Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
27/04/2024, 18:21
General
-
Target
2024-04-27_96707f62495cd668b69c1963ce2665f4_mafia.exe
-
Size
527KB
-
MD5
96707f62495cd668b69c1963ce2665f4
-
SHA1
7678747443dea1906c6eefc46d6248f6e64cc659
-
SHA256
07c903bfc27763f9c6ac5ccb491f4a50d2a18efc9c9a2306cf5480306c7f42d6
-
SHA512
3fbd29d923e9cda66b73c475c220480f06a29315408bf131ba8e4fd029d8bb370824e69451b82d02b85943456cc7f81322fead81365791469e377067bbcc3c4d
-
SSDEEP
12288:fU5rCOTeidP/ECnXgWES234Zez1GipKDZu:fUQOJdP6SQGezYIKDo
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-27_96707f62495cd668b69c1963ce2665f4_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-27_96707f62495cd668b69c1963ce2665f4_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\313E.tmp"C:\Users\Admin\AppData\Local\Temp\313E.tmp"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\31CA.tmp"C:\Users\Admin\AppData\Local\Temp\31CA.tmp"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3276.tmp"C:\Users\Admin\AppData\Local\Temp\3276.tmp"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3312.tmp"C:\Users\Admin\AppData\Local\Temp\3312.tmp"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\339E.tmp"C:\Users\Admin\AppData\Local\Temp\339E.tmp"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\343A.tmp"C:\Users\Admin\AppData\Local\Temp\343A.tmp"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\34C6.tmp"C:\Users\Admin\AppData\Local\Temp\34C6.tmp"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3562.tmp"C:\Users\Admin\AppData\Local\Temp\3562.tmp"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\35EF.tmp"C:\Users\Admin\AppData\Local\Temp\35EF.tmp"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\367B.tmp"C:\Users\Admin\AppData\Local\Temp\367B.tmp"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3717.tmp"C:\Users\Admin\AppData\Local\Temp\3717.tmp"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\37A4.tmp"C:\Users\Admin\AppData\Local\Temp\37A4.tmp"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3830.tmp"C:\Users\Admin\AppData\Local\Temp\3830.tmp"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\38CC.tmp"C:\Users\Admin\AppData\Local\Temp\38CC.tmp"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3968.tmp"C:\Users\Admin\AppData\Local\Temp\3968.tmp"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3A14.tmp"C:\Users\Admin\AppData\Local\Temp\3A14.tmp"17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3AB0.tmp"C:\Users\Admin\AppData\Local\Temp\3AB0.tmp"18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3B3C.tmp"C:\Users\Admin\AppData\Local\Temp\3B3C.tmp"19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3BC8.tmp"C:\Users\Admin\AppData\Local\Temp\3BC8.tmp"20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3C64.tmp"C:\Users\Admin\AppData\Local\Temp\3C64.tmp"21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3CF1.tmp"C:\Users\Admin\AppData\Local\Temp\3CF1.tmp"22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3D8D.tmp"C:\Users\Admin\AppData\Local\Temp\3D8D.tmp"23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3E0A.tmp"C:\Users\Admin\AppData\Local\Temp\3E0A.tmp"24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3E58.tmp"C:\Users\Admin\AppData\Local\Temp\3E58.tmp"25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3EA6.tmp"C:\Users\Admin\AppData\Local\Temp\3EA6.tmp"26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3EF4.tmp"C:\Users\Admin\AppData\Local\Temp\3EF4.tmp"27⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3F32.tmp"C:\Users\Admin\AppData\Local\Temp\3F32.tmp"28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3F80.tmp"C:\Users\Admin\AppData\Local\Temp\3F80.tmp"29⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\3FCE.tmp"C:\Users\Admin\AppData\Local\Temp\3FCE.tmp"30⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\401C.tmp"C:\Users\Admin\AppData\Local\Temp\401C.tmp"31⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\405A.tmp"C:\Users\Admin\AppData\Local\Temp\405A.tmp"32⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\40A8.tmp"C:\Users\Admin\AppData\Local\Temp\40A8.tmp"33⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\40E7.tmp"C:\Users\Admin\AppData\Local\Temp\40E7.tmp"34⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4135.tmp"C:\Users\Admin\AppData\Local\Temp\4135.tmp"35⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4173.tmp"C:\Users\Admin\AppData\Local\Temp\4173.tmp"36⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\41C1.tmp"C:\Users\Admin\AppData\Local\Temp\41C1.tmp"37⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4200.tmp"C:\Users\Admin\AppData\Local\Temp\4200.tmp"38⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\424E.tmp"C:\Users\Admin\AppData\Local\Temp\424E.tmp"39⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\428C.tmp"C:\Users\Admin\AppData\Local\Temp\428C.tmp"40⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\42DA.tmp"C:\Users\Admin\AppData\Local\Temp\42DA.tmp"41⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4318.tmp"C:\Users\Admin\AppData\Local\Temp\4318.tmp"42⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4357.tmp"C:\Users\Admin\AppData\Local\Temp\4357.tmp"43⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4395.tmp"C:\Users\Admin\AppData\Local\Temp\4395.tmp"44⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\43E3.tmp"C:\Users\Admin\AppData\Local\Temp\43E3.tmp"45⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4431.tmp"C:\Users\Admin\AppData\Local\Temp\4431.tmp"46⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\447F.tmp"C:\Users\Admin\AppData\Local\Temp\447F.tmp"47⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\44BE.tmp"C:\Users\Admin\AppData\Local\Temp\44BE.tmp"48⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\44FC.tmp"C:\Users\Admin\AppData\Local\Temp\44FC.tmp"49⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\453A.tmp"C:\Users\Admin\AppData\Local\Temp\453A.tmp"50⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4579.tmp"C:\Users\Admin\AppData\Local\Temp\4579.tmp"51⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\45B7.tmp"C:\Users\Admin\AppData\Local\Temp\45B7.tmp"52⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4605.tmp"C:\Users\Admin\AppData\Local\Temp\4605.tmp"53⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4644.tmp"C:\Users\Admin\AppData\Local\Temp\4644.tmp"54⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4692.tmp"C:\Users\Admin\AppData\Local\Temp\4692.tmp"55⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\46D0.tmp"C:\Users\Admin\AppData\Local\Temp\46D0.tmp"56⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\471E.tmp"C:\Users\Admin\AppData\Local\Temp\471E.tmp"57⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\475C.tmp"C:\Users\Admin\AppData\Local\Temp\475C.tmp"58⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\47AA.tmp"C:\Users\Admin\AppData\Local\Temp\47AA.tmp"59⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\47F8.tmp"C:\Users\Admin\AppData\Local\Temp\47F8.tmp"60⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4846.tmp"C:\Users\Admin\AppData\Local\Temp\4846.tmp"61⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4894.tmp"C:\Users\Admin\AppData\Local\Temp\4894.tmp"62⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\48E2.tmp"C:\Users\Admin\AppData\Local\Temp\48E2.tmp"63⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4921.tmp"C:\Users\Admin\AppData\Local\Temp\4921.tmp"64⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\495F.tmp"C:\Users\Admin\AppData\Local\Temp\495F.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\49AD.tmp"C:\Users\Admin\AppData\Local\Temp\49AD.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\49FB.tmp"C:\Users\Admin\AppData\Local\Temp\49FB.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\4A49.tmp"C:\Users\Admin\AppData\Local\Temp\4A49.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\4A97.tmp"C:\Users\Admin\AppData\Local\Temp\4A97.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\4AE5.tmp"C:\Users\Admin\AppData\Local\Temp\4AE5.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\4B33.tmp"C:\Users\Admin\AppData\Local\Temp\4B33.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\4B72.tmp"C:\Users\Admin\AppData\Local\Temp\4B72.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\4BB0.tmp"C:\Users\Admin\AppData\Local\Temp\4BB0.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\4BEE.tmp"C:\Users\Admin\AppData\Local\Temp\4BEE.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\4C3C.tmp"C:\Users\Admin\AppData\Local\Temp\4C3C.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\4C8A.tmp"C:\Users\Admin\AppData\Local\Temp\4C8A.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\4CD8.tmp"C:\Users\Admin\AppData\Local\Temp\4CD8.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\4D17.tmp"C:\Users\Admin\AppData\Local\Temp\4D17.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\4D55.tmp"C:\Users\Admin\AppData\Local\Temp\4D55.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\4DA3.tmp"C:\Users\Admin\AppData\Local\Temp\4DA3.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\4DF1.tmp"C:\Users\Admin\AppData\Local\Temp\4DF1.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\4E30.tmp"C:\Users\Admin\AppData\Local\Temp\4E30.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\4E7E.tmp"C:\Users\Admin\AppData\Local\Temp\4E7E.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\4EBC.tmp"C:\Users\Admin\AppData\Local\Temp\4EBC.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\4EFA.tmp"C:\Users\Admin\AppData\Local\Temp\4EFA.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\4F39.tmp"C:\Users\Admin\AppData\Local\Temp\4F39.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\4F77.tmp"C:\Users\Admin\AppData\Local\Temp\4F77.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\4FB6.tmp"C:\Users\Admin\AppData\Local\Temp\4FB6.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\5004.tmp"C:\Users\Admin\AppData\Local\Temp\5004.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\5042.tmp"C:\Users\Admin\AppData\Local\Temp\5042.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\5080.tmp"C:\Users\Admin\AppData\Local\Temp\5080.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\50BF.tmp"C:\Users\Admin\AppData\Local\Temp\50BF.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\50FD.tmp"C:\Users\Admin\AppData\Local\Temp\50FD.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\513C.tmp"C:\Users\Admin\AppData\Local\Temp\513C.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\517A.tmp"C:\Users\Admin\AppData\Local\Temp\517A.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\51B8.tmp"C:\Users\Admin\AppData\Local\Temp\51B8.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\5206.tmp"C:\Users\Admin\AppData\Local\Temp\5206.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\5245.tmp"C:\Users\Admin\AppData\Local\Temp\5245.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\5283.tmp"C:\Users\Admin\AppData\Local\Temp\5283.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\52C2.tmp"C:\Users\Admin\AppData\Local\Temp\52C2.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\5310.tmp"C:\Users\Admin\AppData\Local\Temp\5310.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\534E.tmp"C:\Users\Admin\AppData\Local\Temp\534E.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\539C.tmp"C:\Users\Admin\AppData\Local\Temp\539C.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\53DA.tmp"C:\Users\Admin\AppData\Local\Temp\53DA.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\5419.tmp"C:\Users\Admin\AppData\Local\Temp\5419.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\5457.tmp"C:\Users\Admin\AppData\Local\Temp\5457.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\5496.tmp"C:\Users\Admin\AppData\Local\Temp\5496.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\54D4.tmp"C:\Users\Admin\AppData\Local\Temp\54D4.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\5512.tmp"C:\Users\Admin\AppData\Local\Temp\5512.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\5551.tmp"C:\Users\Admin\AppData\Local\Temp\5551.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\559F.tmp"C:\Users\Admin\AppData\Local\Temp\559F.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\55DD.tmp"C:\Users\Admin\AppData\Local\Temp\55DD.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\562B.tmp"C:\Users\Admin\AppData\Local\Temp\562B.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\566A.tmp"C:\Users\Admin\AppData\Local\Temp\566A.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\56A8.tmp"C:\Users\Admin\AppData\Local\Temp\56A8.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\56E6.tmp"C:\Users\Admin\AppData\Local\Temp\56E6.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\5725.tmp"C:\Users\Admin\AppData\Local\Temp\5725.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\5763.tmp"C:\Users\Admin\AppData\Local\Temp\5763.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\57A2.tmp"C:\Users\Admin\AppData\Local\Temp\57A2.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\57E0.tmp"C:\Users\Admin\AppData\Local\Temp\57E0.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\583E.tmp"C:\Users\Admin\AppData\Local\Temp\583E.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-