Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 18:03
General
-
Target
NEAS.80f70f59990ccc85b27e9c9b1abb8dc0.exe
-
Size
442KB
-
MD5
80f70f59990ccc85b27e9c9b1abb8dc0
-
SHA1
ad431f987c4734ff200656b021d55571dd2f46a8
-
SHA256
f19c0327be51de7c5298df7df1e9eab234237616652e61820eb409ab97738828
-
SHA512
7afacaa549cb87cfbfb10d3e9d46604cfa4485d072cc0f4214c8ec8026ea48324f137ee0d7a5cba871ec1bd7bcbcea2fdfc895df58897fb656e37437f4158934
-
SSDEEP
3072:lcrTiMqYr46bOjlbQlK+AqYkqrifbdB7dYk1Bx8DpsV68RfPi4meqByN2DmtXGTf:Kr5qmbOuhYkym/89bifPidzIEZ/VZ
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.80f70f59990ccc85b27e9c9b1abb8dc0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.80f70f59990ccc85b27e9c9b1abb8dc0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Llmhaold.exeC:\Windows\system32\Llmhaold.exe2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lnldla32.exeC:\Windows\system32\Lnldla32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lmaamn32.exeC:\Windows\system32\Lmaamn32.exe4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mgnlkfal.exeC:\Windows\system32\Mgnlkfal.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mnjqmpgg.exeC:\Windows\system32\Mnjqmpgg.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nqmfdj32.exeC:\Windows\system32\Nqmfdj32.exe7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Nqpcjj32.exeC:\Windows\system32\Nqpcjj32.exe8⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cdimqm32.exeC:\Windows\system32\Cdimqm32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Caojpaij.exeC:\Windows\system32\Caojpaij.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Chkobkod.exeC:\Windows\system32\Chkobkod.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dddllkbf.exeC:\Windows\system32\Dddllkbf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dakikoom.exeC:\Windows\system32\Dakikoom.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Doojec32.exeC:\Windows\system32\Doojec32.exe14⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Doagjc32.exeC:\Windows\system32\Doagjc32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebaplnie.exeC:\Windows\system32\Ebaplnie.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eqgmmk32.exeC:\Windows\system32\Eqgmmk32.exe17⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eohmkb32.exeC:\Windows\system32\Eohmkb32.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ekonpckp.exeC:\Windows\system32\Ekonpckp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ebkbbmqj.exeC:\Windows\system32\Ebkbbmqj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fnbcgn32.exeC:\Windows\system32\Fnbcgn32.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fqbliicp.exeC:\Windows\system32\Fqbliicp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Foclgq32.exeC:\Windows\system32\Foclgq32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fkjmlaac.exeC:\Windows\system32\Fkjmlaac.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Fkmjaa32.exeC:\Windows\system32\Fkmjaa32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Fkofga32.exeC:\Windows\system32\Fkofga32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Gaqhjggp.exeC:\Windows\system32\Gaqhjggp.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gpdennml.exeC:\Windows\system32\Gpdennml.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hpioin32.exeC:\Windows\system32\Hpioin32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Heegad32.exeC:\Windows\system32\Heegad32.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Haodle32.exeC:\Windows\system32\Haodle32.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lebijnak.exeC:\Windows\system32\Lebijnak.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhcali32.exeC:\Windows\system32\Lhcali32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhenai32.exeC:\Windows\system32\Lhenai32.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mqjbddpl.exeC:\Windows\system32\Mqjbddpl.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nhhdnf32.exeC:\Windows\system32\Nhhdnf32.exe10⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nbphglbe.exeC:\Windows\system32\Nbphglbe.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ncpeaoih.exeC:\Windows\system32\Ncpeaoih.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nmhijd32.exeC:\Windows\system32\Nmhijd32.exe13⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nmjfodne.exeC:\Windows\system32\Nmjfodne.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ofckhj32.exeC:\Windows\system32\Ofckhj32.exe15⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ocihgnam.exeC:\Windows\system32\Ocihgnam.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omalpc32.exeC:\Windows\system32\Omalpc32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Omdieb32.exeC:\Windows\system32\Omdieb32.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oflmnh32.exeC:\Windows\system32\Oflmnh32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppdbgncl.exeC:\Windows\system32\Ppdbgncl.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppgomnai.exeC:\Windows\system32\Ppgomnai.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcegclgp.exeC:\Windows\system32\Pcegclgp.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aagdnn32.exeC:\Windows\system32\Aagdnn32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Afcmfe32.exeC:\Windows\system32\Afcmfe32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aplaoj32.exeC:\Windows\system32\Aplaoj32.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aidehpea.exeC:\Windows\system32\Aidehpea.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Afhfaddk.exeC:\Windows\system32\Afhfaddk.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdlfjh32.exeC:\Windows\system32\Bdlfjh32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bfmolc32.exeC:\Windows\system32\Bfmolc32.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bkkhbb32.exeC:\Windows\system32\Bkkhbb32.exe30⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bipecnkd.exeC:\Windows\system32\Bipecnkd.exe31⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cpljehpo.exeC:\Windows\system32\Cpljehpo.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cienon32.exeC:\Windows\system32\Cienon32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ckdkhq32.exeC:\Windows\system32\Ckdkhq32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cmedjl32.exeC:\Windows\system32\Cmedjl32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cgmhcaac.exeC:\Windows\system32\Cgmhcaac.exe36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dgpeha32.exeC:\Windows\system32\Dgpeha32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dcffnbee.exeC:\Windows\system32\Dcffnbee.exe38⤵
-
C:\Windows\SysWOW64\Dickplko.exeC:\Windows\system32\Dickplko.exe39⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dkbgjo32.exeC:\Windows\system32\Dkbgjo32.exe40⤵
-
C:\Windows\SysWOW64\Dgihop32.exeC:\Windows\system32\Dgihop32.exe41⤵
-
C:\Windows\SysWOW64\Ekgqennl.exeC:\Windows\system32\Ekgqennl.exe42⤵
-
C:\Windows\SysWOW64\Ecbeip32.exeC:\Windows\system32\Ecbeip32.exe43⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ecdbop32.exeC:\Windows\system32\Ecdbop32.exe44⤵
-
C:\Windows\SysWOW64\Ephbhd32.exeC:\Windows\system32\Ephbhd32.exe45⤵
-
C:\Windows\SysWOW64\Ejagaj32.exeC:\Windows\system32\Ejagaj32.exe46⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fnalmh32.exeC:\Windows\system32\Fnalmh32.exe47⤵
-
C:\Windows\SysWOW64\Fdmaoahm.exeC:\Windows\system32\Fdmaoahm.exe48⤵
-
C:\Windows\SysWOW64\Gndbie32.exeC:\Windows\system32\Gndbie32.exe49⤵
-
C:\Windows\SysWOW64\Hqghqpnl.exeC:\Windows\system32\Hqghqpnl.exe50⤵
-
C:\Windows\SysWOW64\Heepfn32.exeC:\Windows\system32\Heepfn32.exe51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Leoejh32.exeC:\Windows\system32\Leoejh32.exe52⤵
-
C:\Windows\SysWOW64\Llimgb32.exeC:\Windows\system32\Llimgb32.exe53⤵
-
C:\Windows\SysWOW64\Laffpi32.exeC:\Windows\system32\Laffpi32.exe54⤵
-
C:\Windows\SysWOW64\Lhpnlclc.exeC:\Windows\system32\Lhpnlclc.exe55⤵
-
C:\Windows\SysWOW64\Lbebilli.exeC:\Windows\system32\Lbebilli.exe56⤵
-
C:\Windows\SysWOW64\Ldfoad32.exeC:\Windows\system32\Ldfoad32.exe57⤵
-
C:\Windows\SysWOW64\Lajokiaa.exeC:\Windows\system32\Lajokiaa.exe58⤵
-
C:\Windows\SysWOW64\Lkcccn32.exeC:\Windows\system32\Lkcccn32.exe59⤵
-
C:\Windows\SysWOW64\Lhgdmb32.exeC:\Windows\system32\Lhgdmb32.exe60⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Moalil32.exeC:\Windows\system32\Moalil32.exe61⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Mekdffee.exeC:\Windows\system32\Mekdffee.exe62⤵
-
C:\Windows\SysWOW64\Mcoepkdo.exeC:\Windows\system32\Mcoepkdo.exe63⤵
-
C:\Windows\SysWOW64\Mlifnphl.exeC:\Windows\system32\Mlifnphl.exe64⤵
-
C:\Windows\SysWOW64\Mafofggd.exeC:\Windows\system32\Mafofggd.exe65⤵
-
C:\Windows\SysWOW64\Mkocol32.exeC:\Windows\system32\Mkocol32.exe66⤵
-
C:\Windows\SysWOW64\Nlqloo32.exeC:\Windows\system32\Nlqloo32.exe67⤵
-
C:\Windows\SysWOW64\Namegfql.exeC:\Windows\system32\Namegfql.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Noaeqjpe.exeC:\Windows\system32\Noaeqjpe.exe69⤵
-
C:\Windows\SysWOW64\Nhjjip32.exeC:\Windows\system32\Nhjjip32.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Nbbnbemf.exeC:\Windows\system32\Nbbnbemf.exe71⤵
-
C:\Windows\SysWOW64\Nlgbon32.exeC:\Windows\system32\Nlgbon32.exe72⤵
-
C:\Windows\SysWOW64\Odbgdp32.exeC:\Windows\system32\Odbgdp32.exe73⤵
-
C:\Windows\SysWOW64\Ocdgahag.exeC:\Windows\system32\Ocdgahag.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ofdqcc32.exeC:\Windows\system32\Ofdqcc32.exe75⤵
-
C:\Windows\SysWOW64\Oloipmfd.exeC:\Windows\system32\Oloipmfd.exe76⤵
-
C:\Windows\SysWOW64\Obkahddl.exeC:\Windows\system32\Obkahddl.exe77⤵
-
C:\Windows\SysWOW64\Okceaikl.exeC:\Windows\system32\Okceaikl.exe78⤵
-
C:\Windows\SysWOW64\Ofijnbkb.exeC:\Windows\system32\Ofijnbkb.exe79⤵
-
C:\Windows\SysWOW64\Ooangh32.exeC:\Windows\system32\Ooangh32.exe80⤵
-
C:\Windows\SysWOW64\Pbbgicnd.exeC:\Windows\system32\Pbbgicnd.exe81⤵
-
C:\Windows\SysWOW64\Pkklbh32.exeC:\Windows\system32\Pkklbh32.exe82⤵
-
C:\Windows\SysWOW64\Pfppoa32.exeC:\Windows\system32\Pfppoa32.exe83⤵
-
C:\Windows\SysWOW64\Pbimjb32.exeC:\Windows\system32\Pbimjb32.exe84⤵
-
C:\Windows\SysWOW64\Piceflpi.exeC:\Windows\system32\Piceflpi.exe85⤵
-
C:\Windows\SysWOW64\Pomncfge.exeC:\Windows\system32\Pomncfge.exe86⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Qejfkmem.exeC:\Windows\system32\Qejfkmem.exe87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qppkhfec.exeC:\Windows\system32\Qppkhfec.exe88⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Qihoak32.exeC:\Windows\system32\Qihoak32.exe89⤵
-
C:\Windows\SysWOW64\Abpcja32.exeC:\Windows\system32\Abpcja32.exe90⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Amfhgj32.exeC:\Windows\system32\Amfhgj32.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aimhmkgn.exeC:\Windows\system32\Aimhmkgn.exe92⤵
-
C:\Windows\SysWOW64\Aecialmb.exeC:\Windows\system32\Aecialmb.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Apimodmh.exeC:\Windows\system32\Apimodmh.exe94⤵
-
C:\Windows\SysWOW64\Aiabhj32.exeC:\Windows\system32\Aiabhj32.exe95⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Afeban32.exeC:\Windows\system32\Afeban32.exe96⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cmdmpe32.exeC:\Windows\system32\Cmdmpe32.exe97⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cfmahknh.exeC:\Windows\system32\Cfmahknh.exe98⤵
-
C:\Windows\SysWOW64\Clijablo.exeC:\Windows\system32\Clijablo.exe99⤵
-
C:\Windows\SysWOW64\Dinjjf32.exeC:\Windows\system32\Dinjjf32.exe100⤵
-
C:\Windows\SysWOW64\Dpgbgpbe.exeC:\Windows\system32\Dpgbgpbe.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dbhlikpf.exeC:\Windows\system32\Dbhlikpf.exe102⤵
-
C:\Windows\SysWOW64\Egknji32.exeC:\Windows\system32\Egknji32.exe103⤵
-
C:\Windows\SysWOW64\Epcbbohh.exeC:\Windows\system32\Epcbbohh.exe104⤵
-
C:\Windows\SysWOW64\Eljchpnl.exeC:\Windows\system32\Eljchpnl.exe105⤵
-
C:\Windows\SysWOW64\Eippgckc.exeC:\Windows\system32\Eippgckc.exe106⤵
-
C:\Windows\SysWOW64\Eegqldqg.exeC:\Windows\system32\Eegqldqg.exe107⤵
-
C:\Windows\SysWOW64\Fdhail32.exeC:\Windows\system32\Fdhail32.exe108⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fnqebaog.exeC:\Windows\system32\Fnqebaog.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fdogjk32.exeC:\Windows\system32\Fdogjk32.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fjlpbb32.exeC:\Windows\system32\Fjlpbb32.exe111⤵
-
C:\Windows\SysWOW64\Fcddkggf.exeC:\Windows\system32\Fcddkggf.exe112⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Glmhdm32.exeC:\Windows\system32\Glmhdm32.exe113⤵
-
C:\Windows\SysWOW64\Ggbmafnm.exeC:\Windows\system32\Ggbmafnm.exe114⤵
-
C:\Windows\SysWOW64\Gqkajk32.exeC:\Windows\system32\Gqkajk32.exe115⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gfgjbb32.exeC:\Windows\system32\Gfgjbb32.exe116⤵
-
C:\Windows\SysWOW64\Gdhjpjjd.exeC:\Windows\system32\Gdhjpjjd.exe117⤵
-
C:\Windows\SysWOW64\Gfjfhbpb.exeC:\Windows\system32\Gfjfhbpb.exe118⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Gdkffi32.exeC:\Windows\system32\Gdkffi32.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gmfkjl32.exeC:\Windows\system32\Gmfkjl32.exe120⤵
-
C:\Windows\SysWOW64\Hmhhpkcj.exeC:\Windows\system32\Hmhhpkcj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-