Analysis
-
max time kernel
40s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
21-11-2024 23:08
General
-
Target
42d9118ceb8ea30646ab017e17e457d6569dd4ca18feaa1b42ff883f5d3a2c8e.exe
-
Size
163KB
-
MD5
c5c295fec7224c8a6cb645c39af3b372
-
SHA1
8beb4b48e9a40d8274d930b25f0ad27c5ebf62eb
-
SHA256
42d9118ceb8ea30646ab017e17e457d6569dd4ca18feaa1b42ff883f5d3a2c8e
-
SHA512
c34e1f7e308be596a81dd367f9f7b2095147964ca1c55338d17d360adb87ee064a6b958d1e3a323fddbdb5c4db7be90751fe01ee9e2048825a5fb87b77cd8689
-
SSDEEP
1536:PNWDnPoOJZJkR5uxDTK5ijdKASfvoCoEN09xlProNVU4qNVUrk/9QbfBr+7GwKrj:k7PoOjJDTcvodvltOrWKDBr+yJb
Score
10/10
Malware Config
Extracted
Family
berbew
C2
http://crutop.nu/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://master-x.com/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://crutop.ru/index.php
http://kaspersky.ru/index.php
http://color-bank.ru/index.php
http://adult-empire.com/index.php
http://virus-list.com/index.php
http://trojan.ru/index.php
http://xware.cjb.net/index.htm
http://konfiskat.org/index.htm
http://parex-bank.ru/index.htm
http://fethard.biz/index.htm
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 64 IoCs
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
-
Bruteratel family
-
Detect BruteRatel badger 1 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\42d9118ceb8ea30646ab017e17e457d6569dd4ca18feaa1b42ff883f5d3a2c8e.exe"C:\Users\Admin\AppData\Local\Temp\42d9118ceb8ea30646ab017e17e457d6569dd4ca18feaa1b42ff883f5d3a2c8e.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Cbokoa32.exeC:\Windows\system32\Cbokoa32.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dnjeoa32.exeC:\Windows\system32\Dnjeoa32.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dmaoem32.exeC:\Windows\system32\Dmaoem32.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dihojnqo.exeC:\Windows\system32\Dihojnqo.exe5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dflpdb32.exeC:\Windows\system32\Dflpdb32.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Dcppmg32.exeC:\Windows\system32\Dcppmg32.exe7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Eamgeo32.exeC:\Windows\system32\Eamgeo32.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Enagnc32.exeC:\Windows\system32\Enagnc32.exe9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Efllcf32.exeC:\Windows\system32\Efllcf32.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Fioajqmb.exeC:\Windows\system32\Fioajqmb.exe11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ffeoid32.exeC:\Windows\system32\Ffeoid32.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Feklja32.exeC:\Windows\system32\Feklja32.exe13⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gepeep32.exeC:\Windows\system32\Gepeep32.exe14⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gohjnf32.exeC:\Windows\system32\Gohjnf32.exe15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Ggcnbh32.exeC:\Windows\system32\Ggcnbh32.exe16⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Gidgdcli.exeC:\Windows\system32\Gidgdcli.exe17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Hohfmi32.exeC:\Windows\system32\Hohfmi32.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Hdgkkppm.exeC:\Windows\system32\Hdgkkppm.exe19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Ikcpmieg.exeC:\Windows\system32\Ikcpmieg.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Icnealbb.exeC:\Windows\system32\Icnealbb.exe21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Iccnmk32.exeC:\Windows\system32\Iccnmk32.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Jchhhjjg.exeC:\Windows\system32\Jchhhjjg.exe23⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Jgjman32.exeC:\Windows\system32\Jgjman32.exe24⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Jboanfmm.exeC:\Windows\system32\Jboanfmm.exe25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Jadnoc32.exeC:\Windows\system32\Jadnoc32.exe26⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Kjalch32.exeC:\Windows\system32\Kjalch32.exe27⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Kigidd32.exeC:\Windows\system32\Kigidd32.exe28⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Kofnbk32.exeC:\Windows\system32\Kofnbk32.exe29⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Lbfdnijp.exeC:\Windows\system32\Lbfdnijp.exe30⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\Llnhgn32.exeC:\Windows\system32\Llnhgn32.exe31⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Lanmde32.exeC:\Windows\system32\Lanmde32.exe32⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Mkhocj32.exeC:\Windows\system32\Mkhocj32.exe33⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Minldf32.exeC:\Windows\system32\Minldf32.exe34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Miphjf32.exeC:\Windows\system32\Miphjf32.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mcjihk32.exeC:\Windows\system32\Mcjihk32.exe36⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
-
C:\Windows\SysWOW64\Mhgbpb32.exeC:\Windows\system32\Mhgbpb32.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nekbjf32.exeC:\Windows\system32\Nekbjf32.exe38⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Nhlkkabh.exeC:\Windows\system32\Nhlkkabh.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Npgppdpc.exeC:\Windows\system32\Npgppdpc.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Nchiao32.exeC:\Windows\system32\Nchiao32.exe41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ohgnoeii.exeC:\Windows\system32\Ohgnoeii.exe42⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Obpbhk32.exeC:\Windows\system32\Obpbhk32.exe43⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Oilgje32.exeC:\Windows\system32\Oilgje32.exe44⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Ofphdi32.exeC:\Windows\system32\Ofphdi32.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Pjbnmm32.exeC:\Windows\system32\Pjbnmm32.exe46⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Pcjbfbmm.exeC:\Windows\system32\Pcjbfbmm.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pmbfoh32.exeC:\Windows\system32\Pmbfoh32.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Pcokaa32.exeC:\Windows\system32\Pcokaa32.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ppelfbol.exeC:\Windows\system32\Ppelfbol.exe50⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Pphilb32.exeC:\Windows\system32\Pphilb32.exe51⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Qeeadi32.exeC:\Windows\system32\Qeeadi32.exe52⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Qnmfmoaa.exeC:\Windows\system32\Qnmfmoaa.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Qhejed32.exeC:\Windows\system32\Qhejed32.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Aanonj32.exeC:\Windows\system32\Aanonj32.exe55⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Alcclb32.exeC:\Windows\system32\Alcclb32.exe56⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Aapkdi32.exeC:\Windows\system32\Aapkdi32.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Andlmnki.exeC:\Windows\system32\Andlmnki.exe58⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Afoqbpid.exeC:\Windows\system32\Afoqbpid.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Apheke32.exeC:\Windows\system32\Apheke32.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Ajmihn32.exeC:\Windows\system32\Ajmihn32.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Adenqd32.exeC:\Windows\system32\Adenqd32.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Blabef32.exeC:\Windows\system32\Blabef32.exe63⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Windows\SysWOW64\Bffgbo32.exeC:\Windows\system32\Bffgbo32.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Blcokf32.exeC:\Windows\system32\Blcokf32.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Belcck32.exeC:\Windows\system32\Belcck32.exe66⤵
-
C:\Windows\SysWOW64\Bpahad32.exeC:\Windows\system32\Bpahad32.exe67⤵
-
C:\Windows\SysWOW64\Biiljjnk.exeC:\Windows\system32\Biiljjnk.exe68⤵
-
C:\Windows\SysWOW64\Bepmokco.exeC:\Windows\system32\Bepmokco.exe69⤵
-
C:\Windows\SysWOW64\Bkmegaaf.exeC:\Windows\system32\Bkmegaaf.exe70⤵
-
C:\Windows\SysWOW64\Cdejpg32.exeC:\Windows\system32\Cdejpg32.exe71⤵
-
C:\Windows\SysWOW64\Coknmp32.exeC:\Windows\system32\Coknmp32.exe72⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Cplkehnk.exeC:\Windows\system32\Cplkehnk.exe73⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ckboba32.exeC:\Windows\system32\Ckboba32.exe74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Cdjckfda.exeC:\Windows\system32\Cdjckfda.exe75⤵
-
C:\Windows\SysWOW64\Ddgcdjip.exeC:\Windows\system32\Ddgcdjip.exe76⤵
-
C:\Windows\SysWOW64\Dblcnngi.exeC:\Windows\system32\Dblcnngi.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ddlloi32.exeC:\Windows\system32\Ddlloi32.exe78⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Efbbba32.exeC:\Windows\system32\Efbbba32.exe79⤵
-
C:\Windows\SysWOW64\Emlkoknp.exeC:\Windows\system32\Emlkoknp.exe80⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Ejpkho32.exeC:\Windows\system32\Ejpkho32.exe81⤵
-
C:\Windows\SysWOW64\Emogdk32.exeC:\Windows\system32\Emogdk32.exe82⤵
-
C:\Windows\SysWOW64\Echpaecj.exeC:\Windows\system32\Echpaecj.exe83⤵
-
C:\Windows\SysWOW64\Eiehilaa.exeC:\Windows\system32\Eiehilaa.exe84⤵
-
C:\Windows\SysWOW64\Ebnlba32.exeC:\Windows\system32\Ebnlba32.exe85⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Emcqpjhh.exeC:\Windows\system32\Emcqpjhh.exe86⤵
-
C:\Windows\SysWOW64\Fflehp32.exeC:\Windows\system32\Fflehp32.exe87⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Fbbfmqdm.exeC:\Windows\system32\Fbbfmqdm.exe88⤵
-
C:\Windows\SysWOW64\Filnjk32.exeC:\Windows\system32\Filnjk32.exe89⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Fbebcp32.exeC:\Windows\system32\Fbebcp32.exe90⤵
-
C:\Windows\SysWOW64\Flmglfhk.exeC:\Windows\system32\Flmglfhk.exe91⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Fhdhqg32.exeC:\Windows\system32\Fhdhqg32.exe92⤵
-
C:\Windows\SysWOW64\Fmqpinlf.exeC:\Windows\system32\Fmqpinlf.exe93⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Fhfdffll.exeC:\Windows\system32\Fhfdffll.exe94⤵
-
C:\Windows\SysWOW64\Gmcmomjc.exeC:\Windows\system32\Gmcmomjc.exe95⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Gfkagc32.exeC:\Windows\system32\Gfkagc32.exe96⤵
-
C:\Windows\SysWOW64\Glhjpjok.exeC:\Windows\system32\Glhjpjok.exe97⤵
-
C:\Windows\SysWOW64\Gfnnmboa.exeC:\Windows\system32\Gfnnmboa.exe98⤵
-
C:\Windows\SysWOW64\Gpfbfh32.exeC:\Windows\system32\Gpfbfh32.exe99⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Geckno32.exeC:\Windows\system32\Geckno32.exe100⤵
- Drops file in System32 directory
- Modifies registry class
-
C:\Windows\SysWOW64\Gphokhco.exeC:\Windows\system32\Gphokhco.exe101⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Ghcdpjqj.exeC:\Windows\system32\Ghcdpjqj.exe102⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hegdinpd.exeC:\Windows\system32\Hegdinpd.exe103⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Modifies registry class
-
C:\Windows\SysWOW64\Hopibdfd.exeC:\Windows\system32\Hopibdfd.exe104⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Hgknffcp.exeC:\Windows\system32\Hgknffcp.exe105⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Hmefcp32.exeC:\Windows\system32\Hmefcp32.exe106⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Windows\SysWOW64\Hkifld32.exeC:\Windows\system32\Hkifld32.exe107⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Hcdkagga.exeC:\Windows\system32\Hcdkagga.exe108⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Hlmpjl32.exeC:\Windows\system32\Hlmpjl32.exe109⤵
-
C:\Windows\SysWOW64\Ilolol32.exeC:\Windows\system32\Ilolol32.exe110⤵
-
C:\Windows\SysWOW64\Ihfmdm32.exeC:\Windows\system32\Ihfmdm32.exe111⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Iejnna32.exeC:\Windows\system32\Iejnna32.exe112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\Ilcfjkgj.exeC:\Windows\system32\Ilcfjkgj.exe113⤵
-
C:\Windows\SysWOW64\Iodolf32.exeC:\Windows\system32\Iodolf32.exe114⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Idagdm32.exeC:\Windows\system32\Idagdm32.exe115⤵
- Adds autorun key to be loaded by Explorer.exe on startup
-
C:\Windows\SysWOW64\Idcdjmao.exeC:\Windows\system32\Idcdjmao.exe116⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Jnlhbb32.exeC:\Windows\system32\Jnlhbb32.exe117⤵
- Modifies registry class
-
C:\Windows\SysWOW64\Jkpilg32.exeC:\Windows\system32\Jkpilg32.exe118⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Jqmadn32.exeC:\Windows\system32\Jqmadn32.exe119⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\Jqonjmbn.exeC:\Windows\system32\Jqonjmbn.exe120⤵
-
C:\Windows\SysWOW64\Jflfbdqe.exeC:\Windows\system32\Jflfbdqe.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-