Analysis
-
max time kernel
173s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
31-10-2023 08:39
General
-
Target
NEAS.aa4b401a9c94255ef432283f2693ab44.exe
-
Size
98KB
-
MD5
aa4b401a9c94255ef432283f2693ab44
-
SHA1
fed198b69dff5c57985c01cf1eef3bddbde1803b
-
SHA256
77d7d8111c5ed4dd9631db2c763089570fcdc9e38e5f83276097ba7b365b76a4
-
SHA512
e0b1cd7fe62b3d2c296632362bd3e090af4f1dee92c15041e28f0116fd896e82fed8ccc4254f18107ea2be5b7be653747eb040cca4692ed809dd8587387e97d5
-
SSDEEP
3072:HZ9aEI03e3g5Kct/4UGEaeFKPD375lHzpa1P:HZ9aEIUSgpJ4UGEaeYr75lHzpaF
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.aa4b401a9c94255ef432283f2693ab44.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.aa4b401a9c94255ef432283f2693ab44.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fpqgjf32.exeC:\Windows\system32\Fpqgjf32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hjpkjh32.exeC:\Windows\system32\Hjpkjh32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kaflio32.exeC:\Windows\system32\Kaflio32.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lapopm32.exeC:\Windows\system32\Lapopm32.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lmneemaq.exeC:\Windows\system32\Lmneemaq.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mjkiephp.exeC:\Windows\system32\Mjkiephp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oileakbj.exeC:\Windows\system32\Oileakbj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Oahgnh32.exeC:\Windows\system32\Oahgnh32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pgkegn32.exeC:\Windows\system32\Pgkegn32.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Pklkbl32.exeC:\Windows\system32\Pklkbl32.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aqpika32.exeC:\Windows\system32\Aqpika32.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aaofedkl.exeC:\Windows\system32\Aaofedkl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Aqfolqna.exeC:\Windows\system32\Aqfolqna.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bnaffdfc.exeC:\Windows\system32\Bnaffdfc.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bglgdi32.exeC:\Windows\system32\Bglgdi32.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bgodjiio.exeC:\Windows\system32\Bgodjiio.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Canocm32.exeC:\Windows\system32\Canocm32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dnnoip32.exeC:\Windows\system32\Dnnoip32.exe19⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eecfah32.exeC:\Windows\system32\Eecfah32.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gbhpajlj.exeC:\Windows\system32\Gbhpajlj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hleneo32.exeC:\Windows\system32\Hleneo32.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Hikkdc32.exeC:\Windows\system32\Hikkdc32.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Icjengld.exeC:\Windows\system32\Icjengld.exe24⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ifnkeb32.exeC:\Windows\system32\Ifnkeb32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfnmcnjn.exeC:\Windows\system32\Lfnmcnjn.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nbhcdl32.exeC:\Windows\system32\Nbhcdl32.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppafpm32.exeC:\Windows\system32\Ppafpm32.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pdoofl32.exeC:\Windows\system32\Pdoofl32.exe29⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pindcboi.exeC:\Windows\system32\Pindcboi.exe30⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Acmomgoa.exeC:\Windows\system32\Acmomgoa.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Anccjp32.exeC:\Windows\system32\Anccjp32.exe2⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\Windows\SysWOW64\Akipic32.exeC:\Windows\system32\Akipic32.exe1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Acdeneij.exeC:\Windows\system32\Acdeneij.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bqokhi32.exeC:\Windows\system32\Bqokhi32.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdbmifdl.exeC:\Windows\system32\Cdbmifdl.exe4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Cmmbmiag.exeC:\Windows\system32\Cmmbmiag.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cmdhnhkp.exeC:\Windows\system32\Cmdhnhkp.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Djhiglji.exeC:\Windows\system32\Djhiglji.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dqgjoenq.exeC:\Windows\system32\Dqgjoenq.exe8⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Eghimo32.exeC:\Windows\system32\Eghimo32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fcepbooa.exeC:\Windows\system32\Fcepbooa.exe10⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Faiplcmk.exeC:\Windows\system32\Faiplcmk.exe11⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Flaaok32.exeC:\Windows\system32\Flaaok32.exe12⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Glkdejcd.exeC:\Windows\system32\Glkdejcd.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gokmfe32.exeC:\Windows\system32\Gokmfe32.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hdokok32.exeC:\Windows\system32\Hdokok32.exe15⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jnjednnp.exeC:\Windows\system32\Jnjednnp.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnbdlkje.exeC:\Windows\system32\Lnbdlkje.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lmhnea32.exeC:\Windows\system32\Lmhnea32.exe18⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lmjkka32.exeC:\Windows\system32\Lmjkka32.exe19⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mflbjejb.exeC:\Windows\system32\Mflbjejb.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Npmjij32.exeC:\Windows\system32\Npmjij32.exe21⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Onecof32.exeC:\Windows\system32\Onecof32.exe22⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pfhklabb.exeC:\Windows\system32\Pfhklabb.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pfjgbapo.exeC:\Windows\system32\Pfjgbapo.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Plgpjhnf.exeC:\Windows\system32\Plgpjhnf.exe25⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qojeabie.exeC:\Windows\system32\Qojeabie.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qibfdkgh.exeC:\Windows\system32\Qibfdkgh.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aooolbep.exeC:\Windows\system32\Aooolbep.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Abodhpic.exeC:\Windows\system32\Abodhpic.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blnoad32.exeC:\Windows\system32\Blnoad32.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Copajm32.exeC:\Windows\system32\Copajm32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ejennd32.exeC:\Windows\system32\Ejennd32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fjfgealk.exeC:\Windows\system32\Fjfgealk.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ggjgofkd.exeC:\Windows\system32\Ggjgofkd.exe34⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Gpnoigpe.exeC:\Windows\system32\Gpnoigpe.exe35⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hfkdkqeo.exeC:\Windows\system32\Hfkdkqeo.exe36⤵
-
C:\Windows\SysWOW64\Hphbpehj.exeC:\Windows\system32\Hphbpehj.exe37⤵
-
C:\Windows\SysWOW64\Ihcclb32.exeC:\Windows\system32\Ihcclb32.exe38⤵
-
C:\Windows\SysWOW64\Iophnl32.exeC:\Windows\system32\Iophnl32.exe39⤵
-
C:\Windows\SysWOW64\Imgbdh32.exeC:\Windows\system32\Imgbdh32.exe40⤵
-
C:\Windows\SysWOW64\Jmjojh32.exeC:\Windows\system32\Jmjojh32.exe41⤵
-
C:\Windows\SysWOW64\Jdfcla32.exeC:\Windows\system32\Jdfcla32.exe42⤵
-
C:\Windows\SysWOW64\Jmnheggo.exeC:\Windows\system32\Jmnheggo.exe43⤵
-
C:\Windows\SysWOW64\Jhdlbp32.exeC:\Windows\system32\Jhdlbp32.exe44⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Kkgbjkac.exeC:\Windows\system32\Kkgbjkac.exe45⤵
-
C:\Windows\SysWOW64\Kddpnpdn.exeC:\Windows\system32\Kddpnpdn.exe46⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Kahpgcch.exeC:\Windows\system32\Kahpgcch.exe47⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Lajmmc32.exeC:\Windows\system32\Lajmmc32.exe48⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Mqkijnkp.exeC:\Windows\system32\Mqkijnkp.exe49⤵
-
C:\Windows\SysWOW64\Mndcnafd.exeC:\Windows\system32\Mndcnafd.exe50⤵
-
C:\Windows\SysWOW64\Mglhgg32.exeC:\Windows\system32\Mglhgg32.exe51⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Neebkkgi.exeC:\Windows\system32\Neebkkgi.exe52⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Pnnokn32.exeC:\Windows\system32\Pnnokn32.exe53⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qnlkllcf.exeC:\Windows\system32\Qnlkllcf.exe54⤵
-
C:\Windows\SysWOW64\Aiapjecl.exeC:\Windows\system32\Aiapjecl.exe55⤵
-
C:\Windows\SysWOW64\Abjdbj32.exeC:\Windows\system32\Abjdbj32.exe56⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Apbngn32.exeC:\Windows\system32\Apbngn32.exe57⤵
-
C:\Windows\SysWOW64\Boldcj32.exeC:\Windows\system32\Boldcj32.exe58⤵
-
C:\Windows\SysWOW64\Biaiqb32.exeC:\Windows\system32\Biaiqb32.exe59⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Bplammmf.exeC:\Windows\system32\Bplammmf.exe60⤵
-
C:\Windows\SysWOW64\Behiec32.exeC:\Windows\system32\Behiec32.exe61⤵
-
C:\Windows\SysWOW64\Chbenm32.exeC:\Windows\system32\Chbenm32.exe62⤵
-
C:\Windows\SysWOW64\Commjgga.exeC:\Windows\system32\Commjgga.exe63⤵
-
C:\Windows\SysWOW64\Cibagpgg.exeC:\Windows\system32\Cibagpgg.exe64⤵
-
C:\Windows\SysWOW64\Damflb32.exeC:\Windows\system32\Damflb32.exe65⤵
-
C:\Windows\SysWOW64\Dhjknljl.exeC:\Windows\system32\Dhjknljl.exe66⤵
-
C:\Windows\SysWOW64\Dabpgbpm.exeC:\Windows\system32\Dabpgbpm.exe67⤵
-
C:\Windows\SysWOW64\Elccpife.exeC:\Windows\system32\Elccpife.exe68⤵
-
C:\Windows\SysWOW64\Ebplhp32.exeC:\Windows\system32\Ebplhp32.exe69⤵
-
C:\Windows\SysWOW64\Fcbehbim.exeC:\Windows\system32\Fcbehbim.exe70⤵
-
C:\Windows\SysWOW64\Fhonpi32.exeC:\Windows\system32\Fhonpi32.exe71⤵
-
C:\Windows\SysWOW64\Foifmcoa.exeC:\Windows\system32\Foifmcoa.exe72⤵
-
C:\Windows\SysWOW64\Ffbnin32.exeC:\Windows\system32\Ffbnin32.exe73⤵
-
C:\Windows\SysWOW64\Fjepkk32.exeC:\Windows\system32\Fjepkk32.exe74⤵
-
C:\Windows\SysWOW64\Gbqeonfj.exeC:\Windows\system32\Gbqeonfj.exe75⤵
-
C:\Windows\SysWOW64\Gijmlh32.exeC:\Windows\system32\Gijmlh32.exe76⤵
-
C:\Windows\SysWOW64\Gbcaemdg.exeC:\Windows\system32\Gbcaemdg.exe77⤵
-
C:\Windows\SysWOW64\Hclaeocp.exeC:\Windows\system32\Hclaeocp.exe78⤵
-
C:\Windows\SysWOW64\Hfljfjpq.exeC:\Windows\system32\Hfljfjpq.exe79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ijolhg32.exeC:\Windows\system32\Ijolhg32.exe80⤵
-
C:\Windows\SysWOW64\Iaiddajo.exeC:\Windows\system32\Iaiddajo.exe81⤵
-
C:\Windows\SysWOW64\Iffmmihf.exeC:\Windows\system32\Iffmmihf.exe82⤵
-
C:\Windows\SysWOW64\Impeib32.exeC:\Windows\system32\Impeib32.exe83⤵
-
C:\Windows\SysWOW64\Ibmmbj32.exeC:\Windows\system32\Ibmmbj32.exe84⤵
-
C:\Windows\SysWOW64\Ibojgikg.exeC:\Windows\system32\Ibojgikg.exe85⤵
-
C:\Windows\SysWOW64\Ipckqnja.exeC:\Windows\system32\Ipckqnja.exe86⤵
-
C:\Windows\SysWOW64\Jjhonfjg.exeC:\Windows\system32\Jjhonfjg.exe87⤵
-
C:\Windows\SysWOW64\Okjbimal.exeC:\Windows\system32\Okjbimal.exe88⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Obdkfg32.exeC:\Windows\system32\Obdkfg32.exe89⤵
-
C:\Windows\SysWOW64\Ojopki32.exeC:\Windows\system32\Ojopki32.exe90⤵
-
C:\Windows\SysWOW64\Pbhdafdd.exeC:\Windows\system32\Pbhdafdd.exe91⤵
-
C:\Windows\SysWOW64\Pjdifibo.exeC:\Windows\system32\Pjdifibo.exe92⤵
-
C:\Windows\SysWOW64\Pclnon32.exeC:\Windows\system32\Pclnon32.exe93⤵
-
C:\Windows\SysWOW64\Pcojdnfm.exeC:\Windows\system32\Pcojdnfm.exe94⤵
-
C:\Windows\SysWOW64\Pcagjndj.exeC:\Windows\system32\Pcagjndj.exe95⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Anbkbe32.exeC:\Windows\system32\Anbkbe32.exe96⤵
-
C:\Windows\SysWOW64\Adockl32.exeC:\Windows\system32\Adockl32.exe97⤵
-
C:\Windows\SysWOW64\Bngdndfn.exeC:\Windows\system32\Bngdndfn.exe98⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Bdcmfkde.exeC:\Windows\system32\Bdcmfkde.exe99⤵
-
C:\Windows\SysWOW64\Bniacddk.exeC:\Windows\system32\Bniacddk.exe100⤵
-
C:\Windows\SysWOW64\Bhaeli32.exeC:\Windows\system32\Bhaeli32.exe101⤵
-
C:\Windows\SysWOW64\Bajjeo32.exeC:\Windows\system32\Bajjeo32.exe102⤵
-
C:\Windows\SysWOW64\Ceaealoh.exeC:\Windows\system32\Ceaealoh.exe103⤵
-
C:\Windows\SysWOW64\Clknnf32.exeC:\Windows\system32\Clknnf32.exe104⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cbefkp32.exeC:\Windows\system32\Cbefkp32.exe105⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Dbllkohi.exeC:\Windows\system32\Dbllkohi.exe106⤵
-
C:\Windows\SysWOW64\Fohobmke.exeC:\Windows\system32\Fohobmke.exe107⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Fcfhhk32.exeC:\Windows\system32\Fcfhhk32.exe108⤵
-
C:\Windows\SysWOW64\Flnlaahl.exeC:\Windows\system32\Flnlaahl.exe109⤵
-
C:\Windows\SysWOW64\Fdiafc32.exeC:\Windows\system32\Fdiafc32.exe110⤵
-
C:\Windows\SysWOW64\Fkcibnmd.exeC:\Windows\system32\Fkcibnmd.exe111⤵
-
C:\Windows\SysWOW64\Gfimpfmj.exeC:\Windows\system32\Gfimpfmj.exe112⤵
-
C:\Windows\SysWOW64\Glcelq32.exeC:\Windows\system32\Glcelq32.exe113⤵
-
C:\Windows\SysWOW64\Gbpnegbo.exeC:\Windows\system32\Gbpnegbo.exe114⤵
-
C:\Windows\SysWOW64\Ghjfaa32.exeC:\Windows\system32\Ghjfaa32.exe115⤵
-
C:\Windows\SysWOW64\Gcojoj32.exeC:\Windows\system32\Gcojoj32.exe116⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gkjocm32.exeC:\Windows\system32\Gkjocm32.exe117⤵
-
C:\Windows\SysWOW64\Gfpcpefb.exeC:\Windows\system32\Gfpcpefb.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gohhik32.exeC:\Windows\system32\Gohhik32.exe119⤵
-
C:\Windows\SysWOW64\Gmlhbo32.exeC:\Windows\system32\Gmlhbo32.exe120⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hicihp32.exeC:\Windows\system32\Hicihp32.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-