61.tmp"C:\Users\Admin\AppData\Local\Temp\3F61.tmp"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\400C.tmp"C:\Users\Admin\AppData\Local\Temp\400C.tmp"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\40F6.tmp"C:\Users\Admin\AppData\Local\Temp\40F6.tmp"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\41D1.tmp"C:\Users\Admin\AppData\Local\Temp\41D1.tmp"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\42AB.tmp"C:\Users\Admin\AppData\Local\Temp\42AB.tmp"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4386.tmp"C:\Users\Admin\AppData\Local\Temp\4386.tmp"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4450.tmp"C:\Users\Admin\AppData\Local\Temp\4450.tmp"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\44DD.tmp"C:\Users\Admin\AppData\Local\Temp\44DD.tmp"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\45A8.tmp"C:\Users\Admin\AppData\Local\Temp\45A8.tmp"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4672.tmp"C:\Users\Admin\AppData\Local\Temp\4672.tmp"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\475C.tmp"C:\Users\Admin\AppData\Local\Temp\475C.tmp"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4808.tmp"C:\Users\Admin\AppData\Local\Temp\4808.tmp"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\48E2.tmp"C:\Users\Admin\AppData\Local\Temp\48E2.tmp"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\49BD.tmp"C:\Users\Admin\AppData\Local\Temp\49BD.tmp"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4A78.tmp"C:\Users\Admin\AppData\Local\Temp\4A78.tmp"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4B72.tmp"C:\Users\Admin\AppData\Local\Temp\4B72.tmp"17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4C6B.tmp"C:\Users\Admin\AppData\Local\Temp\4C6B.tmp"18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4D46.tmp"C:\Users\Admin\AppData\Local\Temp\4D46.tmp"19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4DF1.tmp"C:\Users\Admin\AppData\Local\Temp\4DF1.tmp"20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4EDB.tmp"C:\Users\Admin\AppData\Local\Temp\4EDB.tmp"21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4FA6.tmp"C:\Users\Admin\AppData\Local\Temp\4FA6.tmp"22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5090.tmp"C:\Users\Admin\AppData\Local\Temp\5090.tmp"23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\517A.tmp"C:\Users\Admin\AppData\Local\Temp\517A.tmp"24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5206.tmp"C:\Users\Admin\AppData\Local\Temp\5206.tmp"25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\52A2.tmp"C:\Users\Admin\AppData\Local\Temp\52A2.tmp"26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\531F.tmp"C:\Users\Admin\AppData\Local\Temp\531F.tmp"27⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\539C.tmp"C:\Users\Admin\AppData\Local\Temp\539C.tmp"28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5419.tmp"C:\Users\Admin\AppData\Local\Temp\5419.tmp"29⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5476.tmp"C:\Users\Admin\AppData\Local\Temp\5476.tmp"30⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\54E4.tmp"C:\Users\Admin\AppData\Local\Temp\54E4.tmp"31⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5560.tmp"C:\Users\Admin\AppData\Local\Temp\5560.tmp"32⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\55DD.tmp"C:\Users\Admin\AppData\Local\Temp\55DD.tmp"33⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\565A.tmp"C:\Users\Admin\AppData\Local\Temp\565A.tmp"34⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\56E6.tmp"C:\Users\Admin\AppData\Local\Temp\56E6.tmp"35⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5744.tmp"C:\Users\Admin\AppData\Local\Temp\5744.tmp"36⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\57B1.tmp"C:\Users\Admin\AppData\Local\Temp\57B1.tmp"37⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\582E.tmp"C:\Users\Admin\AppData\Local\Temp\582E.tmp"38⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\58AB.tmp"C:\Users\Admin\AppData\Local\Temp\58AB.tmp"39⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5918.tmp"C:\Users\Admin\AppData\Local\Temp\5918.tmp"40⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5985.tmp"C:\Users\Admin\AppData\Local\Temp\5985.tmp"41⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\59F2.tmp"C:\Users\Admin\AppData\Local\Temp\59F2.tmp"42⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5A6F.tmp"C:\Users\Admin\AppData\Local\Temp\5A6F.tmp"43⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5ACD.tmp"C:\Users\Admin\AppData\Local\Temp\5ACD.tmp"44⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5B2A.tmp"C:\Users\Admin\AppData\Local\Temp\5B2A.tmp"45⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5B88.tmp"C:\Users\Admin\AppData\Local\Temp\5B88.tmp"46⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5BF5.tmp"C:\Users\Admin\AppData\Local\Temp\5BF5.tmp"47⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5C72.tmp"C:\Users\Admin\AppData\Local\Temp\5C72.tmp"48⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5CEF.tmp"C:\Users\Admin\AppData\Local\Temp\5CEF.tmp"49⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5D3D.tmp"C:\Users\Admin\AppData\Local\Temp\5D3D.tmp"50⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5DAA.tmp"C:\Users\Admin\AppData\Local\Temp\5DAA.tmp"51⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5E27.tmp"C:\Users\Admin\AppData\Local\Temp\5E27.tmp"52⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5EC3.tmp"C:\Users\Admin\AppData\Local\Temp\5EC3.tmp"53⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5F20.tmp"C:\Users\Admin\AppData\Local\Temp\5F20.tmp"54⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5FAD.tmp"C:\Users\Admin\AppData\Local\Temp\5FAD.tmp"55⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\600A.tmp"C:\Users\Admin\AppData\Local\Temp\600A.tmp"56⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\6097.tmp"C:\Users\Admin\AppData\Local\Temp\6097.tmp"57⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\60F4.tmp"C:\Users\Admin\AppData\Local\Temp\60F4.tmp"58⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\6162.tmp"C:\Users\Admin\AppData\Local\Temp\6162.tmp"59⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\61DE.tmp"C:\Users\Admin\AppData\Local\Temp\61DE.tmp"60⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\624C.tmp"C:\Users\Admin\AppData\Local\Temp\624C.tmp"61⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\62B9.tmp"C:\Users\Admin\AppData\Local\Temp\62B9.tmp"62⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\6336.tmp"C:\Users\Admin\AppData\Local\Temp\6336.tmp"63⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\63A3.tmp"C:\Users\Admin\AppData\Local\Temp\63A3.tmp"64⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\6410.tmp"C:\Users\Admin\AppData\Local\Temp\6410.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\646E.tmp"C:\Users\Admin\AppData\Local\Temp\646E.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\64CB.tmp"C:\Users\Admin\AppData\Local\Temp\64CB.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\6642.tmp"C:\Users\Admin\AppData\Local\Temp\6642.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\66CE.tmp"C:\Users\Admin\AppData\Local\Temp\66CE.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\672C.tmp"C:\Users\Admin\AppData\Local\Temp\672C.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\6789.tmp"C:\Users\Admin\AppData\Local\Temp\6789.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\67F7.tmp"C:\Users\Admin\AppData\Local\Temp\67F7.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\6864.tmp"C:\Users\Admin\AppData\Local\Temp\6864.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\68D1.tmp"C:\Users\Admin\AppData\Local\Temp\68D1.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\693E.tmp"C:\Users\Admin\AppData\Local\Temp\693E.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\69BB.tmp"C:\Users\Admin\AppData\Local\Temp\69BB.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\6A38.tmp"C:\Users\Admin\AppData\Local\Temp\6A38.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\6AA5.tmp"C:\Users\Admin\AppData\Local\Temp\6AA5.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\6B12.tmp"C:\Users\Admin\AppData\Local\Temp\6B12.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\6B7F.tmp"C:\Users\Admin\AppData\Local\Temp\6B7F.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\6BED.tmp"C:\Users\Admin\AppData\Local\Temp\6BED.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\6C4A.tmp"C:\Users\Admin\AppData\Local\Temp\6C4A.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\6CA8.tmp"C:\Users\Admin\AppData\Local\Temp\6CA8.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\6D05.tmp"C:\Users\Admin\AppData\Local\Temp\6D05.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\6D73.tmp"C:\Users\Admin\AppData\Local\Temp\6D73.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\6DE0.tmp"C:\Users\Admin\AppData\Local\Temp\6DE0.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\6E7C.tmp"C:\Users\Admin\AppData\Local\Temp\6E7C.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\6EF9.tmp"C:\Users\Admin\AppData\Local\Temp\6EF9.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\6F66.tmp"C:\Users\Admin\AppData\Local\Temp\6F66.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\6FD3.tmp"C:\Users\Admin\AppData\Local\Temp\6FD3.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\7050.tmp"C:\Users\Admin\AppData\Local\Temp\7050.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\70CD.tmp"C:\Users\Admin\AppData\Local\Temp\70CD.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\7149.tmp"C:\Users\Admin\AppData\Local\Temp\7149.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\71A7.tmp"C:\Users\Admin\AppData\Local\Temp\71A7.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\7214.tmp"C:\Users\Admin\AppData\Local\Temp\7214.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\7291.tmp"C:\Users\Admin\AppData\Local\Temp\7291.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\72FE.tmp"C:\Users\Admin\AppData\Local\Temp\72FE.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\736B.tmp"C:\Users\Admin\AppData\Local\Temp\736B.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\73D9.tmp"C:\Users\Admin\AppData\Local\Temp\73D9.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\7455.tmp"C:\Users\Admin\AppData\Local\Temp\7455.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\74C3.tmp"C:\Users\Admin\AppData\Local\Temp\74C3.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\7530.tmp"C:\Users\Admin\AppData\Local\Temp\7530.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\75AD.tmp"C:\Users\Admin\AppData\Local\Temp\75AD.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\7629.tmp"C:\Users\Admin\AppData\Local\Temp\7629.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\7687.tmp"C:\Users\Admin\AppData\Local\Temp\7687.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\76E5.tmp"C:\Users\Admin\AppData\Local\Temp\76E5.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\7742.tmp"C:\Users\Admin\AppData\Local\Temp\7742.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\77BF.tmp"C:\Users\Admin\AppData\Local\Temp\77BF.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\782C.tmp"C:\Users\Admin\AppData\Local\Temp\782C.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\78A9.tmp"C:\Users\Admin\AppData\Local\Temp\78A9.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\7916.tmp"C:\Users\Admin\AppData\Local\Temp\7916.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\7993.tmp"C:\Users\Admin\AppData\Local\Temp\7993.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\79F1.tmp"C:\Users\Admin\AppData\Local\Temp\79F1.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\7ACB.tmp"C:\Users\Admin\AppData\Local\Temp\7ACB.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\7B67.tmp"C:\Users\Admin\AppData\Local\Temp\7B67.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\7BE4.tmp"C:\Users\Admin\AppData\Local\Temp\7BE4.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\7C41.tmp"C:\Users\Admin\AppData\Local\Temp\7C41.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\7CAF.tmp"C:\Users\Admin\AppData\Local\Temp\7CAF.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\7D1C.tmp"C:\Users\Admin\AppData\Local\Temp\7D1C.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\7D99.tmp"C:\Users\Admin\AppData\Local\Temp\7D99.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\7E15.tmp"C:\Users\Admin\AppData\Local\Temp\7E15.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-