Analysis
-
max time kernel
152s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
31/10/2023, 08:40
General
-
Target
NEAS.d6561a48e84e4952b0e0b30cc035aefd.exe
-
Size
76KB
-
MD5
d6561a48e84e4952b0e0b30cc035aefd
-
SHA1
67c87e4e0d9fb868977c2af5e98c80904144301a
-
SHA256
f44087259950c46fd73c8e3a60dbe5494422137912c0b742187e4416dc390c36
-
SHA512
70787667217a7305c4c8a7cf8a8efef5355dd199453eeb2fdbb9b3b887ca8023f47f307fc976faf6edda0b45c9fd27156612d48a46a5572cc3fe15521ed8b20e
-
SSDEEP
1536:fK/nCH18b2sZtnYTPSvC/0EO9/fE0ElDw:KnCHWb2sHYW6/0EmfV0Dw
Score
10/10
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.d6561a48e84e4952b0e0b30cc035aefd.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.d6561a48e84e4952b0e0b30cc035aefd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cihjeq32.exeC:\Windows\system32\Cihjeq32.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dblnid32.exeC:\Windows\system32\Dblnid32.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eimlgnij.exeC:\Windows\system32\Eimlgnij.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fepmgm32.exeC:\Windows\system32\Fepmgm32.exe5⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Jqmicpbj.exeC:\Windows\system32\Jqmicpbj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Kfeagefd.exeC:\Windows\system32\Kfeagefd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Lfmghdpl.exeC:\Windows\system32\Lfmghdpl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ldgnbg32.exeC:\Windows\system32\Ldgnbg32.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mmdlflki.exeC:\Windows\system32\Mmdlflki.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Mmghklif.exeC:\Windows\system32\Mmghklif.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Maeaajpl.exeC:\Windows\system32\Maeaajpl.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Opfnne32.exeC:\Windows\system32\Opfnne32.exe13⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ohdlpa32.exeC:\Windows\system32\Ohdlpa32.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Phmnfp32.exeC:\Windows\system32\Phmnfp32.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Qkqdnkge.exeC:\Windows\system32\Qkqdnkge.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ababkdij.exeC:\Windows\system32\Ababkdij.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Addhbo32.exeC:\Windows\system32\Addhbo32.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Bkcjjhgp.exeC:\Windows\system32\Bkcjjhgp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cbnknpqj.exeC:\Windows\system32\Cbnknpqj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eangjkkd.exeC:\Windows\system32\Eangjkkd.exe21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fbjcplhj.exeC:\Windows\system32\Fbjcplhj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gojgkl32.exeC:\Windows\system32\Gojgkl32.exe23⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Geflne32.exeC:\Windows\system32\Geflne32.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hhiaepfl.exeC:\Windows\system32\Hhiaepfl.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hakidd32.exeC:\Windows\system32\Hakidd32.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ilgcblnp.exeC:\Windows\system32\Ilgcblnp.exe27⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Jjbjlpga.exeC:\Windows\system32\Jjbjlpga.exe28⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\Kbinlp32.exeC:\Windows\system32\Kbinlp32.exe1⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Lckglc32.exeC:\Windows\system32\Lckglc32.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\Lkiiee32.exeC:\Windows\system32\Lkiiee32.exe1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lfnmcnjn.exeC:\Windows\system32\Lfnmcnjn.exe2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lpinac32.exeC:\Windows\system32\Lpinac32.exe3⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcpjnp32.exeC:\Windows\system32\Mcpjnp32.exe4⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Nlbdba32.exeC:\Windows\system32\Nlbdba32.exe5⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Opgciodi.exeC:\Windows\system32\Opgciodi.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Okaabg32.exeC:\Windows\system32\Okaabg32.exe7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qkpmcddi.exeC:\Windows\system32\Qkpmcddi.exe8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Akipic32.exeC:\Windows\system32\Akipic32.exe9⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bjcfeola.exeC:\Windows\system32\Bjcfeola.exe10⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bkglkapo.exeC:\Windows\system32\Bkglkapo.exe11⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Bdpqcg32.exeC:\Windows\system32\Bdpqcg32.exe12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Cmkehicj.exeC:\Windows\system32\Cmkehicj.exe13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Dmphjfab.exeC:\Windows\system32\Dmphjfab.exe14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Enaaiifb.exeC:\Windows\system32\Enaaiifb.exe15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Eaegqc32.exeC:\Windows\system32\Eaegqc32.exe16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fhalcm32.exeC:\Windows\system32\Fhalcm32.exe17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Fndgfffm.exeC:\Windows\system32\Fndgfffm.exe18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gjndpg32.exeC:\Windows\system32\Gjndpg32.exe19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ghdaokfe.exeC:\Windows\system32\Ghdaokfe.exe20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Gehbio32.exeC:\Windows\system32\Gehbio32.exe21⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hhkgpjqn.exeC:\Windows\system32\Hhkgpjqn.exe22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hklpaeno.exeC:\Windows\system32\Hklpaeno.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Hlmiagbo.exeC:\Windows\system32\Hlmiagbo.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ilbclg32.exeC:\Windows\system32\Ilbclg32.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ioclnblj.exeC:\Windows\system32\Ioclnblj.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Jklihbol.exeC:\Windows\system32\Jklihbol.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jkqccbkf.exeC:\Windows\system32\Jkqccbkf.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Jlblcdpf.exeC:\Windows\system32\Jlblcdpf.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Khimhefk.exeC:\Windows\system32\Khimhefk.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Klgend32.exeC:\Windows\system32\Klgend32.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Kbkdgj32.exeC:\Windows\system32\Kbkdgj32.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Locnlmoe.exeC:\Windows\system32\Locnlmoe.exe33⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Lnkgbibj.exeC:\Windows\system32\Lnkgbibj.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mmlhpaji.exeC:\Windows\system32\Mmlhpaji.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Megldcgd.exeC:\Windows\system32\Megldcgd.exe36⤵
-
C:\Windows\SysWOW64\Mmcnap32.exeC:\Windows\system32\Mmcnap32.exe37⤵
-
C:\Windows\SysWOW64\Nnlqig32.exeC:\Windows\system32\Nnlqig32.exe38⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Opgloh32.exeC:\Windows\system32\Opgloh32.exe39⤵
-
C:\Windows\SysWOW64\Agojdnng.exeC:\Windows\system32\Agojdnng.exe40⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Bibpkiie.exeC:\Windows\system32\Bibpkiie.exe41⤵
-
C:\Windows\SysWOW64\Bplhhc32.exeC:\Windows\system32\Bplhhc32.exe42⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cohkinob.exeC:\Windows\system32\Cohkinob.exe43⤵
-
C:\Windows\SysWOW64\Cjnoggoh.exeC:\Windows\system32\Cjnoggoh.exe44⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Dnqaheai.exeC:\Windows\system32\Dnqaheai.exe45⤵
-
C:\Windows\SysWOW64\Dmmdjp32.exeC:\Windows\system32\Dmmdjp32.exe46⤵
-
C:\Windows\SysWOW64\Dcglfjgf.exeC:\Windows\system32\Dcglfjgf.exe47⤵
-
C:\Windows\SysWOW64\Emoaopnf.exeC:\Windows\system32\Emoaopnf.exe48⤵
-
C:\Windows\SysWOW64\Egeemiml.exeC:\Windows\system32\Egeemiml.exe49⤵
-
C:\Windows\SysWOW64\Ejjgic32.exeC:\Windows\system32\Ejjgic32.exe50⤵
-
C:\Windows\SysWOW64\Gmkibl32.exeC:\Windows\system32\Gmkibl32.exe51⤵
-
C:\Windows\SysWOW64\Gpnoigpe.exeC:\Windows\system32\Gpnoigpe.exe52⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hnblmnfa.exeC:\Windows\system32\Hnblmnfa.exe53⤵
-
C:\Windows\SysWOW64\Hpchdf32.exeC:\Windows\system32\Hpchdf32.exe54⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hjimaole.exeC:\Windows\system32\Hjimaole.exe55⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ijpcbn32.exeC:\Windows\system32\Ijpcbn32.exe56⤵
-
C:\Windows\SysWOW64\Jognokdi.exeC:\Windows\system32\Jognokdi.exe57⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Jphkfc32.exeC:\Windows\system32\Jphkfc32.exe58⤵
-
C:\Windows\SysWOW64\Jgbccm32.exeC:\Windows\system32\Jgbccm32.exe59⤵
-
C:\Windows\SysWOW64\Jahgpf32.exeC:\Windows\system32\Jahgpf32.exe60⤵
-
C:\Windows\SysWOW64\Jgdphm32.exeC:\Windows\system32\Jgdphm32.exe61⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Ldiiio32.exeC:\Windows\system32\Ldiiio32.exe62⤵
-
C:\Windows\SysWOW64\Lonnfg32.exeC:\Windows\system32\Lonnfg32.exe63⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Lgibjj32.exeC:\Windows\system32\Lgibjj32.exe64⤵
-
C:\Windows\SysWOW64\Lqbgcp32.exeC:\Windows\system32\Lqbgcp32.exe65⤵
-
C:\Windows\SysWOW64\Lkgkqh32.exeC:\Windows\system32\Lkgkqh32.exe66⤵
-
C:\Windows\SysWOW64\Mnjqhcno.exeC:\Windows\system32\Mnjqhcno.exe67⤵
-
C:\Windows\SysWOW64\Mhpeelnd.exeC:\Windows\system32\Mhpeelnd.exe68⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Mgebfhcl.exeC:\Windows\system32\Mgebfhcl.exe69⤵
-
C:\Windows\SysWOW64\Mbpoop32.exeC:\Windows\system32\Mbpoop32.exe70⤵
-
C:\Windows\SysWOW64\Nkhdgfen.exeC:\Windows\system32\Nkhdgfen.exe71⤵
-
C:\Windows\SysWOW64\Nqdlpmce.exeC:\Windows\system32\Nqdlpmce.exe72⤵
-
C:\Windows\SysWOW64\Nkjqme32.exeC:\Windows\system32\Nkjqme32.exe73⤵
-
C:\Windows\SysWOW64\Nohicdia.exeC:\Windows\system32\Nohicdia.exe74⤵
-
C:\Windows\SysWOW64\Nqifkl32.exeC:\Windows\system32\Nqifkl32.exe75⤵
-
C:\Windows\SysWOW64\Negoaj32.exeC:\Windows\system32\Negoaj32.exe76⤵
-
C:\Windows\SysWOW64\Okcccdkp.exeC:\Windows\system32\Okcccdkp.exe77⤵
-
C:\Windows\SysWOW64\Obnlpnbm.exeC:\Windows\system32\Obnlpnbm.exe78⤵
-
C:\Windows\SysWOW64\Ogjdheqd.exeC:\Windows\system32\Ogjdheqd.exe79⤵
-
C:\Windows\SysWOW64\Oabiak32.exeC:\Windows\system32\Oabiak32.exe80⤵
-
C:\Windows\SysWOW64\Ogmaneoa.exeC:\Windows\system32\Ogmaneoa.exe81⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oaeegjeb.exeC:\Windows\system32\Oaeegjeb.exe82⤵
-
C:\Windows\SysWOW64\Onifpodl.exeC:\Windows\system32\Onifpodl.exe83⤵
-
C:\Windows\SysWOW64\Oecnmi32.exeC:\Windows\system32\Oecnmi32.exe84⤵
-
C:\Windows\SysWOW64\Obgofmjb.exeC:\Windows\system32\Obgofmjb.exe85⤵
-
C:\Windows\SysWOW64\Pbpall32.exeC:\Windows\system32\Pbpall32.exe86⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Plifea32.exeC:\Windows\system32\Plifea32.exe87⤵
-
C:\Windows\SysWOW64\Paennh32.exeC:\Windows\system32\Paennh32.exe88⤵
-
C:\Windows\SysWOW64\Qlkbka32.exeC:\Windows\system32\Qlkbka32.exe89⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Qahkch32.exeC:\Windows\system32\Qahkch32.exe90⤵
-
C:\Windows\SysWOW64\Qnlkllcf.exeC:\Windows\system32\Qnlkllcf.exe91⤵
-
C:\Windows\SysWOW64\Appaangd.exeC:\Windows\system32\Appaangd.exe92⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Aaanif32.exeC:\Windows\system32\Aaanif32.exe93⤵
-
C:\Windows\SysWOW64\Bhdilold.exeC:\Windows\system32\Bhdilold.exe94⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Cafpkc32.exeC:\Windows\system32\Cafpkc32.exe95⤵
-
C:\Windows\SysWOW64\Cpgqik32.exeC:\Windows\system32\Cpgqik32.exe96⤵
-
C:\Windows\SysWOW64\Damflb32.exeC:\Windows\system32\Damflb32.exe97⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Dlckik32.exeC:\Windows\system32\Dlckik32.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Denlgq32.exeC:\Windows\system32\Denlgq32.exe99⤵
-
C:\Windows\SysWOW64\Eokjke32.exeC:\Windows\system32\Eokjke32.exe100⤵
-
C:\Windows\SysWOW64\Ehcndkaa.exeC:\Windows\system32\Ehcndkaa.exe101⤵
-
C:\Windows\SysWOW64\Echbad32.exeC:\Windows\system32\Echbad32.exe102⤵
-
C:\Windows\SysWOW64\Ebnocpfp.exeC:\Windows\system32\Ebnocpfp.exe103⤵
-
C:\Windows\SysWOW64\Efnennjc.exeC:\Windows\system32\Efnennjc.exe104⤵
-
C:\Windows\SysWOW64\Fhonpi32.exeC:\Windows\system32\Fhonpi32.exe105⤵
-
C:\Windows\SysWOW64\Fjnjjlog.exeC:\Windows\system32\Fjnjjlog.exe106⤵
-
C:\Windows\SysWOW64\Fjqgpl32.exeC:\Windows\system32\Fjqgpl32.exe107⤵
-
C:\Windows\SysWOW64\Fcikhace.exeC:\Windows\system32\Fcikhace.exe108⤵
-
C:\Windows\SysWOW64\Fbnhjn32.exeC:\Windows\system32\Fbnhjn32.exe109⤵
-
C:\Windows\SysWOW64\Gflapl32.exeC:\Windows\system32\Gflapl32.exe110⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Gimjag32.exeC:\Windows\system32\Gimjag32.exe111⤵
-
C:\Windows\SysWOW64\Gjlfkj32.exeC:\Windows\system32\Gjlfkj32.exe112⤵
-
C:\Windows\SysWOW64\Giacmggo.exeC:\Windows\system32\Giacmggo.exe113⤵
-
C:\Windows\SysWOW64\Hmolbene.exeC:\Windows\system32\Hmolbene.exe114⤵
-
C:\Windows\SysWOW64\Jjmhie32.exeC:\Windows\system32\Jjmhie32.exe115⤵
-
C:\Windows\SysWOW64\Jpjqaldi.exeC:\Windows\system32\Jpjqaldi.exe116⤵
-
C:\Windows\SysWOW64\Jjoeoedo.exeC:\Windows\system32\Jjoeoedo.exe117⤵
-
C:\Windows\SysWOW64\Jbkjcgaj.exeC:\Windows\system32\Jbkjcgaj.exe118⤵
-
C:\Windows\SysWOW64\Jaljaoii.exeC:\Windows\system32\Jaljaoii.exe119⤵
-
C:\Windows\SysWOW64\Kfhbifgq.exeC:\Windows\system32\Kfhbifgq.exe120⤵
-
C:\Windows\SysWOW64\Kapclned.exeC:\Windows\system32\Kapclned.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-