Analysis
-
max time kernel
150s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
25/08/2024, 12:05
General
-
Target
2024-08-25_8c0954001bbb9fada60df9137df8b255_mafia.exe
-
Size
541KB
-
MD5
8c0954001bbb9fada60df9137df8b255
-
SHA1
7791bc9f395c21bc18911e8fb5a9b5cc0f2d433d
-
SHA256
6b89ebf8a9ad284029d4b14a13e0ab7285120fb38286cdac9885c097dcfef7e2
-
SHA512
e08d495b735a883abf7151b9ae16150b26daa5608fb62c06927afb83caa67b753c1f52df6d0dbb5044da50158e07a8e03ec8d9c29e852b3e68cb5f5d5903bb2c
-
SSDEEP
12288:UU5rCOTeifOrH2IuA+oqCJ2ZoTd8NhlICDgtW2rhrZa73ctO:UUQOJfkUOz6n2rhrU73ctO
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-08-25_8c0954001bbb9fada60df9137df8b255_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-08-25_8c0954001bbb9fada60df9137df8b255_mafia.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\47BA.tmp"C:\Users\Admin\AppData\Local\Temp\47BA.tmp"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4837.tmp"C:\Users\Admin\AppData\Local\Temp\4837.tmp"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\48B4.tmp"C:\Users\Admin\AppData\Local\Temp\48B4.tmp"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4911.tmp"C:\Users\Admin\AppData\Local\Temp\4911.tmp"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\497E.tmp"C:\Users\Admin\AppData\Local\Temp\497E.tmp"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\49FB.tmp"C:\Users\Admin\AppData\Local\Temp\49FB.tmp"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4A68.tmp"C:\Users\Admin\AppData\Local\Temp\4A68.tmp"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4AF5.tmp"C:\Users\Admin\AppData\Local\Temp\4AF5.tmp"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4B62.tmp"C:\Users\Admin\AppData\Local\Temp\4B62.tmp"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4BB0.tmp"C:\Users\Admin\AppData\Local\Temp\4BB0.tmp"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C2D.tmp"C:\Users\Admin\AppData\Local\Temp\4C2D.tmp"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C9A.tmp"C:\Users\Admin\AppData\Local\Temp\4C9A.tmp"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D07.tmp"C:\Users\Admin\AppData\Local\Temp\4D07.tmp"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D75.tmp"C:\Users\Admin\AppData\Local\Temp\4D75.tmp"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4DE2.tmp"C:\Users\Admin\AppData\Local\Temp\4DE2.tmp"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4E5F.tmp"C:\Users\Admin\AppData\Local\Temp\4E5F.tmp"17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4ECC.tmp"C:\Users\Admin\AppData\Local\Temp\4ECC.tmp"18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4F49.tmp"C:\Users\Admin\AppData\Local\Temp\4F49.tmp"19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\4FC5.tmp"C:\Users\Admin\AppData\Local\Temp\4FC5.tmp"20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5052.tmp"C:\Users\Admin\AppData\Local\Temp\5052.tmp"21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\50BF.tmp"C:\Users\Admin\AppData\Local\Temp\50BF.tmp"22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\513C.tmp"C:\Users\Admin\AppData\Local\Temp\513C.tmp"23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5199.tmp"C:\Users\Admin\AppData\Local\Temp\5199.tmp"24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\51D8.tmp"C:\Users\Admin\AppData\Local\Temp\51D8.tmp"25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5216.tmp"C:\Users\Admin\AppData\Local\Temp\5216.tmp"26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5255.tmp"C:\Users\Admin\AppData\Local\Temp\5255.tmp"27⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5293.tmp"C:\Users\Admin\AppData\Local\Temp\5293.tmp"28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\52D1.tmp"C:\Users\Admin\AppData\Local\Temp\52D1.tmp"29⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5310.tmp"C:\Users\Admin\AppData\Local\Temp\5310.tmp"30⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\534E.tmp"C:\Users\Admin\AppData\Local\Temp\534E.tmp"31⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\538D.tmp"C:\Users\Admin\AppData\Local\Temp\538D.tmp"32⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\53CB.tmp"C:\Users\Admin\AppData\Local\Temp\53CB.tmp"33⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5409.tmp"C:\Users\Admin\AppData\Local\Temp\5409.tmp"34⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5457.tmp"C:\Users\Admin\AppData\Local\Temp\5457.tmp"35⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5496.tmp"C:\Users\Admin\AppData\Local\Temp\5496.tmp"36⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\54D4.tmp"C:\Users\Admin\AppData\Local\Temp\54D4.tmp"37⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5513.tmp"C:\Users\Admin\AppData\Local\Temp\5513.tmp"38⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5551.tmp"C:\Users\Admin\AppData\Local\Temp\5551.tmp"39⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\558F.tmp"C:\Users\Admin\AppData\Local\Temp\558F.tmp"40⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\55CE.tmp"C:\Users\Admin\AppData\Local\Temp\55CE.tmp"41⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\560C.tmp"C:\Users\Admin\AppData\Local\Temp\560C.tmp"42⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\564B.tmp"C:\Users\Admin\AppData\Local\Temp\564B.tmp"43⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5689.tmp"C:\Users\Admin\AppData\Local\Temp\5689.tmp"44⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\56C7.tmp"C:\Users\Admin\AppData\Local\Temp\56C7.tmp"45⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5706.tmp"C:\Users\Admin\AppData\Local\Temp\5706.tmp"46⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5744.tmp"C:\Users\Admin\AppData\Local\Temp\5744.tmp"47⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5783.tmp"C:\Users\Admin\AppData\Local\Temp\5783.tmp"48⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\57C1.tmp"C:\Users\Admin\AppData\Local\Temp\57C1.tmp"49⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\57FF.tmp"C:\Users\Admin\AppData\Local\Temp\57FF.tmp"50⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\583E.tmp"C:\Users\Admin\AppData\Local\Temp\583E.tmp"51⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\587C.tmp"C:\Users\Admin\AppData\Local\Temp\587C.tmp"52⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\58BB.tmp"C:\Users\Admin\AppData\Local\Temp\58BB.tmp"53⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\58F9.tmp"C:\Users\Admin\AppData\Local\Temp\58F9.tmp"54⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5937.tmp"C:\Users\Admin\AppData\Local\Temp\5937.tmp"55⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5976.tmp"C:\Users\Admin\AppData\Local\Temp\5976.tmp"56⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\59B4.tmp"C:\Users\Admin\AppData\Local\Temp\59B4.tmp"57⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\59F3.tmp"C:\Users\Admin\AppData\Local\Temp\59F3.tmp"58⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5A31.tmp"C:\Users\Admin\AppData\Local\Temp\5A31.tmp"59⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5A6F.tmp"C:\Users\Admin\AppData\Local\Temp\5A6F.tmp"60⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5AAE.tmp"C:\Users\Admin\AppData\Local\Temp\5AAE.tmp"61⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5B0B.tmp"C:\Users\Admin\AppData\Local\Temp\5B0B.tmp"62⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5B59.tmp"C:\Users\Admin\AppData\Local\Temp\5B59.tmp"63⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5B98.tmp"C:\Users\Admin\AppData\Local\Temp\5B98.tmp"64⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\5BD6.tmp"C:\Users\Admin\AppData\Local\Temp\5BD6.tmp"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5C15.tmp"C:\Users\Admin\AppData\Local\Temp\5C15.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\5C53.tmp"C:\Users\Admin\AppData\Local\Temp\5C53.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\5CA1.tmp"C:\Users\Admin\AppData\Local\Temp\5CA1.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\5CDF.tmp"C:\Users\Admin\AppData\Local\Temp\5CDF.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\5D1E.tmp"C:\Users\Admin\AppData\Local\Temp\5D1E.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\5D5C.tmp"C:\Users\Admin\AppData\Local\Temp\5D5C.tmp"71⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\5D9B.tmp"C:\Users\Admin\AppData\Local\Temp\5D9B.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\5DD9.tmp"C:\Users\Admin\AppData\Local\Temp\5DD9.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\5E27.tmp"C:\Users\Admin\AppData\Local\Temp\5E27.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\5E65.tmp"C:\Users\Admin\AppData\Local\Temp\5E65.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\5EA4.tmp"C:\Users\Admin\AppData\Local\Temp\5EA4.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\5EF2.tmp"C:\Users\Admin\AppData\Local\Temp\5EF2.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\5F30.tmp"C:\Users\Admin\AppData\Local\Temp\5F30.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\5F6F.tmp"C:\Users\Admin\AppData\Local\Temp\5F6F.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\5FAD.tmp"C:\Users\Admin\AppData\Local\Temp\5FAD.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\5FEB.tmp"C:\Users\Admin\AppData\Local\Temp\5FEB.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\602A.tmp"C:\Users\Admin\AppData\Local\Temp\602A.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\6068.tmp"C:\Users\Admin\AppData\Local\Temp\6068.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\60A7.tmp"C:\Users\Admin\AppData\Local\Temp\60A7.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\60E5.tmp"C:\Users\Admin\AppData\Local\Temp\60E5.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\6123.tmp"C:\Users\Admin\AppData\Local\Temp\6123.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\6162.tmp"C:\Users\Admin\AppData\Local\Temp\6162.tmp"87⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\61A0.tmp"C:\Users\Admin\AppData\Local\Temp\61A0.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\61DF.tmp"C:\Users\Admin\AppData\Local\Temp\61DF.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\621D.tmp"C:\Users\Admin\AppData\Local\Temp\621D.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\625B.tmp"C:\Users\Admin\AppData\Local\Temp\625B.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\629A.tmp"C:\Users\Admin\AppData\Local\Temp\629A.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\62D8.tmp"C:\Users\Admin\AppData\Local\Temp\62D8.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\6317.tmp"C:\Users\Admin\AppData\Local\Temp\6317.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\6355.tmp"C:\Users\Admin\AppData\Local\Temp\6355.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\6393.tmp"C:\Users\Admin\AppData\Local\Temp\6393.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\63D2.tmp"C:\Users\Admin\AppData\Local\Temp\63D2.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\6410.tmp"C:\Users\Admin\AppData\Local\Temp\6410.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\644F.tmp"C:\Users\Admin\AppData\Local\Temp\644F.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\648D.tmp"C:\Users\Admin\AppData\Local\Temp\648D.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\64CB.tmp"C:\Users\Admin\AppData\Local\Temp\64CB.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\650A.tmp"C:\Users\Admin\AppData\Local\Temp\650A.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\6548.tmp"C:\Users\Admin\AppData\Local\Temp\6548.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\6577.tmp"C:\Users\Admin\AppData\Local\Temp\6577.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\65B5.tmp"C:\Users\Admin\AppData\Local\Temp\65B5.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\65F4.tmp"C:\Users\Admin\AppData\Local\Temp\65F4.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\6632.tmp"C:\Users\Admin\AppData\Local\Temp\6632.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\6671.tmp"C:\Users\Admin\AppData\Local\Temp\6671.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\66AF.tmp"C:\Users\Admin\AppData\Local\Temp\66AF.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\66ED.tmp"C:\Users\Admin\AppData\Local\Temp\66ED.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\672C.tmp"C:\Users\Admin\AppData\Local\Temp\672C.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\676A.tmp"C:\Users\Admin\AppData\Local\Temp\676A.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\67A9.tmp"C:\Users\Admin\AppData\Local\Temp\67A9.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\67E7.tmp"C:\Users\Admin\AppData\Local\Temp\67E7.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\6825.tmp"C:\Users\Admin\AppData\Local\Temp\6825.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\6864.tmp"C:\Users\Admin\AppData\Local\Temp\6864.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\68A2.tmp"C:\Users\Admin\AppData\Local\Temp\68A2.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\68F0.tmp"C:\Users\Admin\AppData\Local\Temp\68F0.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\692F.tmp"C:\Users\Admin\AppData\Local\Temp\692F.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\696D.tmp"C:\Users\Admin\AppData\Local\Temp\696D.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\69AB.tmp"C:\Users\Admin\AppData\Local\Temp\69AB.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-