Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
14/10/2023, 19:09
General
-
Target
NEAS.b2ace20c17c4a2f8ecc897ff2e7ecbd0.exe
-
Size
465KB
-
MD5
b2ace20c17c4a2f8ecc897ff2e7ecbd0
-
SHA1
ee8cb97aaa4289b118e00d0c424d140c286c2958
-
SHA256
00fd3500f83b01c13ad0fdc9062b76ed4f19b75b1fb5c1c1c771e59a05669131
-
SHA512
d110e27854d94737badd837430c61d09592008f8297b7ee54b1de3928b5c7f4e15c21773caa8ab81438c94fff29db4341def62b63caadb4a6aacb205c0cb1877
-
SSDEEP
12288:1kTwjQPBvU35t6NSN6G5tP6sus5t6NSN6G5tooQ:1WwjQPBvUWc6vc6XoQ
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.b2ace20c17c4a2f8ecc897ff2e7ecbd0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.b2ace20c17c4a2f8ecc897ff2e7ecbd0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oloahhki.exeC:\Windows\system32\Oloahhki.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oeheqm32.exeC:\Windows\system32\Oeheqm32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oejbfmpg.exeC:\Windows\system32\Oejbfmpg.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ojgjndno.exeC:\Windows\system32\Ojgjndno.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oaqbkn32.exeC:\Windows\system32\Oaqbkn32.exe6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kdkoef32.exeC:\Windows\system32\Kdkoef32.exe7⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ollljmhg.exeC:\Windows\system32\Ollljmhg.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fpandm32.exeC:\Windows\system32\Fpandm32.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gqokekph.exeC:\Windows\system32\Gqokekph.exe10⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hcembe32.exeC:\Windows\system32\Hcembe32.exe11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hjoeoo32.exeC:\Windows\system32\Hjoeoo32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hqimlihn.exeC:\Windows\system32\Hqimlihn.exe13⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hjabdo32.exeC:\Windows\system32\Hjabdo32.exe14⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Hqkjaifk.exeC:\Windows\system32\Hqkjaifk.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hjcojo32.exeC:\Windows\system32\Hjcojo32.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\Hclccd32.exeC:\Windows\system32\Hclccd32.exe1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iqbpahpc.exeC:\Windows\system32\Iqbpahpc.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ifaepolg.exeC:\Windows\system32\Ifaepolg.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Iebfmfdg.exeC:\Windows\system32\Iebfmfdg.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
-
-
-
C:\Windows\SysWOW64\Iedbcebd.exeC:\Windows\system32\Iedbcebd.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jakchf32.exeC:\Windows\system32\Jakchf32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kmlgcf32.exeC:\Windows\system32\Kmlgcf32.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Keekjc32.exeC:\Windows\system32\Keekjc32.exe4⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kdjhkp32.exeC:\Windows\system32\Kdjhkp32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lacbpccn.exeC:\Windows\system32\Lacbpccn.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhogamih.exeC:\Windows\system32\Lhogamih.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lhdqml32.exeC:\Windows\system32\Lhdqml32.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmqiec32.exeC:\Windows\system32\Lmqiec32.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mkdiog32.exeC:\Windows\system32\Mkdiog32.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhkgnkoj.exeC:\Windows\system32\Mhkgnkoj.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mklpof32.exeC:\Windows\system32\Mklpof32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mdddhlbl.exeC:\Windows\system32\Mdddhlbl.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Najagp32.exeC:\Windows\system32\Najagp32.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nnabladg.exeC:\Windows\system32\Nnabladg.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nncoaq32.exeC:\Windows\system32\Nncoaq32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ndpcdjho.exeC:\Windows\system32\Ndpcdjho.exe17⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ohnljine.exeC:\Windows\system32\Ohnljine.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Onjebpml.exeC:\Windows\system32\Onjebpml.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Okneldkf.exeC:\Windows\system32\Okneldkf.exe20⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Oediim32.exeC:\Windows\system32\Oediim32.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ononmo32.exeC:\Windows\system32\Ononmo32.exe22⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Oggbfdog.exeC:\Windows\system32\Oggbfdog.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ofhcdlgg.exeC:\Windows\system32\Ofhcdlgg.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pndhhnda.exeC:\Windows\system32\Pndhhnda.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pkhhbbck.exeC:\Windows\system32\Pkhhbbck.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pbapom32.exeC:\Windows\system32\Pbapom32.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pnhacn32.exeC:\Windows\system32\Pnhacn32.exe28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pohnnqgo.exeC:\Windows\system32\Pohnnqgo.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdeffgff.exeC:\Windows\system32\Pdeffgff.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pbifol32.exeC:\Windows\system32\Pbifol32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Phbolflm.exeC:\Windows\system32\Phbolflm.exe32⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Aocmio32.exeC:\Windows\system32\Aocmio32.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aofjoo32.exeC:\Windows\system32\Aofjoo32.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Agaoca32.exeC:\Windows\system32\Agaoca32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abgcqjhp.exeC:\Windows\system32\Abgcqjhp.exe36⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Agckiqgg.exeC:\Windows\system32\Agckiqgg.exe37⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bichcc32.exeC:\Windows\system32\Bichcc32.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bnppkj32.exeC:\Windows\system32\Bnppkj32.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Biedhclh.exeC:\Windows\system32\Biedhclh.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bbniai32.exeC:\Windows\system32\Bbniai32.exe41⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bkfmjnii.exeC:\Windows\system32\Bkfmjnii.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bgmnooom.exeC:\Windows\system32\Bgmnooom.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Biljib32.exeC:\Windows\system32\Biljib32.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bpfcelml.exeC:\Windows\system32\Bpfcelml.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dpdogj32.exeC:\Windows\system32\Dpdogj32.exe46⤵
-
C:\Windows\SysWOW64\Dfngcdhi.exeC:\Windows\system32\Dfngcdhi.exe47⤵
-
C:\Windows\SysWOW64\Dfqdid32.exeC:\Windows\system32\Dfqdid32.exe48⤵
-
C:\Windows\SysWOW64\Defajqko.exeC:\Windows\system32\Defajqko.exe49⤵
-
C:\Windows\SysWOW64\Dpkehi32.exeC:\Windows\system32\Dpkehi32.exe50⤵
-
C:\Windows\SysWOW64\Dfemdcba.exeC:\Windows\system32\Dfemdcba.exe51⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Efhjjcpo.exeC:\Windows\system32\Efhjjcpo.exe52⤵
-
C:\Windows\SysWOW64\Eoconenj.exeC:\Windows\system32\Eoconenj.exe53⤵
-
C:\Windows\SysWOW64\Ehkcgkdj.exeC:\Windows\system32\Ehkcgkdj.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Eikpan32.exeC:\Windows\system32\Eikpan32.exe55⤵
-
C:\Windows\SysWOW64\Eohhie32.exeC:\Windows\system32\Eohhie32.exe56⤵
-
C:\Windows\SysWOW64\Ehpmbj32.exeC:\Windows\system32\Ehpmbj32.exe57⤵
-
C:\Windows\SysWOW64\Eedmlo32.exeC:\Windows\system32\Eedmlo32.exe58⤵
-
C:\Windows\SysWOW64\Elnehifk.exeC:\Windows\system32\Elnehifk.exe59⤵
-
C:\Windows\SysWOW64\Fhefmjlp.exeC:\Windows\system32\Fhefmjlp.exe60⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Feifgnki.exeC:\Windows\system32\Feifgnki.exe61⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fcmgpbjc.exeC:\Windows\system32\Fcmgpbjc.exe62⤵
-
C:\Windows\SysWOW64\Fifomlap.exeC:\Windows\system32\Fifomlap.exe63⤵
-
C:\Windows\SysWOW64\Fpqgjf32.exeC:\Windows\system32\Fpqgjf32.exe64⤵
-
C:\Windows\SysWOW64\Fhllni32.exeC:\Windows\system32\Fhllni32.exe65⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Gebimmco.exeC:\Windows\system32\Gebimmco.exe66⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ghqeihbb.exeC:\Windows\system32\Ghqeihbb.exe67⤵
-
C:\Windows\SysWOW64\Ggafgo32.exeC:\Windows\system32\Ggafgo32.exe68⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Glnnofhi.exeC:\Windows\system32\Glnnofhi.exe69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Phiekaql.exeC:\Windows\system32\Phiekaql.exe70⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pkgaglpp.exeC:\Windows\system32\Pkgaglpp.exe71⤵
-
C:\Windows\SysWOW64\Ppdjpcng.exeC:\Windows\system32\Ppdjpcng.exe72⤵
-
C:\Windows\SysWOW64\Pnhjig32.exeC:\Windows\system32\Pnhjig32.exe73⤵
-
C:\Windows\SysWOW64\Pdbbfadn.exeC:\Windows\system32\Pdbbfadn.exe74⤵
-
C:\Windows\SysWOW64\Pgpobmca.exeC:\Windows\system32\Pgpobmca.exe75⤵
-
C:\Windows\SysWOW64\Pnjgog32.exeC:\Windows\system32\Pnjgog32.exe76⤵
-
C:\Windows\SysWOW64\Pphckb32.exeC:\Windows\system32\Pphckb32.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pgbkgmao.exeC:\Windows\system32\Pgbkgmao.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pnlcdg32.exeC:\Windows\system32\Pnlcdg32.exe79⤵
-
C:\Windows\SysWOW64\Qpkppbho.exeC:\Windows\system32\Qpkppbho.exe80⤵
-
C:\Windows\SysWOW64\Qjcdih32.exeC:\Windows\system32\Qjcdih32.exe81⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ancjef32.exeC:\Windows\system32\Ancjef32.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Adnbapjp.exeC:\Windows\system32\Adnbapjp.exe83⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Akgjnj32.exeC:\Windows\system32\Akgjnj32.exe84⤵
-
C:\Windows\SysWOW64\Anffje32.exeC:\Windows\system32\Anffje32.exe85⤵
-
C:\Windows\SysWOW64\Adpogp32.exeC:\Windows\system32\Adpogp32.exe86⤵
-
C:\Windows\SysWOW64\Agnkck32.exeC:\Windows\system32\Agnkck32.exe87⤵
-
C:\Windows\SysWOW64\Abflfc32.exeC:\Windows\system32\Abflfc32.exe88⤵
-
C:\Windows\SysWOW64\Ahpdcn32.exeC:\Windows\system32\Ahpdcn32.exe89⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Anmmkd32.exeC:\Windows\system32\Anmmkd32.exe90⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bdgehobe.exeC:\Windows\system32\Bdgehobe.exe91⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bkamdi32.exeC:\Windows\system32\Bkamdi32.exe92⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bbkeacqo.exeC:\Windows\system32\Bbkeacqo.exe93⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bhennm32.exeC:\Windows\system32\Bhennm32.exe94⤵
-
C:\Windows\SysWOW64\Bkcjjhgp.exeC:\Windows\system32\Bkcjjhgp.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bdlncn32.exeC:\Windows\system32\Bdlncn32.exe96⤵
-
C:\Windows\SysWOW64\Bndblcdq.exeC:\Windows\system32\Bndblcdq.exe97⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bdnkhn32.exeC:\Windows\system32\Bdnkhn32.exe98⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bglgdi32.exeC:\Windows\system32\Bglgdi32.exe99⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bjkcqdje.exeC:\Windows\system32\Bjkcqdje.exe100⤵
-
C:\Windows\SysWOW64\Bbbkbbkg.exeC:\Windows\system32\Bbbkbbkg.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bilcol32.exeC:\Windows\system32\Bilcol32.exe102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bkjpkg32.exeC:\Windows\system32\Bkjpkg32.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cbdhgaid.exeC:\Windows\system32\Cbdhgaid.exe104⤵
-
C:\Windows\SysWOW64\Cebdcmhh.exeC:\Windows\system32\Cebdcmhh.exe105⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cjomldfp.exeC:\Windows\system32\Cjomldfp.exe106⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cghgpgqd.exeC:\Windows\system32\Cghgpgqd.exe107⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Cnboma32.exeC:\Windows\system32\Cnboma32.exe108⤵
-
C:\Windows\SysWOW64\Celgjlpn.exeC:\Windows\system32\Celgjlpn.exe109⤵
-
C:\Windows\SysWOW64\Cgjcfgoa.exeC:\Windows\system32\Cgjcfgoa.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Djipbbne.exeC:\Windows\system32\Djipbbne.exe111⤵
-
C:\Windows\SysWOW64\Dabhomea.exeC:\Windows\system32\Dabhomea.exe112⤵
-
C:\Windows\SysWOW64\Dbbdip32.exeC:\Windows\system32\Dbbdip32.exe113⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pihdnloc.exeC:\Windows\system32\Pihdnloc.exe114⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Baojkdqb.exeC:\Windows\system32\Baojkdqb.exe115⤵
-
C:\Windows\SysWOW64\Hfacai32.exeC:\Windows\system32\Hfacai32.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Immhdc32.exeC:\Windows\system32\Immhdc32.exe117⤵
-
C:\Windows\SysWOW64\Jaddpppa.exeC:\Windows\system32\Jaddpppa.exe118⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mjnnmn32.exeC:\Windows\system32\Mjnnmn32.exe119⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Nkijbooo.exeC:\Windows\system32\Nkijbooo.exe120⤵
-
C:\Windows\SysWOW64\Pjffkhpl.exeC:\Windows\system32\Pjffkhpl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-