Analysis Date2015-05-21 08:14:12
MD5c28ecee9bea8b7465293aeeef4316957
SHA1b41166aee5a88c71e6ac774418a6e44f18b79b80

Static Details:

File typeMS-DOS executable
Section_FLAT md5: 3eac7dde3044dcbf444c39b014ef213d sha1: f872c461414eac2fae1428d1674e3b17a18f867b size: 200704
Section.imports md5: fe5d50ee3af3fef6a22865709d223c09 sha1: ff97382f42fb02900ec97b49ddd52a2e1f441a45 size: 8192
Timestamp1970-01-01 00:00:00
PackerBorland Delphi 3.0 (???)
PEhash1b46033d74f491b8afef14bd52a942f4272faa04
IMPhash0856e993d64dce238dcb24a0d94c0e04

Runtime Details:

Network Details:


Raw Pcap

Strings
\??\
1234
%16.16X
%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X%2.2X
44978A081CC5770F
%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d
%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d: 
Adb.hlp
%ALLUSERSPROFILE%
%ALLUSERSPROFILE%\AVck
%ALLUSERSPROFILE%\FPS
AVck
boot.cfg
cbSend=%d
cbSend=%d;m_cb=%d;mhz=%d;
cbSend=%d;status=%d
\cfg.ini
CLSID
cmd.exe
CMD.EXE
CompanyName
CONIN$
CONOUT$
ConsentPromptBehaviorAdmin
/c rundll32 "%s" ActiveQvaw %s
CRYPTBASE.DLL
\Device\Floppy
DISPLAY
/DJMoqoirjvmimzzv/view/update?id=%d&tick=%d&%S=%d&%S=%d&%S=%d&%S=%d
dMozilla/4.0 (compatible; MSIE 
EnableLUA
FileDescription
FileManager
FileVersion
FMSession
FMSize
FMSn
FMStatus
Global\DelSelf(%8.8X)
HARDWARE\DESCRIPTION\SYSTEM\CENTRALPROCESSOR\0
HTTP/1.1
https://mail.google.com
$jjj
jjjjjj
LNULL
l%s\sysprep\CRYPTBASE.DLL
~MHZ
msi.dll
nac.dat
nqrc.dat
open
\Parameters
PI[%8.8X]
\\.\pipe\a%d
\\.\pipe\b%d
\\.\PIPE\RUN_AS_USER(%d)
POST
ProductName
ProductVersion
Recv Sn=%d,
Recv Status Code=%d,
RUNAS
S-1-16-12288
%S:%d
%s %d %d
%s\%d.plg
SeDebugPrivilege
ServiceDll
SeShutdownPrivilege
SeTcbPrivilege
Setup.exe
Setup.msi
s\Evn
%s\msiexec.exe %d %d
%s\msiexec.exe UAC
sNT AUTHORITY
Software\CLASSES\FAST
Software\CLASSES\FAST\PROXY
SOFTWARE\Microsoft\Internet Explorer\Version Vector
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Software\Microsoft\Windows\CurrentVersion\Run
%s\sysprep
%s\sysprep\sysprep.exe
static
\StringFileInfo\%4.4X%4.4X\%s
System
SYSTEM
System\CurrentControlSet\Services
SYSTEM\CurrentControlSet\Services\
\SystemRoot\
%SystemRoot%\system32\svchost.exe
tSystem Idle Process
\VarFileInfo\Translation
%windir%\explorer.exe
%WINDIR%\SYSTEM32\SERVICES.EXE
Windows File Manager Services
; Windows NT %d.%d
WINSTA0
;(;=;];
0 0&0+00080H0X0a0g0l0q0y0
0!0&0+010
0 0&0N0T0Z0k0
!0'0?0Y0w0
0)02090J0_0d0o0t0
0"030H0M0_0d0
"0+040:0?0D0K0P0u0
0 080?0W0^0j0
0$0A0F0e0j0t0
0(0A0T0^0h0
0>0K0Q0
0`0r0{0
0'0S0Z0n0x0
0@1D1H1L1P1T1X1\1
=!=,=0=4=8=<=@=D=H=L=P=d=p=u={=
; ;$;(;,;0;4;8;N;Z;_;f;m;t;{;
060[0e0l0~0
?0?B?H?
;0E0Q0
>0H0k0
<_=0>>>H>Q>Y>
0I1N1~1
>">(>0>I>W>
<$=(=,=0=L=Q=h=q=w=|=
<"<0<><L<Z<h<v<
0N0X0e0
0O1m1u1~1
0O6X6d6q6z6
0T0b0k0r0
0t<It#ItFIu
1&1,11161=1B1T1]1f1l1q1v1}1
1"111:1C1I1N1S1Z1_1t1}1
1#1(1.151:1E1L1
1	1(1.1k1
1&1<1^1o1u1
1"1+121C1X1]1o1t1
1(1.13181@1]1i1
1(1.13181?1D1
1 1$161
1;1\1b1j1
1'1^1c1k1t1}1
1,1M1n1
127.0.0.1
1=2I2N2T2[2`2q2y2
:&:,:1:6:=:B:
>+?1?7?O?}?
?)?1?9?`?
1E1P1W1`1e1s1
<$<1<<<E<K<P<U<\<a<t<
1f1p1y1}2
;+;1;k;u;{;
> >%>*>2>|>
2!212:2C2I2N2S2[2k2t2}2
2!2'20292@2E2L2Q2t2}2
2"2'2-23292>2C2H2M2R2X2^2i2n2y2
2 2)2/24292@2E2Q2
2)2.2=2B2O3q3}3
2"2.2;2D2J2O2T2[2`2
2%2,262G2\2g2
2$2,282f2k2H3{3
2"2'282S2i2r2w2
2"2*292M2Z2q2z2
222H2W2}2
2-232;2C2I2g2o2u2
2$272N2Z2}2
2#2Z2t2}2
2$3+353O3Y3
2?3D3U3p3
2>3F3a3w3}3
2=3G3X3w3
2>3i3u3
="=(=-=2=9=>=T=
?-?2?A?F?
;2;;;D;K;P;X;t;{;
='=2=E=P=r=
<2<]<i<
;,;2;J;
2K2`2q2
2W2e2p2
323;3E3Q3X3^3{3
3"3)30373>3E3L3S3Z3a3h3o3u3
3$3+3}3
3!3&3-323r3}3
3!3(3.353<3C3H3O3T3[3`3g3l3s3x3
3"333H3M3_3d3
3+353@3a3p3z3
3'353@3G3R3`3k3t3
3#363B3R3\3f3m3
3-3c3q3
3;3D3M3S3X3]3d3i3v3
3#3e3{3
3$3U3]3
3'434C4O4^4
3"4*4/454<4A4L4S4x4
353@3E3`3z3
363?3H3_3}3
373C3K3p3
;$;-;3;8;=;D;I;w<
:!:*:3:9:>:C:J:O:W:`:i:o:t:y:
3B4Q4X4
3C4]4x4
3G3S3u3
<3<;<I<V<"=,=9=
>)>3>J>[>
3P4U4d4i4
<3<?<v<
434=4Y4k4
4*424^4
4&4+424I4\4x4}4
4 4%4*41464
4$4*4/444;4@4
444:4?4b4
4!4&4.4>4G4P4V4[4`4h4x4
444@4w4
4*4/4J4O4o4t4
4"4'4P4
4 484C4M4z4
4?4E4k4s4|4
4 4E4M4`4i4o4t4y4
4(5a5f5
4_5g5x5
46.21.150.165
4>8><>@>D>
:!:':.:4:;:A:H:N:U:[:b:h:o:u:|:
4B4R4j4
4D4Q4`4
;$;4;;;J;\;`;d;h;l;p;t;]<
<#<4<P<m<z<
:*;4;W;
<$<,<4<W<d<j<r<
5 5'5,5
5/555[5
5(5-5?5D5
5'5.5E5N5W5]5b5g5n5s5
5-575=5E5M5]5m5}5
5]5e5|5
5(5F5S5\5c5
5.5Y5z5
565>5C5m5
5#6*61686?6a6
5#6L6V6s6
<5<A<H<[<t<y<
5C5[5l5
5c5o5{5
5E6c6k6s6
5H5W5\5b5i5n5|5
>5>H>j>o>
;%;*;5;:;p;{;
5T6c6l6r6w6|6
626Y6m6
646]6d6j6
6+61696
6!616A6^6
6)62686=6B6I6N6f6o6x6~6
6$656S6i6o6t6
6'6,62696>6L6S6y6
6&6/656:6?6F6N6
6 6%6>6G6P6V6[6`6g6l6
6 6:6@6j6
6!6(686N6S6b6g6
6:6A6P6
6#6V6?758t8
6:6X6`6q6
6 707K7`7
676C6H6X6b6
6+7<7B7r7
6 7=7G7
;$<-<6<<<A<F<M<R<Z<
6b6m6|6
6e8q8{8
<-=6=?=E=J=O=V=[=m=
:6:>:F:i:v:|:
"6!_ K
<6<><m<
737=7F7t7{7
768Q8c8i8
7-73797K7P7U7[7e7q7|7
7"737H7M7_7d7
7(7.73787?7D7z7
7 7%7,717A7J7S7Y7^7c7j7o7
7"7'7,73787
7"7'7.737J7Q7Z7c7i7n7s7z7
7 7)7/74797@7E7`7f7
777=7j7|7
777A7J7h7
7"7(7P7V7]7e7
7,7?7U7|7
7'787W7`7g7w7f8l8
7:7C7J7[7p7u7
7,828c8
7	8%8/898C8M8W8n8
7(888A8G8L8Q8X8]8
7	8"8;8g8x8
7!8E8n8
:7:<:A:\:i:
<7<N<W<]<b<g<n<s<
7O849D9T9{9
838>8G8
868C8I8Q8
8"828C8X8b8x8
8)8781:E:N:U:f:{:
8$8)80858u8
8#8)838<8G8W8b8l8
8,8=8E8O8b8
8$8e8k8t8}8
8)8F8~9
8;9A9i9s9y9
8;9E9f9p9Q:Z:c:i:n:s:z:
<'<8<c<
8D9N9W9
=8>?>E>M>j>
8F8Z8t8
8GULPt
:&:.:8:?:O:m:z:
>#>8>=>O>T>l>q>
>.?8?W?|?
90:L:X:
919C9I9
959H9b9
989B9I9
98:E:K:S:l:
9&9/959:9?9F9K9
9!9(9-959H9T9]9f9m9r9z9
9$9.9?9J9P9U9^9c9m9
9"9<9F9Y9f9{9
9 9:9m9
9+9G9f9o9u9z9
9>9I9s9
9A:e:t:
9E9U9z9
9):F:R:
:.:9:[:g:
9g9t9}9
9/:I:R:[:a:f:k:r:w:
=!=)=9=N=W=]=b=g=n=s=
=9=P=d=m=v=|=
<-=9=r=
9':R:^:g:q:
=&=9=T=]=d=t=
abe2869f-9b47-4cd9-a358-c22904dba7f7
/Action.do?Uid=%d
AdjustTokenPrivileges
advapi32
advapi32.dll
ADVAPI32.dll
?A?J?S?Y?^?c?k?{?
AllocateAndGetTcpExTableFromStack
AllocateAndGetUdpExTableFromStack
AllocateAndInitializeSid
AllocConsole
<!=;=A=m=
=.=A=M=T=l=v=
;A;P;d;j;
%AppData%\Mozilla\Firefox
%AppData%\Mozilla\Firefox\profiles.ini
AttachConsole
;&<B<G<i<
BitBlt
bootProc
=)>B>T>Z>
B'WL=3
CallNextHookEx
ChangeServiceConfig2W
ChangeServiceConfigW
ChromeHTML
CloseDesktop
CloseHandle
CloseServiceHandle
closesocket
CloseWindowStation
CoCreateInstance
CoInitializeEx
CommandLineToArgvW
connect
ConnectNamedPipe
CONNECT %s:%d HTTP/1.1
Content-length: 0
Content-Type: text/html
ControlService
ConvertStringSidToSidW
Cookie: %s%d;%s%d;%s%d;%s%d
CoUninitialize
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDesktopW
CreateDIBSection
CreateDirectoryW
CreateEnvironmentBlock
CreateEventW
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessAsUserW
CreateProcessW
CreateRemoteThread
CreateServiceW
CreateThread
CreateWindowExW
CredEnumerateA
CredFree
crypt32.dll
CRYPT32.dll
CryptUnprotectData
D$DPWSVVQ
?#?D?e?
DefWindowProcW
DeleteCriticalSection
DeleteDC
DeleteFileW
DeleteObject
DeleteService
DestroyEnvironmentBlock
DestroyIcon
;@<D<H<L<P<T<X<\<`<d<
DisconnectNamedPipe
DispatchMessageW
__dllonexit
:%:[:d:m:s:x:}:
dnsapi
dnsapi.dll
DnsFree
DnsQuery_A
DoImpUserProc
=d>p>|>
D$<PSSS
D$tPSh
DuplicateTokenEx
=>=E=_=i=
Ej,ZU(%
EName:%s,EAddr:0x%p,ECode:0x%p,EAX:%p,EBX:%p,ECX:%p,EDX:%p,ESI:%p,EDI:%p,EBP:%p,ESP:%p,EIP:%p
EnterCriticalSection
EnumProcesses
EnumProcessModules
EnumServicesStatusExW
EqualSid
ExitProcess
ExitThread
ExitWindowsEx
ExpandEnvironmentStringsForUserA
ExpandEnvironmentStringsW
ExtractIconExW
F4h@L$
F8h@L$
f9K4t'
fclose
FindClose
FindFirstFileW
FindNextFileW
FirefoxURL
FLh@L$
FlushFileBuffers
FMSession
FMSize
FMStatus
>F?R?[?
FreeConsole
FreeLibrary
FreeSid
:-;F;v;
GDh@L$
gdi32.dll
GDI32.dll
GdiFlush
;=<G<e<
GenerateConsoleCtrlEvent
GetACP
GetAdaptersInfo
GetAsyncKeyState
GetClassNameW
GetCommandLineW
GetComputerNameW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleDisplayMode
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDeviceCaps
GetDIBits
GetDiskFreeSpaceExW
GetDriveTypeW
GetExitCodeThread
GetExtendedTcpTable
GetExtendedUdpTable
GetFileAttributesW
GetFileSize
GetFileTime
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetForegroundWindow
gethostbyname
GetIconInfo
GetKeyState
GetLastError
GetLengthSid
GetLocalTime
GetMessageW
GetModuleFileNameExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetModuleInformation
GetNativeSystemInfo
GetOverlappedResult
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetQueuedCompletionStatus
GetRawInputData
getsockname
GetStdHandle
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemMetrics
GetSystemTime
GetTcpTable
GetThreadDesktop
GetTickCount
GetTokenInformation
GetUdpTable
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GetWindowTextW
GetWindowThreadProcessId
<)<G<l<
:G;[;l;
GlobalMemoryStatus
GlobalMemoryStatusEx
>GULPt
?GULPt
>GULPu
HeapAlloc
HeapFree
Ht'Ht$Ht!
Ht&Hua
HTTP/1.0 200 
HTTP/1.1 200 
HttpAddRequestHeadersA
HttpEndRequestA
HTTP://HTTP://
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestExA
;);=;H;@<z<
IE.HTTP
:I;k;~;
ImpersonateLoggedOnUser
.imports
inet_addr
inet_ntoa
InitializeCriticalSection
InitiateSystemShutdownA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
InternetWriteFile
iphlpapi
IPHLPAPI.DLL
<<=i=q=
>>?I?R?Y?^?f?
IsWow64Process
>$>:>?>J>O>
JoProc
JoProcAccept
JoProcBroadcast
JoProcBroadcastRecv
JoProcListen
JtnJtTJtAJt
jWX_^[
jWX_^[]
kernel32
kernel32.dll
KERNEL32.dll
	keybd_event
keybd_event
KeyLog
KillTimer
KLProc
LdrLoadShellcode
LeaveCriticalSection
LoadCursorW
LoadLibraryA
LocalAlloc
LocalFree
LocalLock
LocalReAlloc
LocalUnlock
LockWorkStation
LookupAccountSidW
LookupPrivilegeValueW
L$(QSj
lstrcatA
lstrcatW
lstrcmpA
lstrcmpiW
lstrcmpW
lstrcpyA
lstrcpynA
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
>*?L?_?t?
L$tQSh
>!?L?X?`?j?
M0T0[0b0i0p0
MapViewOfFile
memcmp
memcpy
memset
MessageBoxW
	mouse_event
mouse_event
msvcrt.dll
MSVCRT.dll
MultiByteToWideChar
>&>N>b>~>
Nethood
Netstat
\nss3.dll
NSSBase64_DecodeBuffer
NSS_Init
NSS_Shutdown
ntdll.dll
NtQueryInformationProcess
odbc32.dll
ODBC32.dll
ole32.dll
OlProc
OlProcManager
OlProcNotify
_onexit
OpenFileMappingW
OpenInputDesktop
OpenProcess
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenWindowStationW
Option
OutputDebugStringA
OutputDebugStringW
;(;/;O;W;e;k;q;
;%<O<Y<
>O>Y>a>j>
=&=O=Y=b=
=:=`=p=
=P=b=k=q=v={=
<$<*<P<e<k<
PK11_Authenticate
PK11_CheckUserPassword
PK11_FreeSlot
PK11_GetInternalKeySlot
PK11SDR_Decrypt
PlugProc
PortMap
PostMessageA
PostQueuedCompletionStatus
PostQuitMessage
prefs.js
Process
ProcessIdToSessionId
Profile0
\profiles.ini
Progid
%ProgramFiles%\Mozilla Firefox
Protocol:[%4s], Host: [%s:%d], Proxy: [%d:%s:%d:%s:%s]
Proxy-Authorization: Basic %s
Proxy-Connection: Keep-Alive
psapi.dll
<P=V=\=b=i=u=
PVVVVVVh 
Q0`0O1'20292?2D2I2P2U2g2
?Q?k?t?z?
QSSSSSSVS
QSVWh,
QSVWjT
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryServiceConfig2W
QueryServiceConfigW
QueryServiceStatusEx
QueueUserAPC
QWWPWW
ReadConsoleOutputW
ReadFile
ReadProcessMemory
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEdit
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegisterRawInputDevices
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOverridePredefKey
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RemoveDirectoryW
ResetEvent
ResumeThread
RevertToSelf
RPhXK$
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
RtlMessageBoxProc
RtlNtStatusToDosError
Screen
ScreenT1
ScreenT2
SecDataSize=
SecSession=
SecSn=
SecStatus=
select hostname, encryptedUsername, encryptedPassword from moz_logins where hostname like "moz-proxy://%s%%";
SelectObject
Service
SetCapture
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
SetCurrentDirectoryA
SetCursorPos
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetProcessWindowStation
setsockopt
SetTcpEntry
SetThreadDesktop
SetTimer
SetTokenInformation
SetUnhandledExceptionFilter
SetWindowLongW
SetWindowsHookExW
SfcIsFileProtected
:-:::@:S:`:f:y:
SHCopyKeyW
SHCreateItemFromParsingName
SHDeleteKeyW
SHDeleteValueW
shell32.dll
SHELL32.dll
ShellExecuteExW
ShellExecuteW
ShellT1
ShellT2
SHEnumKeyExW
SHEnumValueW
SHFileOperationW
SHGetValueW
shlwapi
ShowWindow
SiProc
?S?_?n?x?
socket
Software\microsoft\windows\shell\associations\UrlAssociations\http\UserChoice
sprintf
SQLAllocEnv
SQLAllocHandle
SQLColAttributeW
SQLDataSourcesW
SQLDisconnect
SQLDriverConnectW
SQLDriversW
SQLExecDirectW
SQLFetch
SQLFreeHandle
SQLGetData
SQLGetDiagRecW
sqlite3_close
sqlite3_column_count
sqlite3_column_text
sqlite3_finalize
sqlite3_open
sqlite3_prepare_v2
sqlite3_step
SQLMoreResults
SQLNumResultCols
SQLSetEnvAttr
%s\%s\signons.sqlite
SSSVSQ
StartServiceW
_stricmp
strstr
 SVWP3
SxWorkProc
t7Ht Ht
T$8RSS
tBhTP$
=?>T>]>c>h>m>t>y>
tehTP$
Telnet
TelnetT1
TelnetT2
TerminateProcess
TerminateThread
t>f9Q*u8
tghTP$
tH5cqp
t.Ht Ht
t]hTP$
t'jhWV
tlHti-
tNHt0H
TranslateMessage
T$(Rh`A#
t$ RWVj
tShTP$
t"SSSj
T$Th`E$
tXhTP$
tZhTP$
uChTP$
:u_f9G
uFhTP$
u hDO$
u hLU$
UnhookWindowsHookEx
>&>U>p>
user32
user32.dll
USER32.dll
userenv
userenv.dll
USERENV.dll
user_pref("network.proxy.autoconfig_url", "
user_pref("network.proxy.http", "
user_pref("network.proxy.http_port", 
<-<;<v<
VerQueryValueW
version
?#?V?i?
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQueryEx
+v]$KR4-y&8
Vt8It"It
VWh|[$
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WindowFromPoint
	WindowFromPoint
winhttp
WinHttpCloseHandle
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpSetTimeouts
WinHttpWriteData
wininet
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WriteConsoleInputW
WriteFile
WriteProcessMemory
ws2_32
ws2_32.dll
WS2_32.dll
WSACleanup
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketA
WSAStartup
wsprintfA
	wsprintfA
wsprintfW
	wsprintfW
wtsapi32
Wtsapi32
WTSEnumerateProcessesW
WTSFreeMemory
WTSGetActiveConsoleSessionId
WTSQueryUserToken
<w\u(3
w,Vh\U$
WVVVh4R$
WWWh4R$
WWWWWRWj
:':y::;R;
yXbCei