Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
181s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13/10/2023, 14:55
General
-
Target
NEAS.NEAS178a69f62d319a15079780e3e0e645e0exe_JC.exe
-
Size
459KB
-
MD5
178a69f62d319a15079780e3e0e645e0
-
SHA1
bb2895f155246eeff7a444c983f01860ad86f201
-
SHA256
f358b1efc4b255f65af31c81806abe2cc3de6ac676d5b72c7497c92060d31cdd
-
SHA512
cd92cdf0fe0746397a29b34a19aa195a5e4d71cdadd996846c9fd14225ddc14c5c98962be873268e1f40aa50efa1e4ae5707834c949b51236fab9422cde71844
-
SSDEEP
6144:L3JIriK/MwGsmLrZNs/VKi/MwGsmLr5+Nod/MwGsmLrZNs/VKi/MwGsmLrRo68lS:L3EMmmpNs/VXMmmg8MmmpNs/VXMmm
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.NEAS178a69f62d319a15079780e3e0e645e0exe_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.NEAS178a69f62d319a15079780e3e0e645e0exe_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmjmekgn.exeC:\Windows\system32\Dmjmekgn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dcffnbee.exeC:\Windows\system32\Dcffnbee.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Dknnoofg.exeC:\Windows\system32\Dknnoofg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpjfgf32.exeC:\Windows\system32\Dpjfgf32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Dnqcfjae.exeC:\Windows\system32\Dnqcfjae.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dgihop32.exeC:\Windows\system32\Dgihop32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dncpkjoc.exeC:\Windows\system32\Dncpkjoc.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Egkddo32.exeC:\Windows\system32\Egkddo32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ejjaqk32.exeC:\Windows\system32\Ejjaqk32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Egpnooan.exeC:\Windows\system32\Egpnooan.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SysWOW64\Enjfli32.exeC:\Windows\system32\Enjfli32.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ecgodpgb.exeC:\Windows\system32\Ecgodpgb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Egegjn32.exeC:\Windows\system32\Egegjn32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jnedgq32.exeC:\Windows\system32\Jnedgq32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kbeibo32.exeC:\Windows\system32\Kbeibo32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Khdoqefq.exeC:\Windows\system32\Khdoqefq.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Klbgfc32.exeC:\Windows\system32\Klbgfc32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kbnlim32.exeC:\Windows\system32\Kbnlim32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Loemnnhe.exeC:\Windows\system32\Loemnnhe.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ldbefe32.exeC:\Windows\system32\Ldbefe32.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Llkjmb32.exeC:\Windows\system32\Llkjmb32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ledoegkm.exeC:\Windows\system32\Ledoegkm.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lajokiaa.exeC:\Windows\system32\Lajokiaa.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Llpchaqg.exeC:\Windows\system32\Llpchaqg.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lamlphoo.exeC:\Windows\system32\Lamlphoo.exe15⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mekdffee.exeC:\Windows\system32\Mekdffee.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mklfjm32.exeC:\Windows\system32\Mklfjm32.exe17⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Dpalgenf.exeC:\Windows\system32\Dpalgenf.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dggkipii.exeC:\Windows\system32\Dggkipii.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dpmcmf32.exeC:\Windows\system32\Dpmcmf32.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dkpjdo32.exeC:\Windows\system32\Dkpjdo32.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mddkbbfg.exeC:\Windows\system32\Mddkbbfg.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nhbciqln.exeC:\Windows\system32\Nhbciqln.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nakhaf32.exeC:\Windows\system32\Nakhaf32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nlcidopb.exeC:\Windows\system32\Nlcidopb.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ncmaai32.exeC:\Windows\system32\Ncmaai32.exe5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nconfh32.exeC:\Windows\system32\Nconfh32.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbdkhe32.exeC:\Windows\system32\Nbdkhe32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Okmpqjad.exeC:\Windows\system32\Okmpqjad.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Obfhmd32.exeC:\Windows\system32\Obfhmd32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ohqpjo32.exeC:\Windows\system32\Ohqpjo32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ofdqcc32.exeC:\Windows\system32\Ofdqcc32.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oloipmfd.exeC:\Windows\system32\Oloipmfd.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Obkahddl.exeC:\Windows\system32\Obkahddl.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oooaah32.exeC:\Windows\system32\Oooaah32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Odljjo32.exeC:\Windows\system32\Odljjo32.exe15⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oflfdbip.exeC:\Windows\system32\Oflfdbip.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Pkholi32.exeC:\Windows\system32\Pkholi32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcpgmf32.exeC:\Windows\system32\Pcpgmf32.exe18⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdqcenmg.exeC:\Windows\system32\Pdqcenmg.exe19⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pmhkflnj.exeC:\Windows\system32\Pmhkflnj.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Poidhg32.exeC:\Windows\system32\Poidhg32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmmeak32.exeC:\Windows\system32\Pmmeak32.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pbimjb32.exeC:\Windows\system32\Pbimjb32.exe23⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qfgfpp32.exeC:\Windows\system32\Qfgfpp32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aeffgkkp.exeC:\Windows\system32\Aeffgkkp.exe25⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aehbmk32.exeC:\Windows\system32\Aehbmk32.exe26⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bfhofnpp.exeC:\Windows\system32\Bfhofnpp.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bldgoeog.exeC:\Windows\system32\Bldgoeog.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bmddihfj.exeC:\Windows\system32\Bmddihfj.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bikeni32.exeC:\Windows\system32\Bikeni32.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bcpika32.exeC:\Windows\system32\Bcpika32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blknpdho.exeC:\Windows\system32\Blknpdho.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdebfago.exeC:\Windows\system32\Cdebfago.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdgolq32.exeC:\Windows\system32\Cdgolq32.exe34⤵
-
C:\Windows\SysWOW64\Ciknefmk.exeC:\Windows\system32\Ciknefmk.exe35⤵
-
C:\Windows\SysWOW64\Dpefaq32.exeC:\Windows\system32\Dpefaq32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dfonnk32.exeC:\Windows\system32\Dfonnk32.exe37⤵
-
C:\Windows\SysWOW64\Dmifkecb.exeC:\Windows\system32\Dmifkecb.exe38⤵
-
C:\Windows\SysWOW64\Dbfoclai.exeC:\Windows\system32\Dbfoclai.exe39⤵
-
C:\Windows\SysWOW64\Dedkogqm.exeC:\Windows\system32\Dedkogqm.exe40⤵
-
C:\Windows\SysWOW64\Dlncla32.exeC:\Windows\system32\Dlncla32.exe41⤵
-
C:\Windows\SysWOW64\Defheg32.exeC:\Windows\system32\Defheg32.exe42⤵
-
C:\Windows\SysWOW64\Dmnpfd32.exeC:\Windows\system32\Dmnpfd32.exe43⤵
-
C:\Windows\SysWOW64\Didqkeeq.exeC:\Windows\system32\Didqkeeq.exe44⤵
-
C:\Windows\SysWOW64\Epeohn32.exeC:\Windows\system32\Epeohn32.exe45⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Egpgehnb.exeC:\Windows\system32\Egpgehnb.exe46⤵
-
C:\Windows\SysWOW64\Eincadmf.exeC:\Windows\system32\Eincadmf.exe47⤵
-
C:\Windows\SysWOW64\Ellpmolj.exeC:\Windows\system32\Ellpmolj.exe48⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Egbdjhlp.exeC:\Windows\system32\Egbdjhlp.exe49⤵
-
C:\Windows\SysWOW64\Elolco32.exeC:\Windows\system32\Elolco32.exe50⤵
-
C:\Windows\SysWOW64\Flaiho32.exeC:\Windows\system32\Flaiho32.exe51⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fjeibc32.exeC:\Windows\system32\Fjeibc32.exe52⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fcmnkh32.exeC:\Windows\system32\Fcmnkh32.exe53⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fpandm32.exeC:\Windows\system32\Fpandm32.exe54⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fneoma32.exeC:\Windows\system32\Fneoma32.exe55⤵
-
C:\Windows\SysWOW64\Fgncff32.exeC:\Windows\system32\Fgncff32.exe56⤵
-
C:\Windows\SysWOW64\Fnglcqio.exeC:\Windows\system32\Fnglcqio.exe57⤵
-
C:\Windows\SysWOW64\Fdadpk32.exeC:\Windows\system32\Fdadpk32.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Glmhdm32.exeC:\Windows\system32\Glmhdm32.exe59⤵
-
C:\Windows\SysWOW64\Gfemmb32.exeC:\Windows\system32\Gfemmb32.exe60⤵
-
C:\Windows\SysWOW64\Gcngafol.exeC:\Windows\system32\Gcngafol.exe61⤵
-
C:\Windows\SysWOW64\Gmfkjl32.exeC:\Windows\system32\Gmfkjl32.exe62⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hfnpca32.exeC:\Windows\system32\Hfnpca32.exe63⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hnehdo32.exeC:\Windows\system32\Hnehdo32.exe64⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hdppaidl.exeC:\Windows\system32\Hdppaidl.exe65⤵
-
C:\Windows\SysWOW64\Hjlhipbc.exeC:\Windows\system32\Hjlhipbc.exe66⤵
-
C:\Windows\SysWOW64\Hcembe32.exeC:\Windows\system32\Hcembe32.exe67⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hgbfhc32.exeC:\Windows\system32\Hgbfhc32.exe68⤵
-
C:\Windows\SysWOW64\Hdffah32.exeC:\Windows\system32\Hdffah32.exe69⤵
-
C:\Windows\SysWOW64\Hfhbipdb.exeC:\Windows\system32\Hfhbipdb.exe70⤵
-
C:\Windows\SysWOW64\Hqmggi32.exeC:\Windows\system32\Hqmggi32.exe71⤵
-
C:\Windows\SysWOW64\Ifjoop32.exeC:\Windows\system32\Ifjoop32.exe72⤵
-
C:\Windows\SysWOW64\Imdgljil.exeC:\Windows\system32\Imdgljil.exe73⤵
-
C:\Windows\SysWOW64\Ifmldo32.exeC:\Windows\system32\Ifmldo32.exe74⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iglhob32.exeC:\Windows\system32\Iglhob32.exe75⤵
-
C:\Windows\SysWOW64\Ijjekn32.exeC:\Windows\system32\Ijjekn32.exe76⤵
-
C:\Windows\SysWOW64\Icciccmd.exeC:\Windows\system32\Icciccmd.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Iqgjmg32.exeC:\Windows\system32\Iqgjmg32.exe78⤵
-
C:\Windows\SysWOW64\Igqbiacj.exeC:\Windows\system32\Igqbiacj.exe79⤵
-
C:\Windows\SysWOW64\Inkjfk32.exeC:\Windows\system32\Inkjfk32.exe80⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jgcooaah.exeC:\Windows\system32\Jgcooaah.exe81⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jnmglk32.exeC:\Windows\system32\Jnmglk32.exe82⤵
-
C:\Windows\SysWOW64\Jakchf32.exeC:\Windows\system32\Jakchf32.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jfhlpnfp.exeC:\Windows\system32\Jfhlpnfp.exe84⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jeilne32.exeC:\Windows\system32\Jeilne32.exe85⤵
-
C:\Windows\SysWOW64\Jjfdfl32.exeC:\Windows\system32\Jjfdfl32.exe86⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oalpigkb.exeC:\Windows\system32\Oalpigkb.exe87⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qdfefkll.exeC:\Windows\system32\Qdfefkll.exe88⤵
-
C:\Windows\SysWOW64\Emikpeig.exeC:\Windows\system32\Emikpeig.exe89⤵
-
C:\Windows\SysWOW64\Ildpbfmf.exeC:\Windows\system32\Ildpbfmf.exe90⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Omkmhlpf.exeC:\Windows\system32\Omkmhlpf.exe91⤵
- Modifies registry class
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Pidjcm32.exeC:\Windows\system32\Pidjcm32.exe1⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pblolb32.exeC:\Windows\system32\Pblolb32.exe2⤵
-
C:\Windows\SysWOW64\Pekkhn32.exeC:\Windows\system32\Pekkhn32.exe3⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pmbcik32.exeC:\Windows\system32\Pmbcik32.exe4⤵
-
C:\Windows\SysWOW64\Pldcdhpi.exeC:\Windows\system32\Pldcdhpi.exe5⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pocpqcpm.exeC:\Windows\system32\Pocpqcpm.exe6⤵
-
C:\Windows\SysWOW64\Pbokab32.exeC:\Windows\system32\Pbokab32.exe7⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pemhmn32.exeC:\Windows\system32\Pemhmn32.exe8⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qlpcpffl.exeC:\Windows\system32\Qlpcpffl.exe9⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aeigilml.exeC:\Windows\system32\Aeigilml.exe10⤵
-
C:\Windows\SysWOW64\Gpjfng32.exeC:\Windows\system32\Gpjfng32.exe11⤵
-
C:\Windows\SysWOW64\Gfcnka32.exeC:\Windows\system32\Gfcnka32.exe12⤵
-
C:\Windows\SysWOW64\Gmnfglcd.exeC:\Windows\system32\Gmnfglcd.exe13⤵
-
C:\Windows\SysWOW64\Gplbcgbg.exeC:\Windows\system32\Gplbcgbg.exe14⤵
-
C:\Windows\SysWOW64\Gcgndf32.exeC:\Windows\system32\Gcgndf32.exe15⤵
-
C:\Windows\SysWOW64\Gffkpa32.exeC:\Windows\system32\Gffkpa32.exe16⤵
-
C:\Windows\SysWOW64\Gnmbao32.exeC:\Windows\system32\Gnmbao32.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gpnoigpe.exeC:\Windows\system32\Gpnoigpe.exe18⤵
-
C:\Windows\SysWOW64\Hjdcfp32.exeC:\Windows\system32\Hjdcfp32.exe19⤵
-
C:\Windows\SysWOW64\Hmbpbk32.exeC:\Windows\system32\Hmbpbk32.exe20⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hpqlof32.exeC:\Windows\system32\Hpqlof32.exe21⤵
-
C:\Windows\SysWOW64\Hhjqec32.exeC:\Windows\system32\Hhjqec32.exe22⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hjimaole.exeC:\Windows\system32\Hjimaole.exe23⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hmginjki.exeC:\Windows\system32\Hmginjki.exe24⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hdaajd32.exeC:\Windows\system32\Hdaajd32.exe25⤵
-
C:\Windows\SysWOW64\Neebkkgi.exeC:\Windows\system32\Neebkkgi.exe26⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nojfic32.exeC:\Windows\system32\Nojfic32.exe27⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Negoaj32.exeC:\Windows\system32\Negoaj32.exe28⤵
-
C:\Windows\SysWOW64\Nkagndmc.exeC:\Windows\system32\Nkagndmc.exe29⤵
-
C:\Windows\SysWOW64\Nejkfj32.exeC:\Windows\system32\Nejkfj32.exe30⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Okcccdkp.exeC:\Windows\system32\Okcccdkp.exe31⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ondleo32.exeC:\Windows\system32\Ondleo32.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Oaeegjeb.exeC:\Windows\system32\Oaeegjeb.exe33⤵
-
C:\Windows\SysWOW64\Okkidceh.exeC:\Windows\system32\Okkidceh.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oagbljcp.exeC:\Windows\system32\Oagbljcp.exe35⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pgdgodhj.exeC:\Windows\system32\Pgdgodhj.exe36⤵
-
C:\Windows\SysWOW64\Efnennjc.exeC:\Windows\system32\Efnennjc.exe37⤵
-
C:\Windows\SysWOW64\Ipldpo32.exeC:\Windows\system32\Ipldpo32.exe38⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kgkooeen.exeC:\Windows\system32\Kgkooeen.exe39⤵
-
C:\Windows\SysWOW64\Ojmcej32.exeC:\Windows\system32\Ojmcej32.exe40⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aeemop32.exeC:\Windows\system32\Aeemop32.exe41⤵
-
C:\Windows\SysWOW64\Bjnece32.exeC:\Windows\system32\Bjnece32.exe42⤵
-
C:\Windows\SysWOW64\Blmamh32.exeC:\Windows\system32\Blmamh32.exe43⤵
-
C:\Windows\SysWOW64\Caapfnkd.exeC:\Windows\system32\Caapfnkd.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Chmehhpn.exeC:\Windows\system32\Chmehhpn.exe45⤵
-
C:\Windows\SysWOW64\Cefolk32.exeC:\Windows\system32\Cefolk32.exe46⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dlbcoe32.exeC:\Windows\system32\Dlbcoe32.exe47⤵
-
C:\Windows\SysWOW64\Dboiaoff.exeC:\Windows\system32\Dboiaoff.exe48⤵
-
C:\Windows\SysWOW64\Dccbln32.exeC:\Windows\system32\Dccbln32.exe49⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Eceoanpo.exeC:\Windows\system32\Eceoanpo.exe50⤵
-
C:\Windows\SysWOW64\Edihof32.exeC:\Windows\system32\Edihof32.exe51⤵
-
C:\Windows\SysWOW64\Ekemap32.exeC:\Windows\system32\Ekemap32.exe52⤵
-
C:\Windows\SysWOW64\Flgfqb32.exeC:\Windows\system32\Flgfqb32.exe53⤵
-
C:\Windows\SysWOW64\Fhngfcdi.exeC:\Windows\system32\Fhngfcdi.exe54⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fhpckb32.exeC:\Windows\system32\Fhpckb32.exe55⤵
-
C:\Windows\SysWOW64\Fcfhhk32.exeC:\Windows\system32\Fcfhhk32.exe56⤵
-
C:\Windows\SysWOW64\Flnlaahl.exeC:\Windows\system32\Flnlaahl.exe57⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ghgjlaln.exeC:\Windows\system32\Ghgjlaln.exe58⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gcagdj32.exeC:\Windows\system32\Gcagdj32.exe59⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gohhik32.exeC:\Windows\system32\Gohhik32.exe60⤵
-
C:\Windows\SysWOW64\Giqlbqcc.exeC:\Windows\system32\Giqlbqcc.exe61⤵
-
C:\Windows\SysWOW64\Hdgmga32.exeC:\Windows\system32\Hdgmga32.exe62⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hiefmp32.exeC:\Windows\system32\Hiefmp32.exe63⤵
-
C:\Windows\SysWOW64\Hfiffd32.exeC:\Windows\system32\Hfiffd32.exe64⤵
-
C:\Windows\SysWOW64\Hmfkin32.exeC:\Windows\system32\Hmfkin32.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Iempingp.exeC:\Windows\system32\Iempingp.exe66⤵
-
C:\Windows\SysWOW64\Megdmhbp.exeC:\Windows\system32\Megdmhbp.exe67⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qgllpf32.exeC:\Windows\system32\Qgllpf32.exe68⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Qmhdhm32.exeC:\Windows\system32\Qmhdhm32.exe1⤵
-
C:\Windows\SysWOW64\Qnhabp32.exeC:\Windows\system32\Qnhabp32.exe2⤵
-
C:\Windows\SysWOW64\Aceijg32.exeC:\Windows\system32\Aceijg32.exe3⤵
-
C:\Windows\SysWOW64\Afcffb32.exeC:\Windows\system32\Afcffb32.exe4⤵
-
C:\Windows\SysWOW64\Aqijdk32.exeC:\Windows\system32\Aqijdk32.exe5⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aqkgikip.exeC:\Windows\system32\Aqkgikip.exe6⤵
-
C:\Windows\SysWOW64\Afhoaahg.exeC:\Windows\system32\Afhoaahg.exe7⤵
-
C:\Windows\SysWOW64\Anogbohj.exeC:\Windows\system32\Anogbohj.exe8⤵
-
C:\Windows\SysWOW64\Aancojgn.exeC:\Windows\system32\Aancojgn.exe9⤵
-
C:\Windows\SysWOW64\Aclpkffa.exeC:\Windows\system32\Aclpkffa.exe10⤵
-
C:\Windows\SysWOW64\Bccfleqi.exeC:\Windows\system32\Bccfleqi.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bjmnho32.exeC:\Windows\system32\Bjmnho32.exe12⤵
-
C:\Windows\SysWOW64\Bcebadof.exeC:\Windows\system32\Bcebadof.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ibicgmhe.exeC:\Windows\system32\Ibicgmhe.exe14⤵
-
C:\Windows\SysWOW64\Ccpkblqn.exeC:\Windows\system32\Ccpkblqn.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hgghdp32.exeC:\Windows\system32\Hgghdp32.exe16⤵
-
C:\Windows\SysWOW64\Hjedpkne.exeC:\Windows\system32\Hjedpkne.exe17⤵
-
C:\Windows\SysWOW64\Lhhchi32.exeC:\Windows\system32\Lhhchi32.exe18⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pefhfgoc.exeC:\Windows\system32\Pefhfgoc.exe19⤵
-
C:\Windows\SysWOW64\Dfjpppbh.exeC:\Windows\system32\Dfjpppbh.exe20⤵
-
C:\Windows\SysWOW64\Idoknmfj.exeC:\Windows\system32\Idoknmfj.exe21⤵
-
C:\Windows\SysWOW64\Knfeoobh.exeC:\Windows\system32\Knfeoobh.exe22⤵
-
C:\Windows\SysWOW64\Bhnidi32.exeC:\Windows\system32\Bhnidi32.exe23⤵
-
C:\Windows\SysWOW64\Clplff32.exeC:\Windows\system32\Clplff32.exe24⤵
-
C:\Windows\SysWOW64\Cfmijkhj.exeC:\Windows\system32\Cfmijkhj.exe25⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dbdjol32.exeC:\Windows\system32\Dbdjol32.exe26⤵
-
C:\Windows\SysWOW64\Dohkhq32.exeC:\Windows\system32\Dohkhq32.exe27⤵
-
C:\Windows\SysWOW64\Dkokma32.exeC:\Windows\system32\Dkokma32.exe28⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Diclff32.exeC:\Windows\system32\Diclff32.exe29⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dieilepc.exeC:\Windows\system32\Dieilepc.exe30⤵
-
C:\Windows\SysWOW64\Dmcabd32.exeC:\Windows\system32\Dmcabd32.exe31⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Eijbge32.exeC:\Windows\system32\Eijbge32.exe32⤵
-
C:\Windows\SysWOW64\Emhkmcbd.exeC:\Windows\system32\Emhkmcbd.exe33⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Emjgcc32.exeC:\Windows\system32\Emjgcc32.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Efbllhfb.exeC:\Windows\system32\Efbllhfb.exe35⤵
-
C:\Windows\SysWOW64\Epkpdn32.exeC:\Windows\system32\Epkpdn32.exe36⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ekaaio32.exeC:\Windows\system32\Ekaaio32.exe37⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fmancbji.exeC:\Windows\system32\Fmancbji.exe38⤵
-
C:\Windows\SysWOW64\Fihnhc32.exeC:\Windows\system32\Fihnhc32.exe39⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Fnegqjne.exeC:\Windows\system32\Fnegqjne.exe40⤵
-
C:\Windows\SysWOW64\Fngcfikb.exeC:\Windows\system32\Fngcfikb.exe41⤵
-
C:\Windows\SysWOW64\Fpfppl32.exeC:\Windows\system32\Fpfppl32.exe42⤵
-
C:\Windows\SysWOW64\Gpimflqb.exeC:\Windows\system32\Gpimflqb.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gefencoj.exeC:\Windows\system32\Gefencoj.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gbjegg32.exeC:\Windows\system32\Gbjegg32.exe45⤵
-
C:\Windows\SysWOW64\Gblbmg32.exeC:\Windows\system32\Gblbmg32.exe46⤵
-
C:\Windows\SysWOW64\Gmafjp32.exeC:\Windows\system32\Gmafjp32.exe47⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hiajeoip.exeC:\Windows\system32\Hiajeoip.exe48⤵
-
C:\Windows\SysWOW64\Hpnohinj.exeC:\Windows\system32\Hpnohinj.exe49⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iimjan32.exeC:\Windows\system32\Iimjan32.exe50⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Jplkig32.exeC:\Windows\system32\Jplkig32.exe51⤵
-
C:\Windows\SysWOW64\Jpnhof32.exeC:\Windows\system32\Jpnhof32.exe52⤵
-
C:\Windows\SysWOW64\Jekqgnno.exeC:\Windows\system32\Jekqgnno.exe53⤵
-
C:\Windows\SysWOW64\Kphkee32.exeC:\Windows\system32\Kphkee32.exe54⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Komhfa32.exeC:\Windows\system32\Komhfa32.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Koodka32.exeC:\Windows\system32\Koodka32.exe56⤵
-
C:\Windows\SysWOW64\Klceeejl.exeC:\Windows\system32\Klceeejl.exe57⤵
-
C:\Windows\SysWOW64\Lqjqab32.exeC:\Windows\system32\Lqjqab32.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lckicnei.exeC:\Windows\system32\Lckicnei.exe59⤵
-
C:\Windows\SysWOW64\Modgnn32.exeC:\Windows\system32\Modgnn32.exe60⤵
-
C:\Windows\SysWOW64\Mnhdae32.exeC:\Windows\system32\Mnhdae32.exe61⤵
-
C:\Windows\SysWOW64\Mmmqbb32.exeC:\Windows\system32\Mmmqbb32.exe62⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nfeekgjo.exeC:\Windows\system32\Nfeekgjo.exe63⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nclbjk32.exeC:\Windows\system32\Nclbjk32.exe64⤵
-
C:\Windows\SysWOW64\Ngikpjml.exeC:\Windows\system32\Ngikpjml.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Nabpiocm.exeC:\Windows\system32\Nabpiocm.exe66⤵
-
C:\Windows\SysWOW64\Njjdae32.exeC:\Windows\system32\Njjdae32.exe67⤵
-
C:\Windows\SysWOW64\Ocbhjjqn.exeC:\Windows\system32\Ocbhjjqn.exe68⤵
-
C:\Windows\SysWOW64\Onhmhc32.exeC:\Windows\system32\Onhmhc32.exe69⤵
-
C:\Windows\SysWOW64\Oceepj32.exeC:\Windows\system32\Oceepj32.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ojommdfh.exeC:\Windows\system32\Ojommdfh.exe71⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ojajbdde.exeC:\Windows\system32\Ojajbdde.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ompfnoci.exeC:\Windows\system32\Ompfnoci.exe73⤵
-
C:\Windows\SysWOW64\Opnbjk32.exeC:\Windows\system32\Opnbjk32.exe74⤵
-
C:\Windows\SysWOW64\Ombcdo32.exeC:\Windows\system32\Ombcdo32.exe75⤵
-
C:\Windows\SysWOW64\Oclkqihc.exeC:\Windows\system32\Oclkqihc.exe76⤵
-
C:\Windows\SysWOW64\Onapnbhi.exeC:\Windows\system32\Onapnbhi.exe77⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Pabhpm32.exeC:\Windows\system32\Pabhpm32.exe78⤵
-
C:\Windows\SysWOW64\Pjkmhblk.exeC:\Windows\system32\Pjkmhblk.exe79⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Padeem32.exeC:\Windows\system32\Padeem32.exe80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pmkfjn32.exeC:\Windows\system32\Pmkfjn32.exe81⤵
-
C:\Windows\SysWOW64\Phajgf32.exeC:\Windows\system32\Phajgf32.exe82⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Phcgmffo.exeC:\Windows\system32\Phcgmffo.exe83⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qfhdnb32.exeC:\Windows\system32\Qfhdnb32.exe84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dnjdigpf.exeC:\Windows\system32\Dnjdigpf.exe85⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dqipeboj.exeC:\Windows\system32\Dqipeboj.exe86⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fnacqc32.exeC:\Windows\system32\Fnacqc32.exe87⤵
-
C:\Windows\SysWOW64\Fqpomo32.exeC:\Windows\system32\Fqpomo32.exe88⤵
-
C:\Windows\SysWOW64\Fenhcnaf.exeC:\Windows\system32\Fenhcnaf.exe89⤵
-
C:\Windows\SysWOW64\Kplmenpl.exeC:\Windows\system32\Kplmenpl.exe90⤵
-
C:\Windows\SysWOW64\Klbnjo32.exeC:\Windows\system32\Klbnjo32.exe91⤵
-
C:\Windows\SysWOW64\Kcmfgimm.exeC:\Windows\system32\Kcmfgimm.exe92⤵
-
C:\Windows\SysWOW64\Lpccfm32.exeC:\Windows\system32\Lpccfm32.exe93⤵
-
C:\Windows\SysWOW64\Ladpnepb.exeC:\Windows\system32\Ladpnepb.exe94⤵
-
C:\Windows\SysWOW64\Lohqgj32.exeC:\Windows\system32\Lohqgj32.exe95⤵
-
C:\Windows\SysWOW64\Ljnddb32.exeC:\Windows\system32\Ljnddb32.exe96⤵
-
C:\Windows\SysWOW64\Ljpajbmo.exeC:\Windows\system32\Ljpajbmo.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mcmongoj.exeC:\Windows\system32\Mcmongoj.exe98⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mledgm32.exeC:\Windows\system32\Mledgm32.exe99⤵
-
C:\Windows\SysWOW64\Mfnhpblk.exeC:\Windows\system32\Mfnhpblk.exe100⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mfpeeb32.exeC:\Windows\system32\Mfpeeb32.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dacmjpgf.exeC:\Windows\system32\Dacmjpgf.exe102⤵
-
C:\Windows\SysWOW64\Dcdiahme.exeC:\Windows\system32\Dcdiahme.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dkkabeng.exeC:\Windows\system32\Dkkabeng.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Daeioo32.exeC:\Windows\system32\Daeioo32.exe105⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ddcekk32.exeC:\Windows\system32\Ddcekk32.exe106⤵
-
C:\Windows\SysWOW64\Dknnhekd.exeC:\Windows\system32\Dknnhekd.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dnqcop32.exeC:\Windows\system32\Dnqcop32.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Edklljnp.exeC:\Windows\system32\Edklljnp.exe109⤵
-
C:\Windows\SysWOW64\Egihhe32.exeC:\Windows\system32\Egihhe32.exe110⤵
-
C:\Windows\SysWOW64\Encpeodp.exeC:\Windows\system32\Encpeodp.exe111⤵
-
C:\Windows\SysWOW64\Edmhai32.exeC:\Windows\system32\Edmhai32.exe112⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Egkdne32.exeC:\Windows\system32\Egkdne32.exe113⤵
-
C:\Windows\SysWOW64\Faholm32.exeC:\Windows\system32\Faholm32.exe114⤵
-
C:\Windows\SysWOW64\Fcikcekm.exeC:\Windows\system32\Fcikcekm.exe115⤵
-
C:\Windows\SysWOW64\Fkpcdbko.exeC:\Windows\system32\Fkpcdbko.exe116⤵
-
C:\Windows\SysWOW64\Fdihmh32.exeC:\Windows\system32\Fdihmh32.exe117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fggdic32.exeC:\Windows\system32\Fggdic32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Fjepfo32.exeC:\Windows\system32\Fjepfo32.exe119⤵
-
C:\Windows\SysWOW64\Fqphbi32.exeC:\Windows\system32\Fqphbi32.exe120⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fdkdcgpm.exeC:\Windows\system32\Fdkdcgpm.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-